Privacy Policy



We have special interest in protecting and respecting your information and personal data and therefore we have designed these policies for the treatment of information, within the framework of the law 1581 of 2012 and the regulatory decree 1377 of 2013.

1.1.- Introduction

GHL, GHL Hotels and the companies that operate them may collect personal data of its users, guests or visitors, through the various means designed for access to the services provided by them. In any case, the collection will be made under the express authorization of the owner of the data and the treatment of these will be subject to the provisions of the law.

The personal information subject to the considerations set forth herein, may be collected by GHL through the website, by visiting or purchasing services offered on the platform, or directly in the hotels linked or associated with GHL.

The considerations established herein shall be understood as accepted by the Data Subject when he/she visits or makes use of the website and/or when he/she enters personal data or information through the functions established for this purpose, regardless of the purpose.

1.2- General principles.

The collection of personal data, as well as the use, treatment, processing, exchange, transfer and transmission of these by GHL or any of the operating companies of GHL hotels, will always be guided by principles of legality, freedom, truthfulness, transparency, security, confidentiality, principle of access and restricted circulation.

1.3- Legal definitions.

In accordance with Law 1581 of 2012 and Decree 1377 of 2013, the following definitions shall govern the policies for the treatment of personal information.

1.3.1.- Data Processor: A data processor is the natural or legal person, public or private, who by himself or in association with others, carries out the Processing of personal data on behalf of the Data Controller;

1.3.2.- Data Controller: The data controller is the natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data;

1.3.3.- Database: Database means the organized set of personal data that is the object of Processing;

1.3.4.- Personal data: Personal data means any information linked or that may be associated to one or more specific or determinable natural person(s);

1.3.5.- Sensitive data: Sensitive data are understood as those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life, and biometric data.

1.3.6.- Public data: Data that is not semi-private, private or sensitive. Public data includes, among others, data related to the marital status of individuals, their profession or trade, and their status as merchants or public servants. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.

1.3.7.- Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.

1.3.8- Transmission: Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia when the purpose is the performance of a Processing by the Processor on behalf of the Controller.


The data provided will be subject to authorized processing, granted in a prior, express and informed manner by the Holder thereof, directly to GHL, or through the GHL hotels or the companies that operate them.

However, the visit, entry or use of the website, constitutes in itself prior, express and informed authorization for the storage, collection and processing of information in accordance with the data processing policy contained in this document.

In any case, the collection of data will be limited to those personal data that are relevant and adequate for the purpose for which this is intended.


Data collected. The data collection for the development of treatment and purposes pursued by it, will fall on the personal data received and stored by GHL and companies and hotels linked or associated with GHL, and will include all information supplied or provided in the visit to the website as well as any information related to the services or reservations made, and data on accommodation and lodging provided to GHL or any of the hotels associated with it.

Notwithstanding the fact that in some cases it is public data, the information collected will be the information corresponding to name, citizenship card number, profession, nationality, date of birth, email address, personal preferences and interests, work or activity, consumption habits or travel habits, among others. If a reservation is made through the website, the information corresponding to the credit card provided for the purposes of the reservation and stay will be collected.

3.2- Treatment to which the data will be subjected and purpose thereof.

The data and information obtained and collected by GHL, by GHL hotels or by the operating companies of such hotels, will be used in the normal course of their business activities only for the purpose set out in these policies for the processing of information, so as to create a direct and effective communication with the customer, leading to establish a closer link.

The treatment consists of sending digital information through different means of communication, with the intention of contacting the owner to send service surveys after each stay that allow the qualification of the service provided, and communicate invitations, offers, promotions, service portfolio or information from the Hotel or hotels that are part of GHL, without at any time their data are provided, transferred or given to persons other than or outside the Hotel that collected the information, or hotels and activities related to GHL and the activities it develops. Additionally, by collecting data is to: make, process, process and / or complete reservations or purchase of hotel nights or other services; conduct internal studies on tourism habits; evaluate the quality of our services; send surveys and questionnaires regarding the services provided; timely respond to your requests, requests or needs; communicate invitations, offers, promotions, and information in general about the portfolio of services offered by natural or legal persons who are directly linked to the hotel operation and specifically with the services provided by GHL Hotels or GHL and the companies and hotels that operate them.

The information or data provided that are collected, collected or stored in accordance with these policies may be shared, transmitted, updated and / or deleted between GHL, GHL hotels and their operating companies for the purpose defined in these policies, to be used as set forth herein. By accessing the website you authorize your information and data to be shared with the tourism providers to whom they refer and to whom your reservations and / or requests are processed.

It is assumed that all information or data provided or deposited through the page is true, accurate and complete, and may be withdrawn at any time in the event it is deemed harmful or detrimental to your interests or the interests of a third party.

The data and in general the information received when you access the website can be both yours and that of the computer from which you are accessing it. In order to optimize and make your experience visiting the page more efficient, cookies and/or web beacons may be used, as well as information about the Internet pages visited, your IP address, the operating system of the computer from which you are entering, through a process of recognition and tracking that allows us to identify your preferences and identify you when you visit the page again and store certain records, based on your IP address. The IP address is not associated or linked to your name or personal data.

3.3 - Sensitive data and data for children and adolescents.

Neither GHL nor GHL hotels or GHL hotel operating companies will process data considered sensitive, nor the data collection is aimed at collecting sensitive information.

The collection of data corresponding to underage children and adolescents, and the respective authorization, must always be given through their legal representative, after the minor has exercised his or her right to be heard.

The processing of data corresponding to children and adolescents shall respond to and respect the best interests of children and adolescents, and their fundamental rights.

In the event that for any reason any question may lead to the response to sensitive data or data of children and adolescents, the answer to such question shall be optional.

3.4.- Duties of the data controller.

Those responsible for the information, and/or those responsible for and in charge of the processing of personal data, are obliged to: a) Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data; b) Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Data Subject; c) Duly inform the Data Subject about the purpose of the collection and the rights he/she is entitled to by virtue of the authorization granted; d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access; e) Ensure that the information provided to the Data Controller is truthful, complete, accurate, updated, verifiable and understandable; f) Update the information, communicating in a timely manner to the Data Processor, all developments with respect to the data previously provided and take other necessary measures to keep the information provided to it updated; g) Rectify the information when it is incorrect and communicate the relevant information to the Data Processor; h) Provide the Data Processor, as appropriate, only data whose processing is previously authorized in accordance with the provisions of this law; i) Require the Data Processor at all times to respect the security and privacy conditions of the Data Subject's information; j) Process queries and claims made under the terms set forth in the law; k) Inform the Data Processor when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed; l) Inform at the request of the Data Subject about the use given to his/her data; m) Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the Data Subject's information. n) Comply with the instructions and requirements given by the Superintendence of Industry and Commerce.


4.1.- Rights of the Holder. Once the authorization has been granted by the Holder for the corresponding processing, he/she has the right to: a) Know, update and rectify his/her personal data. This right may be exercised against partial, inaccurate, incomplete, fractioned, misleading data, or data whose Processing is expressly prohibited or has not been authorized; b) Request proof of the authorization granted, except when expressly exempted as a requirement for the Processing, in accordance with the provisions of Article 10 of Law 1581 of 2012; c) Be informed by the person responsible and/or in charge of the personal data, upon request, of the use that has been made of their personal data; d) File complaints before the Superintendence of Industry and Commerce for violations of the provisions of the law; e) Revoke the authorization and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees. The revocation and/or suppression shall proceed when the Superintendence of Industry and Commerce has determined that the Processing has incurred in conduct contrary to this law and the Constitution; f) Request, at any time to the responsible or in charge, the deletion of their personal data and/or revoke the authorization granted for the Processing thereof, by filing a claim, shall not proceed when the Data Subject has a legal or contractual duty to remain in the database. g) Access free of charge to their personal data that have been subject to Processing: (i) at least once every calendar month, and (ii) whenever there are substantial modifications to the Information Processing Policies that motivate new queries. In case of requests whose periodicity is greater than one per calendar month, the responsible and/or in charge, may charge the Holder the costs of shipping, reproduction and, where appropriate, certification of documents.

4.2.- Legitimation for the exercise of the holder's rights.

The following persons are also entitled to exercise the rights of the owner of the information: a) The owner himself, who must prove his identity sufficiently by the means made available by the data controller; b). His assignees, who must prove their identity; c). The representative and/or attorney-in-fact of the Data Subject, prior accreditation of the representation or power of attorney; d). By stipulation in favor of or for another; e). The rights of children or adolescents shall be exercised by the persons empowered to represent them, prior accreditation of the power of representation.

4.3.- Responsible area for the attention and accompaniment of the Data Subject.

The attention and response to queries, requests and claims of the Data Controllers with respect to any aspect of the processing shall be in charge of the legal area. The Holder of the information who wishes to know, update, rectify, request proof of the authorization granted; be informed of the use that has been made of their personal data; revoke the authorization and/or request the deletion of the data and/or access free of charge to their personal data that have been subject to Processing, must request it in writing directly to the e-mail or send the communication to Avenida calle 72 no. 6 - 30 Bogotá, Colombia. In either case, the following must be indicated: a) full name; b) identity document; c) physical address and e-mail; d) contact telephone number; e) brief list of the information and data referred to, expressly indicating the scope and content of the request; and, f) attach the documents that support the request.

4.4.- Procedure to exercise the rights to know, update, rectify or delete information and revoke authorization.

The procedures for access, updating, deleting and rectification of personal data, and revocation of authorization, may be advanced through queries or complaints, sent to the email or to the address Avenida calle 72 no. 6 - 30 Bogotá, Colombia, depending on the purpose they pursue, establishing at least the legitimacy that is to make the request and stating clearly and concretely, what is intended.

All requests, suggestions and recommendations related to the processing of information should be sent to the e-mail

The owner of the information or the person entitled, must accompany his letter with proof of the capacity in which he is acting, and must provide the data and documents that are necessary to prove his identity and capacity.

The e-mail must specify the reason or purpose of the communication, and for this purpose it will be sufficient that the text indicates that the right to know, update, rectify, delete or revoke the authorization granted is being exercised.

4.5.- Procedure for the correction, updating or removal of data and for the submission of complaints and claims.

Whoever is legitimized by law, and considers that the information contained therein should be subject to correction, updating or deletion; or when he/she considers that the treatment given to personal data violates legal regulations, may submit, in accordance with Article 15 of Law 1581 of 2012, complaints to the email

Complaints and claims will be processed under the following rules:

4.5.1.- The claim shall be formulated by means of a request addressed to the Data Controller or the Data Processor, with the identification of the Data Subject, the description of the facts that give rise to the claim and the address, accompanied by the documents to be asserted. If the claim is incomplete, the interested party will be required within five (5) business days following receipt of the claim to correct the faults. After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

In the event that whoever receives the claim is not competent to resolve it, it will be transferred to the appropriate person within a maximum period of two (2) business days and the interested party will be informed of the situation.

4.5.2.- Once the completed claim has been received, a legend stating "claim in process" and the reason for the claim shall be included in the database within a term not to exceed two (2) business days. Said legend shall be maintained until the claim is decided.

4.5.3.- The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party will be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

4.6.- Consulting and access to information.

Queries of personal data contained in the database of GHL or any of the operating companies of GHL Hotels, will be answered by written request via email

Queries will be answered within a maximum period of ten (10) working days from the date of receipt. When it is not possible to answer the query within that period, the interested party will be informed before the expiration of ten (10) business days, stating the reasons for the delay and indicating the date on which the query will be answered, which in no case may exceed five (5) business days following the expiration of the first deadline.


5.1 .- Security in the handling of information.

The data collected will always be treated within a framework of confidentiality so they will not be provided, transferred or delivered to persons other than or outside the Hotel, GHL or operating companies, or who have legitimate authorization to do so.

5.2 .- Transfer and transmission of data.

In the event that a contract is signed with a third party professional and experienced in the management and use of databases, the person responsible shall sign the contract of transmission of personal data referred to in Article 25 of Decree 1377 of 2013.


6.1.- Media for the dissemination of the information processing policies and privacy notice.

This document, which establishes the policies for the processing of information on personal data collected, shall be permanently published in the link so that it can be consulted by anyone interested.

At the moment of requesting the express authorization of the Data Subject for the processing of data, the specific purposes for which consent is obtained will be indicated and the Data Subject will be informed of the Processing Policy and his or her rights as a Data Subject.

6.2.- Applicability of the information processing policies.

The collection, storage, use and circulation of personal data, in development of the considerations set forth herein, will be carried out and maintained while the need for direct communication with the customer remains in force and there are no more efficient ways to do so, according to the purposes proposed by the Treatment. In the event that the purpose cannot be achieved through the treatment given to the personal data, they will be permanently deleted from the database.

This document comes into force on February 22, 2016.

6.3.- Procedure for policy modification events.

In case modifications are made to the personal data processing policies set forth herein, they will be notified and communicated through this website, prior to their entry into force.

6.4.- Incorporation of the terms and conditions of use of the website

In accordance with the applicable regulations, the information treatment policy is an integral part of the terms and conditions of use of the website.

6.5. - Responsible for the information.

LOGÍSTICA GHL SOCIEDAD POR ACCIONES SIMPLIFICADA, with NIT 900760011-6 is responsible and in charge of the processing of personal data, together with each of the related operating companies that have collected the information. When the information has been received or collected by any of its related companies, with express authorization to be transferred, LOGÍSTICA GHL SOCIEDAD POR ACCIONES SIMPLIFICADA will be responsible for the processing.

Any communication may be addressed to Avenida calle 72 no. 6 - 30 Bogotá, Colombia, or to the e-mail

Cookies Policy, More details can be found in our page Cookies Policy