Skip to content

Privacy notice

At Servicios Turísticos AFA, S.A. de C.V. (SETUR, The Secretariat General for Tourism) the information of our clients and potential clients is kept strictly confidential, and we make a permanent effort to safeguard it.

PURPOSES AND TRANSFER OF PERSONAL DATA

More than a policy, at SETUR we have the philosophy of maintaining a close and active relationship with our clients and potential clients. By providing your personal data (such as: name, address, email, phone number and other contact information), you consent to its processing both inside and outside the United Mexican States and understand that it may be processed directly or indirectly by SETUR, its subsidiaries, affiliates or related companies, and its third party service providers with whom it has a legal relationship, as well as, if applicable, competent authorities, for the following purposes:

With regards to our customers:

  • Provide them goods and services.
  • Carry out marketing and promotional activities in general.
  • Offer them our products, services and information from our business partners.
  • Statistical and market analysis.
  • Keep our records updated in order to respond to their inquiries, invite them to events, make them aware of our promotions and launches and maintain communication in general, as well as, follow up on our business relationship.

With regards to potential customers:

  • Carry out marketing and promotional activities in general.
  • Offer them our products, services and information about our business partners.
  • Statistical and market analysis.
  • Keep our records updated in order to respond to their inquiries, invite them to events, inform them of our promotions and launches as well as maintain general communication.
  • This Privacy Notice is disclosed in strict compliance with the third temporary section, as well as section 16 and 17 of the Federal Law for the Protection of Personal Data held by Individuals or Private Companies, published in the Official Gazette of the Federation on July 5, 2010, law system that aims to protect personal data held by individuals, with the purpose of regulating its legitimate, controlled and informed lawful processing, in order to guarantee privacy and the right to control access to one’s personal data, as well as its Regulations, published in the Official Gazette of the Federation on December 21, 2011 and the Privacy Notice Guidelines published in the same media outlets on January 17, 2013.

Derived from the above, you will have full control and decision over your Personal Data. Therefore, we recommend that you carefully read the following information:

  1. Definitions.

In accordance with the Federal Law for the Protection of Personal Data held by Individuals or Private Companies, its Regulations, the Privacy Notice Guidelines and this notice, the following definitions shall apply:

  1. Personal Data: any information concerning an identified or identifiable natural person.
  1. Sensitive Personal Data: personal data that affect the most intimate sphere of its owner, or whose improper use may give rise to discrimination or entail a serious risk for the owner. In particular, sensitive data are considered those that may reveal aspects such as racial, ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, union membership, political opinions, sexual preference.

III. ARCO Rights: rights of access, rectification, cancellation and opposition set forth in the Federal Law for the Protection of Personal Data held by Individuals or Private Companies.

  1. Processor: natural or legal person who alone or jointly with other persons processes personal data on behalf of the controller.
  2. Law: Federal Law for the Protection of Personal Data held by Individuals or Private Companies.
  3. Guidelines: Privacy Notice Guidelines.

VII. Regulation: Regulation of the Federal Law for the Protection of Personal Data held by Individuals or Private Companies.

VIII. Remittance advice: The communication of personal data between controller and processor, within or outside Mexican territory.

  1. Controller: Servicios Turísticos AFA, S.A. de C.V. that will carry out the processing of your personal data.
  2. Data Subject: The natural person to whom the personal data corresponds.
  3. Controller’s data.

Controller is a group of companies legally incorporated under Mexican Law, who for the purposes related to this notice, indicate as agreed domicile Carretera Punta de Mita Km 0 200, Col La Cruz De Huanacaxtle, Bahía de Banderas, Nayarit, C.P. 63734, Mexico, which is committed to the protection of all those Personal Data provided by Data Subject.

  1. Information Provided by Data Subject.

Data Subject shall provide Controller with Personal Data such as: full name, date of birth, federal taxpayer registry with taxpayer ID, unique population registry code, nationality, sex, marital status, email, address, telephone number, education, occupation, salary, personal references, personal data of beneficiaries, among others.

Likewise, Data Subject may provide Controller with Sensitive Data (in the case of contracting products cataloged as insurance, which will consist in some cases that the insurance itself requires it, that you provide the diseases you have suffered or suffer from, operations, and in general, information on your state of health), patrimonial or financial, which will be treated under security measures provided by Law or other special Laws, guaranteeing their confidentiality at all times.

  1. Purpose of Data Processing.

The purpose of the Personal Data provided by Data Subject to Controller is the (possible regarding prospective clients) contractual relationship to be generated between Data Subject and Controller and delimited by virtue of the accepted general conditions, particular conditions described in each case, the management, administration, provision, expansion and improvement of the products and services that Data Subject wishes to contract, as well as the activities of Data Controller in its corporate purpose.

Likewise, the Personal Data provided by Data Subject, with the exception of sensitive Personal Data, may be used for commercial and promotional purposes, for sending commercial and advertising information, including sending by email, cell phone (SMS, MMS, among others) or any similar electronic communication media including other that may be developed, as well as for quality and satisfaction surveys, analysis of product use, statistics for sending notices about products and services operated by Data Controller and when required by other Laws.

The processing of the Personal Data provided by Data Subject to Controller shall be limited to the fulfillment of the purposes set forth in this Privacy Notice and to different purposes that are compatible or analogous to those set forth herein, without the need to obtain the consent of Data Subject anew.

By making this Privacy Notice available to Data Subject and not expressing any opposition, it shall be understood that Data Subject grants Controller their consent to carry out the processing of the Personal Data provided and those provided in the future for any of the purposes set forth herein, either personally or through agents, promoters, commission agents or business partners, as well as any electronic, optical, sound, audiovisual means or through any other technology or means that Controller may have at its disposal.

Express consent will not be required for the processing of Personal Data when its handling has the purpose of fulfilling obligations arising from a legal relationship between Data Subject and Controller, nor in the cases contemplated in Section 10 of the Law. The foregoing is without prejudice as to any powers that Data Subject holds to practice the ARCO Rights in accordance with the Law.

Controller informs that any unprotected email communication made through the Internet may be subject to interception, loss or possible alterations in which case, Data Subject will not be able to demand from Controller any compensation for any damage resulting from the interception, subtraction, loss or alteration related to an email message between the parties.

Data Subject declares that the Personal Data provided to Controller are truthful, and is responsible for communicating to Controller any modification thereto through the forms designated for such purpose, which are located throughout the branch network of Servicios Turísticos AFA, S.A. de C.V.

Data Subject authorizes Controller to obtain Personal Data through third parties that Data Subject has authorized to Controller as references. It shall be Data Subject’s responsibility to inform such third parties about the information provided to Controller and the purposes thereof, and Controller shall not be obliged to inform such third parties about the content of this Privacy Notice.

Likewise, according to the second paragraph in Section 14 of the Regulations and Section Twenty-fifth of the Guidelines, Personal Data Owners are informed that they will have a period of five business days, which will be effective the following day after contracting the product or service they have wished to acquire with Controller, so that, if applicable, to express their refusal to the processing of their Personal Data with respect to the purposes described in this Privacy Notice that are not necessary, nor gave rise to the legal relationship with Controller through a request to such refusal to the email address privacidadeinformacion@bylife.com.mx

  1. Limitation of Use and Disclosure of Data.

Controller has implemented the levels of security and protection of Personal Data required by law, and additionally, they may implement other technical means and measures that are within its power to prevent the loss, misuse, alteration, unauthorized access and theft of Personal Data provided by Data Subject.

You may limit the use and disclosure of your Personal Data by sending an email to privacidadeinformacion@bylife.com.mx where you can explain what data you wish to disclose, as well as your wish that this data is not used to receive communications or promotions by Controller.

  1. Means to exercise ARCO Rights.

Data Subject, by themselves or through a duly accredited legal representative, has recognized and may exercise the rights of access, rectification, cancellation and opposition against Controller.

For this purpose, Data Subject or their legal representative may request a form to exercise ARCO Rights to privacidadeinformacion@bylife.com.mx; such form must be completed, signed and returned to the same email address accompanied by the following scanned documentation, in order to carry out the authentication of Data Subject who wants to exercise their ARCO Rights:

  1. Valid ID (Valid ID card issued by the Federal Electoral Institute, Passport issued by the Ministry of Foreign Affairs, Military Card or Professional ID).
  2. In the event that the exercise of the ARCO Rights is made through the legal representative of Data Subject, in addition to the accreditation of the identity of both, the corresponding power of attorney, letter of attorney signed before two witnesses or declaration in appearance of Data Subject must be submitted.
  3. If you wish to exercise the right of rectification, you shall submit the documentation proving the requested change according to the personal data to be rectified.

The response to such form, will be carried out by Controller after 20 working days from the date on which it was received. Controller may extend this term for up to 20 more business days, when the case warrants it, giving prior notification to Data Subject.

The resolution adopted by Controller shall be communicated to Data Subject through the options chosen by them, which are set forth in the ARCO Rights exercise form that shall be requested by email.

In the event Data Subject wishes to revoke the authorization granted to Controller with respect to the Personal Data provided, they shall make the corresponding request according to the same terms established herein to exercise the ARCO rights.

The delivery of the Personal Data shall be free of charge, and Data Subject shall only have to cover the justified shipping costs or the cost of copies or other formats, when deemed necessary.

However, if Data Subject reiterates their request in a period of less than twelve months, the costs will not be greater than three days of the General Minimum Wage in force in Mexico City Government unless there are substantial modifications to the Privacy Notice that motivate new consultations.

In the event you wish to exercise the right of Access to your Personal Data, the requested information will be provided through the means that you have chosen in the request for exercise of ARCO rights. And, in the event that Controller does not have your Personal Data, we will inform you by the means through which you made the request.

For any doubt or clarification regarding this process, please send an email to the Personal Data Protection Unit at privacidadeinformacion@bylife.com.mx

  1. Transfer and Forwarding of Data.

Controller undertakes to ensure compliance of all legal principles of protection regarding the transfer of your Personal Data. Likewise, they express their commitment to ensure that this Privacy Notice is respected at all times by the individuals or legal entities to which the information provided may be transferred, in order to provide the appropriate service with the best quality to our customers.

Controller may transfer and forward the Personal Data among the Group Entities of Servicios Turísticos AFA, S.A. de C.V. and all its subsidiaries as well as to national or foreign agents, in order to comply with the purposes, set forth herein and to provide our customers with the best service regarding your contracted products.

National or international data transfers may be carried out without the consent of Data Subject, among other cases established by the Law, provided that the transfer is made to controlling companies, subsidiaries or affiliates under the common control of Controller, or a parent company or any company of the same group of Controller that operates under the same internal processes and policies (persons in charge in terms of the Law); it is necessary by virtue of a contract entered into or to be entered into in the interest of Data Subject, Controller and a third party; and when the transfer is necessary for the maintenance or fulfillment of a legal relationship between Controller and Data Subject.

  1. Changes to the Privacy Notice.

Controller reserves the right to make changes to this Privacy Notice, which will be disclosed through the page www.lifevacationclub.com or that which may replace it.

Likewise, Data Subject has the right to object to the processing of their Personal Data in case they do not agree with the amendments made herein; for such purpose, they shall send a request to the email address referred to in paragraph 6 of this Privacy Notice.

We inform you that the competent authority to resolve any conflict arising from the Law is the Federal Institute of Access to Information and Personal Data (INAI) and you can learn more about the subject on its website www.ifai.org.mx