I. Introduction

MACHUPICCHU GOLDEN E.I.R.L has a firm commitment to respect and comply with all legal and regulatory provisions that are applicable to them. Likewise, it understands that personal data, being an integral part of the privacy of individuals; and being also fundamental to our activity, they must be treated in such a way that they not only imply compliance with the legal system, but also measures must be taken to generate an environment of trust and security in the public with respect to said information. treatment.

II. Goal

The purpose of this Policy is to make our commitment to the protection of your personal data known to the public, as well as the guidelines under which we carry out the treatment of the same in the exercise of our commercial activities, the purpose for which we do it, as well as well as the procedures so that the owners of the same can exercise the rights provided for in the Personal Data Protection Regulations.

III. Scope

This Policy applies to all personal data processing activities carried out by MACHUPICCHU GOLDEN E.I.R.L (hereinafter "MACHUPICCHU GOLDEN" ). It will also apply to those people or companies that MACHUPICCHU GOLDEN requires the processing of personal data for which it is responsible.

IV. Definitions

The terms used in this policy with a capital letter are defined in Annex No. 1.

V. Guiding Principles

MACHUPICCHU GOLDEN undertakes to respect the guiding principles established in the Personal Data Protection Regulations. These are: Principle of legality: The treatment of personal data is done in accordance with the provisions of the law, the collection of personal data by fraudulent, unfair or illegal means being prohibited.
Principle of consent: For the treatment of personal data, the consent of its owner must be mediated, unless there is one of the exceptions provided by law. Said consent must meet the requirements of being free, prior to its collection or treatment, express and unequivocal, and informed.
Principle of purpose:Personal data must be collected for a specific, explicit and lawful purpose, and their treatment must not be extended to another purpose other than that for which they were collected.
Principle of proportionality: The processing of personal data must be adequate, relevant and not excessive to the purpose for which they were collected.
Quality principle: The personal data to be processed must be truthful, exact and, as far as possible, updated, necessary, pertinent and adequate with respect to the purpose for which they were collected.
Safety principle:The owner of the personal data bank and the person in charge of the personal data bank must adopt the necessary technical, organizational and legal measures to guarantee the security of the personal data.
Principle of provision of appeal: The owner of personal data must have the necessary administrative or jurisdictional channels to claim and assert their rights, when these are violated by the processing of their personal data.
Appropriate level of protection principle: For the cross-border flow of personal data, a sufficient level of protection must be guaranteed for the personal data to be processed or, at least, comparable to that provided for by the Personal Data Protection Law or by international standards in the matter.

VI. SAW. Purpose of the Processing of Personal Data

MACHUPICCHU GOLDEN processes the personal data of collaborators, clients and potential clients, suppliers, employees and other people who make up its public of interest, in accordance with the purposes authorized by each of them in the consents they have granted to MACHUPICCHU GOLDEN, with the exceptions to the requirement to obtain consent provided for by the Personal Data Protection Regulations.

MACHUPICCHU GOLDEN informs that it will process personal data, among others, for the following general purposes:

• To comply with the obligations generated by the contractual and non-contractual links generated with the owner of personal data.
• Communicate to your public of interest commercial information about your business activity, your goods and services, according to the consent obtained from the Holder of personal data.
• Comply with your legal obligations as an employer.
• Follow-up and monitoring for security risk management purposes through its video-surveillance devices, biometric registration, and others that are available.
• Carry out due diligence and business risk management activities.
• Provide Personal Data to third parties, in Peru or abroad, with whom Machupicchu Golden has a contractual relationship and that it is necessary to deliver it for the fulfillment of the contracted object.
• Transfer personal data to related companies listed in Annex 2 of this policy, within the framework of the purposes reported here.
• Process them so that, by virtue of the services provided, the client can make use of the benefits of the “discount coupons” loyalty program through any of the available communication, sale or exchange channels, both in person and remotely.
• Automatically complete the documents associated with the transactions carried out by the Holder based on the services used or
• Develop commercial actions or post-sale services, of a general nature or directed personally to the Holder, aimed at improving their experience as a customer through the Communication Channels.
• Keep the Holder of Personal Data informed, through the Communication Channels, about the delivery process and status of the contracted services.

The processing of personal data for the above purposes, and for any other lawful purpose other than those mentioned above, is duly informed to the Holders of personal data, requiring a specific authorization according to the corresponding public of interest, in compliance with the principle of consent, with the exceptions provided for in the Personal Data Protection Regulations.

VII. Consent

MACHUPICCHU GOLDEN will require the free, prior, express, unequivocal and informed consent of the owner of the personal data for the treatment thereof, except in cases of exception expressly established by the Personal Data Protection Regulations.

MACHUPICCHU GOLDEN will not require consent to process your personal data obtained from sources accessible to the public, free or not, for the use for which they were made accessible to the public; Likewise, you may process your personal data from non-public sources, provided that said sources have your consent to process and transfer said personal data.

VIII. Rights of the Holders

In accordance with the Personal Data Protection Regulations, the holders of personal data have the following rights:

1. Right of Access and information: As a consequence of the right of access, the holder of personal data has the right to obtain the information about himself that is subject to treatment in data banks owned by MACHUPICCHU GOLDEN, the way in which his data was collected, the reasons that motivated his collection, the transfers made, or to whom they are expected to be made, among others. The right to information, for its part, grants the owner the right to know, prior to the collection of their data, the purpose for which their data will be processed, the existence of the database in which they will be stored, the identity and address of the owner of the database and of those in charge of the treatment, if the transfer of personal data will take place and to whom, the conservation time, among others.

2. Right of rectification, updating and inclusion: The owner of personal data has the right to update, include and rectify their personal data subject to treatment by MACHUPICCHU GOLDEN when these are partially or totally inaccurate, incomplete or when it has been warned omission, error or falsehood.

3. Right of Cancellation or Deletion: The owner of personal data may request the cancellation or deletion of their personal data not related or necessary for the execution of the obligations of MACHUPICCHU GOLDEN provided for in the signed contracts or those provided by current regulations.

4. Right to prevent the supply: The owner of personal data has the right to prevent their personal data from being supplied, especially when the supply affects their fundamental rights, unless the supply is executed between the owner of the personal data bank and a person in charge. of the personal data bank, for the purposes of its treatment.

5. Right of Opposition: The holder of personal data may oppose the processing of their personal data at any time. The opposition will proceed to the extent that the treatment has no contractual or legal justification.

6. Right of revocation: The owner of personal data can withdraw the consent previously granted at any time. The revocation will not reach the uses and/or treatments that can be executed in the scenarios authorized by the regulation.

7. Right to objective treatment: The holder of personal data has the right not to be affected by a decision based solely on the processing of personal data aimed at evaluating certain aspects of their personality or conduct, unless this occurs within the framework of a contract or in cases of evaluation for the purpose of joining a public entity, in accordance with the law, without prejudice to the possibility of defending their point of view, to safeguard their legitimate interest.

8. Right to guardianship: In the event that the owner or the person in charge of the personal data bank denies the owner of personal data, totally or partially, the exercise of the rights established in this Law, he may appeal to the National Authority of Protection of Personal Data in the process of claiming or to the Judiciary for the purposes of the corresponding habeas data action.

9. Right to be compensated: The owner of personal data that is affected as a result of the breach of this Law by the owner or by the person in charge of the personal data bank or by third parties, has the right to obtain the corresponding compensation, in accordance with the law. .

IX. Procedure for the exercise of the rights of the Holder of Personal Data

The Holders may revoke their consent or exercise their legal rights, by sending an email to reservas@machupichugolden.com indicating their full name, Passport or identity document from their country and attaching a copy of said document.

In the event that the owner of the personal data requires to exercise their rights through a representative, they must send a power of attorney legalized by a notary public that empowers them as such and their identity document.

X. Term of the Processing of Personal Data

The personal data processed by MACHUPICCHU GOLDEN will be stored for the time necessary to fulfill the treatment purposes authorized by the owner, without prejudice to the fact that the latter may exercise the aforementioned rights at any time.

XI. Personal Data Security

In compliance with current regulations, MACHUPICCHU GOLDEN adopts the appropriate legal, organizational and technical measures to guarantee the security of personal data, avoiding its alteration, loss, improper treatment or unauthorized access.

For this purpose, it makes available all the necessary human and technological resources, applying them in proportion to the nature of the data stored and the risks to which they are exposed.

MACHUPICCHU GOLDEN will only process personal data that is stored in repositories that meet the security conditions required by current regulations on personal data protection.

XII. Modifications

If any change or modification of this Policy occurs, the current text of it will be published on our web portal: https://www.machupicchugolden.com/ in the Privacy Policy section.

XIII. General information

As part of our activity, we process personal data in compliance with the provisions of the Personal Data Protection Regulations.

The personal data that we process is stored in personal data banks owned by MACHUPICCHU GOLDEN, duly registered with the Personal Data Protection Authority:

The words and terms defined below, when they are capitalized as is done in their respective definitions below, whether or not they are required under capitalization orthographic rules, and regardless of where this policy is placed in which they are used, or if they are used in a person, number, mode, tense or grammatical variable, as necessary for the proper understanding of the same, they will have the meanings that each of said words or terms are ascribed below :

• Personal Data Protection Law: Law 29733 and its amendments.
• Regulation of the Personal Data Protection Law: Supreme Decree No. 003-2013-JUS and its amendments.
• Personal data bank: Organized set of personal data, automated or not, regardless of the support, be it physical, magnetic, digital, optical or others that are created, whatever the form or modality of its creation, formation, storage, organization and access.
• Sensitive data: Personal data consisting of biometric data that by itself can identify the owner, data referring to racial and ethnic origin; economic income, political, religious, philosophical or moral opinions or convictions; union membership; and information related to health or sexual life.
• Person in charge of the personal data bank: Any natural person, private legal entity or public entity that alone or acting jointly with another carries out the processing of personal data on behalf of the owner of the personal data bank.
• Personal Data Protection Regulations: Refers to the Personal Data Protection Law. To the Regulations of the Personal Data Protection Law and its amendments and complementary regulations.
• Holder of personal data: Natural person to whom the personal data corresponds.
• Holder of the personal data bank: Natural person, private legal entity or public entity that determines the purpose and content of the personal data bank, its treatment and security measures.
• Transfer of personal data: Any transmission, supply or manifestation of personal data, of a national or international nature, to a legal entity under private law, to a public entity or to a natural person other than the owner of personal data.
• Treatment of personal data: Any operation or technical procedure, automated or not, that allows the collection, registration, organization, storage, conservation, elaboration, modification, extraction, consultation, use, blocking, deletion, communication by transfer or diffusion or any another form of processing that facilitates the access, correlation or interconnection of personal data”.
• Arco Rights: Rights held by every natural person as the owner of personal data.
• Request to exercise the ARCO Right: It is the request for access, rectification, updating, inclusion, cancellation, deletion or opposition, made by the owner of personal data regarding their information.
• Consent of the interested party: It is any manifestation of free, specific, informed and unequivocal will by which the interested party accepts, either by means of a declaration or a clear affirmative action, the processing of personal data that concerns him.
• Canales de Comunicación:• Communication Channels: Physical mail, email, text messages (SMS and/or MMS), digital media such as Facebook, Instagram or "WhatsApp" or other similar platforms, cell phone number or any means of communication that the Data Holder Personals provide MACHUPICCHU GOLDEN.

The management.