Skip to main content

Privacy Notice

ONE.- IDENTITY AND IDENTIFICATION OF THE CONTROLLER

“ESTANCIA INN, S.A. DE C.V.”, with Tax ID (RFC): EIN040217BF4, hereinafter and for any reference in this Privacy Notice: ESTANCIA INN, commercially known as HOTEL KUMIAI INN, with our principal address at BLVD. BENITO JUÁREZ NO. 1200, EL ENCANTO, (BETWEEN AVENIDA D AND 1RA), ZIP CODE 21440, TECATE, BAJA CALIFORNIA, MEXICO. Whenever the terms “the company,” “this company,” “the controller,” and “we” are used hereinafter, they shall also refer to HOTEL KUMIAI INN.

The policy contained in this Privacy Notice is applicable to all of our operations throughout the United Mexican States. All of our employees, subsidiaries, affiliates, subcontractors, and authorized third parties are required to know, understand, promote, and above all implement the guidelines contained herein.

TWO.- PERSONAL DATA WE PROCESS

By virtue of this Privacy Notice, we assume responsibility for the collection and processing of your Personal Data, which may be obtained due to: (i) your relationship as an employee or staff member, (ii) your relationship as a client, business partner, supplier, or potential client or supplier, and (iii) your visit to our facilities, covering all of our geographic locations where we maintain an address and/or operations.

NOTE: It is important to point out that, due to the nature of our operations, we do not collect Personal Data considered sensitive under applicable law (except in the case of our employees). Likewise, we do not obtain Personal Data from minors or from persons declared legally incapacitated, unless we have the corresponding authorization from their legal representative.

a) Any individual or legal entity that has a direct or indirect relationship with us, visits our facilities, or uses our digital platforms: any information concerning an identified or identifiable natural person that is necessary for: (i) browsing our website or (ii) registering a visit to our facilities.

b) For our clients and suppliers: full name, place and date of birth, address, telephone numbers, email address, age range, Federal Taxpayer Registry (RFC), including the corresponding and periodic tax compliance opinions, occupation, financial data, permits or authorizations to carry out commercial activities, nationality or citizenship, marital status, and in general any information concerning an identified or identifiable natural person, both for individuals and legal entities, including but not limited to: public deeds of incorporation and amendments, powers of attorney of representatives, Federal Taxpayer Registry (RFC), financial data, permits or authorizations to carry out commercial activities, etc.

c) For our employees: first and last name, date of birth, address, landline and/or mobile phone number, email address, age range, Federal Taxpayer Registry (RFC), nationality or citizenship, marital status, sex, photographs, information regarding physical characteristics, better known as biometric data, such as voice recognition, fingerprint(s), and/or any facial recognition element, etc. (which may or may not be collected in full), academic data, immigration data, financial data, reference data, and in general any information concerning an identified or identifiable natural person who works as an employee in an organization, including medical and family data. Likewise, the Privacy Notice expressly accepted by our employees upon hiring shall form an integral part of this document.

This company obtains or may obtain your Personal Data through the following means: (i) personally, when you provide it to one of our employees by filling out physical forms or through the web platforms that HOTEL KUMIAI INN makes available to its clients, suppliers, and the general public, as well as when completing your registration with us at our front desk in any of our facilities; (ii) directly, when you provide it to us by telephone or through electronic and digital means; (iii) personally, from each of the employees who work in these facilities; and (iv) indirectly, where Personal Data is transferred to this company by duly authorized third parties and in compliance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties; however, we disclaim any responsibility in relation to any conflict between the data subject and the third party that transferred such data, following its own privacy policies, in which it states by its own means that it has obtained the consent of the data subject for the processing of such data, including its transfer.

The Controller may request and process official identifiers and biometric data of data subjects, including but not limited to: fingerprints, facial images, digitized handwritten signature, voice, iris, and other personal traits or official documents (such as CURP or electronic signature), exclusively for identification, authentication, compliance with legal or contractual obligations, and prevention of identity theft. Such processing shall be carried out in accordance with the Federal Law on the Protection of Personal Data Held by Private Parties, its regulations, and in accordance with Articles 91, 91 BIS and 92, and other applicable provisions of the General Population Law, which empower authorities to establish and verify identity records containing biometric data and personal characteristics. The processing by the Controller shall be carried out under appropriate technical and administrative standards to guarantee its confidentiality, integrity, and exclusive use for the purposes disclosed.

Likewise, in order to preserve the safety of persons, property, and facilities, the Controller informs you that upon entering our facilities, the data subject may be subject to verification or access control procedures, which may include:

  • Visual inspection or inspection through metal detectors.
  • Non-intrusive inspection of personal belongings (such as backpacks, handbags, or briefcases).
  • Entry and exit registration.
  • Image or video capture through surveillance systems.
  • Identity verification by means of official identification or biometrics, where applicable.

Any information that may be collected as a result of these measures shall be processed solely for security purposes, loss prevention, access control, and compliance with internal policies, in strict adherence to the principles of legality, proportionality, and purpose established in the Federal Law on the Protection of Personal Data Held by Private Parties.

The Controller informs you that, in order to comply with identity verification purposes, file updating, access control, asset delivery control, regulatory compliance, risk prevention, and legal or property security, it may request from data subjects, on a periodic or repeated basis, the presentation of official documents and identifications. Such documents may be photographed, scanned, or photocopied by the Controller and its employees, and stored in physical and/or electronic media, exclusively for the aforementioned purposes.

THREE.- PURPOSE OF THE PROCESSING OF YOUR PERSONAL DATA

The collection and processing of the aforementioned Personal Data is carried out for the following purposes: (i) to keep records of the personnel working in these facilities, as well as visitors, who may be clients, suppliers, and other third parties entering the facilities where we operate; (ii) the proper control and security of access to our facilities, derived from obtaining contact information; (iv) to ensure proper channeling of requested information in order to provide the best possible information service; (v) to comply with all mandatory legal provisions applicable to HOTEL KUMIAI INN within the framework of its commercial relationship with you; (vi) to protect the interests and rights of HOTEL KUMIAI INN in accordance with the applicable legal provisions; and (vii) any commercial purpose that this company deems appropriate, without contravening any applicable legal provision.

FOUR.- TRANSFERS OF PERSONAL DATA

HOTEL KUMIAI INN may transfer your Personal Data to third parties in order to fulfill the purposes established in this Privacy Notice, including commercial purposes, and any other purpose not prohibited by law. The aforementioned Personal Data may be disclosed to competent authorities in accordance with applicable legislation. These transfers may be national or international in nature, and by being presented with this Privacy Notice, you are deemed informed, and by expressing no objection, you are understood to grant your unrestricted consent thereto.

You are hereby informed that by accepting this Privacy Notice, the Data Subject authorizes us, as Controller, to transfer your Personal Data to third parties, whether Mexican or foreign, without the need to obtain your consent again, when the transfer falls under any of the following cases: (i) it is provided for in a law or treaty to which Mexico is a party; (ii) it is necessary to safeguard the health of the Data Subject, including prevention or medical diagnosis, the provision of healthcare, medical treatment, or the management of medical services; (iii) the transfer is made to subsidiaries or affiliates under the common control of the Controller or to a parent company or any company within the same corporate group of the Controller operating under the same internal processes and policies; (iv) it is necessary by reason of a contract entered into or to be entered into in the interest of the Data Subject; (v) it is necessary or legally required to safeguard a public interest, or for the administration of justice; (vi) it is necessary for the recognition, exercise, or defense of a right in a judicial proceeding; and (vii) it is necessary for the maintenance or fulfillment of a legal relationship between the Data Subject and the Controller.

FIVE.- WEB PAGES

Yes, with the aim of improving the user experience on this company’s website(s), we may use (without ensuring that we do or will) “cookies” and “web beacons.” For purposes of this Privacy Notice, cookies are identified as text files containing information that a website transfers to the users’ computer hard drive in order to store certain records and preferences. We may use cookies to better understand user interaction with the website and the services provided. The website may allow advertising or third-party features that send cookies to users’ computers. Through the use of cookies, users are not personally identified, only their computers are identified.

Likewise, beacons are images inserted into a website or email that may be used to monitor a visitor’s behavior, such as storing information regarding the user’s IP address, browsing schedule, duration of interaction with the Site, sections consulted, websites accessed prior to ours, and the type of browser used. Users may change their options through their devices and/or browsers in order to stop accepting cookies and/or web beacons, or to confirm whether or not they accept them.

Likewise, we may (without this being interpreted as an affirmation) obtain personal information from you such as the following (without ensuring that we do or will): browser type, operating system, IP address, and data about website activity, through which it is possible to monitor your behavior as an internet user, create personalized content, and provide you with better service and user experience while browsing our website.

With respect to mobile applications, this company may make use of them to facilitate its relationship with employees, clients, suppliers, business partners, and the general public; therefore, this Privacy Notice is applicable to the use of such mobile applications and shall be understood as included in the terms and conditions displayed in their respective sections. Therefore, if you do not agree with the privacy policy contained in this notice, please refrain from using such mobile applications or websites.

SIX.- VIDEO AND PHOTOGRAPHS ON THE PREMISES

Yes, if we deem it appropriate, we may (or may not) have video recording systems (now or in the future), therefore, by means of this notice, you are informed that you may be recorded by security or surveillance cameras, which maintain (or may maintain) image and video recordings (with or without sound) 24 hours a day, 7 days a week. By this act, YOU AUTHORIZE this company to take such videos and photographic images for non-profit purposes and not for commercial dissemination during your stay at the facilities located at any of our addresses.

SEVEN.- ACCEPTANCE AND CONSENT OF THE DATA SUBJECT

Failure to object to this Privacy Notice shall be interpreted as a statement by the data subject that the Personal Data provided to HOTEL KUMIAI INN (directly or indirectly) may be processed by this company in accordance with the provisions of the applicable legislation; that is, we have your acceptance and consent, without reservation whatsoever, for the processing of your Personal Data. The data provided by the data subject is truthful and up to date, and the data subject undertakes to notify us of any modification to the Personal Data provided as soon as possible.

We inform you that, in accordance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties and its Regulations, the Controller informs you that the consent of the Data Subject shall not be necessary for the processing of Personal Data when: (i) it is provided for by law; (ii) the Personal Data appears in public access sources; (iii) the Personal Data is subject to a prior dissociation procedure; (iv) it is intended to fulfill obligations arising from a legal relationship between the data subject and the controller; (v) there is an emergency situation that may potentially harm an individual in his/her person or property; (vi) it is indispensable for medical care, prevention, diagnosis, the provision of healthcare, medical treatment, or the management of health services, while the Data Subject is not in a condition to grant consent, under the terms established by the General Health Law and other applicable legal provisions, and provided that such data processing is carried out by a person subject to professional secrecy or equivalent obligation; or (vii) there is a resolution issued by a competent authority.

EIGHT.- ARCO RIGHTS

In accordance with the Federal Law on the Protection of Personal Data Held by Private Parties, you are entitled to the rights of Access, Rectification, Cancellation, and Objection to Processing, also known as “ARCO Rights,” which are briefly explained below:

  • Access: The right to access the Personal Data we retain about you, as well as to obtain information regarding the conditions under which your data is processed.
  • Rectification: The right to rectify your Personal Data if it is inaccurate or incomplete.
  • Cancellation: The right to request that we cancel the Personal Data we hold about you when you consider that it is not being processed in accordance with the principles and duties established in the Federal Law on the Protection of Personal Data Held by Private Parties and its Regulations.
  • Objection to processing: The right to object to the processing of your Personal Data when there is a legitimate cause or so that your data is not processed for specific purposes.

The Federal Law on the Protection of Personal Data Held by Private Parties also grants you the right to revoke the consent previously granted for the processing of your Personal Data at any time, and the data subject may freely express disagreement with the provisions of this Privacy Notice.

For purposes of exercising your ARCO rights, requesting or revoking your previously granted consent for processing, and in general, for any questions or complaints regarding the processing of your Personal Data or to know whether there are other available options (in addition to those established herein) for limiting the use or disclosure of your data, please contact our Personal Data Department (“DDP”). Your cancellation, revocation, and objection requests will be evaluated in accordance with the terms established in the Federal Law on the Protection of Personal Data Held by Private Parties, and their admissibility or inadmissibility will be resolved taking into consideration the provisions of such law and other obligations applicable to this company (tax, commercial, consumer protection, public security, health, etc.). In general, please consider that your requests may not be admissible in cases where processing is necessary for compliance with a legal obligation imposed on or undertaken by HOTEL KUMIAI INN.

In all such cases, a simple request must be sent as mentioned above. Our DDP will inform you of: (i) the information required to identify you, as well as the documents you will need to submit together with your request; (ii) the time periods within which you will receive a response to your request; (iii) how you should submit your request, including the forms you may use to submit it, if any; and (iv) the method or means by which we will deliver the information to you.

NINE.- PERSONAL DATA DEPARTMENT (“DDP”)

Our DDP may be contacted through the following means. In all cases, please include your name and your contact information.

Email: recepcion@kumiaiinn.com or by telephone at 665 655 9184. Also at our principal address: BLVD. BENITO JUÁREZ NO. 1200, EL ENCANTO, (BETWEEN AVENIDA D AND 1RA), ZIP CODE 21440, TECATE, BAJA CALIFORNIA, MEXICO.

TEN.- CHANGES TO THE PRIVACY NOTICE

The Controller reserves the right to make changes to this Privacy Notice, which shall be made known through publication on the website https://kumiaiinn.com and/or any website that may replace it.

ELEVEN.- COMPETENT AUTHORITY IN MATTERS OF PERSONAL DATA DISPUTES

This Privacy Notice is delivered to you as the data subject in accordance with Articles 7, 14, 15, 35, and other related applicable provisions of the Federal Law on the Protection of Personal Data Held by Private Parties, as well as the applicable provisions of its Regulations, and the various international treaties and agreements on the subject to which the Mexican State is a party, as well as those international agreements which, by their nature, subject HOTEL KUMIAI INN to compliance therewith.

We inform you that the competent authority to resolve any conflict arising from the application of the Federal Law on the Protection of Personal Data Held by Private Parties and its Regulations is the Ministry of Anti-Corruption and Good Government, and you may learn more on the subject on its website https://www.gob.mx/buengobierno. You may approach such institution to file your complaint.

LAST UPDATE

Last updated on: March 30, 2026.

About
Policy
© Kumiai Inn. All rights reserved.
Powered by Omarric.