+57 300 912 1247 +57 300 912 1247 | 🇺🇸 Español
Chat via whatsapp

Data protection and identity verification

Personal data processing policy

This policy governs the collection, use, storage, circulation and deletion of personal data processed by Grupo 5 Elementos S.A.S. in billing, reservation, payment validation and service-related customer support processes.

Use limited to billing and reservations Default disclosure only to the same WhatsApp number Consultations: 10 business days Claims: 15 business days

1. Data controller and official channels

Grupo 5 Elementos S.A.S., identified with NIT 901.392.193-2, acts as the controller of the personal data processed through this website and other official service channels.

Requests related to personal data, reservations and identity verification will be processed through the official channels published by the company and the internal area designated to handle habeas data requests.

MedellĂ­n

  • carrera 48a #10 sur-191
  • +57 300 912 1247
  • 06:00 am - 10:00 pm

Bogotá

  • carrera 14 #112-21
  • +57 300 913 8149
  • 06:00 am - 10:00 pm

Official website: https://www.cielspa.com.co

2. Data processed and purposes

The company may process identification, contact, billing, payment and reservation data strictly necessary to provide the requested service and document the commercial relationship.

  • Create, confirm, modify, cancel or follow up reservations and gift-card purchases.
  • Issue invoices, supporting documents, accounting records and tax-related evidence.
  • Validate payments, advance payments, chargebacks, refunds and suspicious transactions.
  • Send confirmations, reminders, service instructions and reservation-related information.
  • Verify identity, prevent fraud and avoid unauthorized disclosure of reservation or payment information.
  • Comply with legal duties and preserve evidence of the transaction and the customer relationship.
Disclosure The company does not sell personal data. It only shares information when it is necessary for payment, invoicing, technological support, compliance with legal duties or service provision by authorized suppliers under confidentiality duties.

3. Identity verification and authorized channel

To protect reservation, payment and billing information, the company will disclose information by default only to the same WhatsApp number from which the reservation or payment process began.

If someone writes from a different number, the company may refrain from providing information, changing the reservation, accepting instructions or confirming payments until the account holder completes sufficient additional validation.

  • Additional validation may include confirmation of personal data, payment details, identity documents or other reasonable security mechanisms.
  • If validation is not completed in time, the company may keep the reservation unchanged, withhold information or refrain from acting until identity is confirmed.
About missed appointments Loss of availability, time-slot expiration, missed appointments or delays arising from requests made from unverified numbers will not be attributable to the company, except when there is proven fault by the company or a mandatory legal duty says otherwise.

4. Rights of the data subject

As data subject, the customer may exercise the rights recognized by Colombian data protection law.

  • Know, update and rectify personal data.
  • Request evidence of the authorization granted, unless a legal exception applies.
  • Be informed about the use given to personal data.
  • File complaints with the company and, when applicable, with the Superintendence of Industry and Commerce.
  • Revoke the authorization or request deletion when it is legally appropriate.
  • Access personal data that are being processed.

5. Queries, claims and response terms

Requests should identify the account holder, describe the matter clearly and, if available, attach supporting information that allows the company to verify identity and process the request.

  • Queries will be answered within up to ten (10) business days, extendable once for up to five (5) additional business days with prior notice.
  • Claims will be answered within up to fifteen (15) business days, extendable once for up to eight (8) additional business days with prior notice.
  • When the company requires more information to verify identity or understand the request, the response term may begin once the missing information is supplied.

6. Authorization, retention and security

Authorization for personal data processing may be obtained through website forms, WhatsApp conversations, payment flows, invoices, data messages, recordings or any other legally valid channel. The company may keep proof of the authorization and of the transaction.

Personal data will be kept for the time necessary to fulfill the stated purposes, the contractual or commercial relationship, and the legal or accounting retention duties applicable to the company.

  • The databases will remain in force while the purpose subsists or there is a legal duty to preserve the information.
  • The company adopts reasonable administrative, human and technical measures to protect the information against unauthorized access, loss, misuse or disclosure.
Effective date This policy is effective from its publication on this website and remains in force until a newer version is published.