top of page
ChatGPT Image Aug 25, 2025 at 08_55_05 AM_edited.jpg

Comprehensive Privacy Notice

SANTACILIA, A.C.

Address: Ex Hacienda de San Juan Pan de Arriba, San Diego de la Unión, Guanajuato, C.P. 37860, Mexico.
Contact email for personal data matters: [experiencia@santacilia.club]
Phone: +52 566 773 4857

Last Update: August 18, 2025

1) Identity and Responsibility

SANTACILIA, A.C. (hereinafter, “Santacilia” or the “Controller”), with the address stated above, is responsible for the processing of your personal data in accordance with applicable Mexican data protection legislation.

2) Personal Data Collected

2.1 Categories of Data
Depending on your interaction with Santacilia (e.g., website visitor, prospect, membership holder, guest, supplier), we may request and process:

  • Identification and Contact: name, surname, date of birth, nationality, official ID, RFC/CURP, address, email, phone(s).

  • Relationship and Contracting Data: villa type, assigned weeks, contract/cover page number, usage and reservation history, service tickets.

  • Billing and Payment: business name, RFC, tax address, payment method, account/CLABE details and/or tokenized card data through certified gateways; payment receipts.

  • Preferences and Experience: satisfaction surveys, amenity interests, programs and events.

  • Access and Security: facility access logs (date/time), vehicle plates, guest lists, CCTV in common areas.

  • Support and Communications: recorded calls, email correspondence, forms.

  • Website and Apps: device identifiers, IP address, browser type, visited pages, approximate location, cookies and similar technologies (see Section 11).

  • Sensitive and Biometric Data (optional): Only if biometric access controls (fingerprint, facial recognition) are implemented, or if health conditions require accessibility support. In such cases, explicit written consent will be requested, and data will be handled with reinforced measures. If you prefer not to provide such data, reasonable non-biometric alternatives will be offered when feasible.

2.2 Sources of Data Collection
We collect data directly from you (forms, contracts, reception), indirectly (referral programs, authorized brokers, corporate social media), and from public sources or lawfully accessible databases.

3) Purposes of Processing

3.1 Primary Purposes (necessary):

  • Verify your identity and formalize your relationship with Santacilia (quotations, contracts, payment and billing management).

  • Grant and manage the right of use of villas and weeks; administer reservations, access, passes, and guest entries.

  • Operate amenities and activities; ensure physical and property security; CCTV in common areas.

  • Handle requests, complaints, and clarifications; provide support and service follow-up.

  • Comply with legal obligations and authority requirements; prevent fraud and ensure information security.

3.2 Secondary Purposes (additional):

  • Marketing and commercial communication: offers, newsletters, event invitations, surveys, loyalty programs.

  • Prospecting and statistical analysis to improve services and amenities.

  • Referral programs and partnerships with third parties (e.g., tourism or wellness activities).

You may deny or revoke your consent for secondary purposes at any time by sending an email to [experiencia@santacilia.club] with the subject “No advertising” or by using the preference mechanisms (website/app). Your decision will not affect primary purposes or contracted services.

4) Personal Data Transfers

Santacilia does not sell your personal data. We may transfer data in the following cases:

  • Processors (service providers): hosting, payment gateways, technical support, courier services, credential printing, call centers, security and maintenance. These transfers do not require consent but are covered by confidentiality and processing agreements.

  • Affiliates or partners linked to the project’s operation and amenities, exclusively to fulfill primary purposes (e.g., activity or experience operators).

  • Competent authorities when required by law or duly issued legal order.

  • Banks/insurers or financial intermediaries for payment processing or coverage management.

  • Third parties for secondary purposes (marketing or commercial alliances) only with your prior consent; you may object at any time.

For international transfers, Santacilia will ensure that the recipient assumes equivalent protection obligations and, when required, your consent will be requested.

5) Retention and Security Measures

We will retain your data only for as long as necessary to fulfill the purposes described, in accordance with internal retention policies and applicable legal deadlines.

We implement reasonable administrative, technical, and physical measures to protect data against damage, loss, alteration, destruction, or unauthorized use, access, or processing.

In case of a significant security incident affecting your rights, Santacilia will notify you through available contact means, specifying the nature of the incident, compromised data, actions taken, and recommendations.

6) ARCO Rights

You may exercise your rights to Access, Rectify, Cancel, or Oppose (ARCO) the processing of your data in accordance with applicable law.

6.1 How to exercise them:
Submit a request to [experiencia@santacilia.club] or at reception, including:

  • Holder’s name and contact information for the response (email, address).

  • Proof of identity or representation.

  • Clear description of the data and the right being exercised.

  • Supporting documents (if applicable).

For Rectification, attach documents supporting the correction (e.g., ID, proof of address). For Cancellation, we will evaluate if blocking and subsequent deletion apply, observing legal exceptions.

6.2 Response Times:
Santacilia will communicate its decision within 20 business days and, if applicable, implement it within 15 business days thereafter. Deadlines may be extended once for an equal period if justified.

7) Revocation of Consent

You may revoke your consent previously granted for data processing. Please note that not all requests may be met immediately due to legal or contractual obligations. The procedure follows the same process as ARCO rights.

8) Options to Limit Use or Disclosure

In addition to ARCO rights or objection, you may:

  • Register in our exclusion lists to stop receiving marketing communications.

  • Use website/app preference controls and the opt-out link in each message.

  • Register with Mexico’s Public Registry to Avoid Advertising (if applicable).

9) CCTV in Common Areas

Santacilia uses cameras at access points and in common areas exclusively for security and access control. Images are retained for a limited period and safeguarded with security measures. Images may be shared with authorities in accordance with the law.

10) Minors

We do not knowingly collect data from minors without parental/guardian consent. If you are a parent/guardian and are aware that a minor has provided data without consent, please contact us so we can delete such information when appropriate.

11) Cookies and Similar Technologies

Our website santacilia.club uses cookies, web beacons, and similar technologies to remember preferences, improve user experience, measure performance, and perform analytics.

You may configure your browser to block or delete cookies or manage preferences from the site’s Privacy Center ([santacilia.club/cookies] or [●]). Some functions may not operate properly without certain cookies.

  • Types of cookies: strictly necessary, functional, performance/analytics, advertising.

  • Data collected: session IDs, IP, browser, visited pages, time on site, interaction with sections and campaigns.

  • Third parties: we may use third-party analytics and advertising tools (e.g., campaign measurement). These third parties may act as processors or independent controllers; please review their privacy notices.

12) Changes to this Privacy Notice

Santacilia may modify this Notice to reflect regulatory, process, or service changes. The updated version will be published at santacilia.club/privacidad, and when substantial changes occur, you will be notified by email or highlighted notice on the site/app.

13) Authority and Complaints

If you believe your data protection rights have been violated, you may file a complaint with the competent Mexican data protection authority. Without prejudice, we encourage you to contact us first to address any request or clarification.

14) Acceptance

By providing personal data to Santacilia by any means, you acknowledge that you have read this Notice and authorize its processing under the terms described herein, to the extent that your consent is legally required. For secondary purposes and sensitive data, your express consent may be requested.

Appendix A – Suggested Requirements for ARCO/Revocation Requests

  • Full name of the holder and, if applicable, of the legal representative; document to prove authority.

  • Copy of valid official ID (both sides) or electronic authentication.

  • Description of the right being exercised and the related data.

  • Address or email to communicate the response.

  • Documents to help locate data (e.g., client/contract number).

Costs: Exercising these rights is free; only justified shipping or reproduction costs may apply.

Appendix B – List of Processors and Relevant Third Parties (Transparency)
We will publish an updated list of authorized providers (e.g., payment gateway, hosting, CRM, courier) and third parties with whom we share data for primary purposes at santacilia.club/privacidad. This list is for transparency and does not imply transfers with a change of purpose.

bottom of page