Logo dolphinaris world`s best dolphinariums
  • Spanish
  • Portuguese (Brazil)

This Privacy Notice is issued in compliance with The Federal Law on the Protection of Personal Data Held by Private Parties(the “Law”), Its regulations (the “Regulations”) and Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (the “GDPR”).

I. RESPONSIBLE PARTY: The company TAGEPA, S.A.P.I. DE C.V., with registered office at AVENIDA ANTONIO DOVALI JAIME, No. 70, TORRE A PISO 8, COLONIA LOMAS DE SANTA FE, ALCALDÍA ALVARO OBREGÓN, CIUDAD DE MÉXICO, C.P. 01219, as well as its subsidiaries, affiliates, or companies within the same business group (hereinafter “TAGEPA”), is responsible for the use and protection of your personal data. This notice informs the DATA SUBJECT about TAGEPA’s personal data processing policies and security measures.

II. PURPOSE OF THE NOTICE: This privacy notice informs any person who provides their data to TAGEPA (the “DATA SUBJECT”) about:

  • TAGEPA’s policies for collecting personal data.

  • The processing of data for the main and secondary purposes established.

  • Security measures to maintain the confidentiality of personal data.

  • The mechanisms for exercising the rights of access, rectification, cancellation, and opposition (ARCO rights).

III. FORM OF NOTICE DISCLOSURE: This notice will be shown to the DATA SUBJECT through printed, digital, or telephone means prior to collecting their personal data. It is available on the website www.dolphinaris.com

IV. PERSONAL DATA COLLECTED: The personal data that TAGEPA collects includes:

  • Name

  • Nationality

  • Date of birth

  • Address

  • City and country of residence

  • Telephone number(s)

  • Email address

  • Photograph

  • Occupation and company where you work

  • Social media usernames (Facebook, Twitter, Instagram, Snapchat, etc.)

  • Banking information (debit or credit cards, PayPal, etc.)

If the DATA SUBJECT accesses the website www.dolphinaris.com or TAGEPA’s social media profiles, the following will also be collected:

  • IP address

  • Type of internet browser

  • Navigation preferences on the website

  • Visited web pages

The DATA SUBJECT can disable cookies and web beacons as described in section IX.

The protection of the privacy of personal data of minors is particularly important to TAGEPA. In the event that personal data of minors is collected, its processing will be carried out in accordance with the guidelines and requirements of the Law and its Regulations. TAGEPA will only allow the purchase of its products or services by minors if it is done by their parents or guardians, who must provide their consent to the processing of personal data.

V. PURPOSES OF USING PERSONAL DATA: Personal data will be used for the following purposes:

1) MAIN PURPOSES:

  • Management of reservations, purchases of products or services, quotation of events, and customer service.

  • Identification and access of the DATA SUBJECT to TAGEPA’s facilities.

  • Provision of customer service (chats, email, telephone, etc.).

  • Compilation, use, management, storage, and development of a database of customers, as well as its maintenance and updating.

  • Collection and billing of products and services.

  • Evaluation of the quality of products and services.

  • Fulfillment of TAGEPA’s obligations to the DATA SUBJECT.

2) SECONDARY PURPOSES:

  • Holding contests, promotional events, raffles, sweepstakes, and promotional activities.

  • Sending promotional communications about products or services available on www.dolphinaris.com or social media.

  • Sending promotional communications about special activities organized by TAGEPA.

  • Understanding user interests to improve products and services.

  • Improving the user experience on the website and social media.

The DATA SUBJECT can express their disagreement with the use of their personal data for secondary purposes at the time of giving their consent. Refusal to use secondary purposes will not be grounds for denying the provision of services and products offered by TAGEPA.

VI. DATA RETENTION PERIOD: Personal data will be kept until the DATA SUBJECT requests its cancellation, or until TAGEPA, as part of its database update, considers that the information should be purged because it is no longer necessary for the purposes set out in this notice.

VII. TRANSFER OF PERSONAL DATA TO THIRD PARTIES: Personal data will not be marketed, sold, assigned, or transferred to third parties for profit.

Data transfers will only be made with the prior consent of the DATA SUBJECT, or without the need for consent in cases permitted by Law, such as:

  • Transfers to subsidiaries, affiliates, or companies within the same business group as TAGEPA.

  • Transfers to Mexican and foreign authorities to comply with legal obligations (laws or international treaties).

If TAGEPA makes any additional transfers that require express consent, it will be obtained beforehand.

VIII. THIRD-PARTY PAGES OR LINKS: Any link accessed by the DATA SUBJECT outside the page www.dolphinaris.com is external to TAGEPA, so the DATA SUBJECT assumes full responsibility for reviewing the policies and conditions of data processing and confidentiality of the link in question (payment gateways, third-party pages related to services offered by TAGEPA, external advertising, etc.).

IX. USE OF COOKIES AND WEB BEACONS: The website www.dolphinaris.com uses cookies and web beacons. Cookies are files that are automatically downloaded and stored on the user’s computer when browsing a website, which allow the web server to remember data about the user and their navigation preferences. Web beacons are images inserted into a website or email that can be used to collect certain data and monitor the user’s behavior on the website or store their IP address.

The use of cookies and web beacons is intended to provide a better browsing experience, save information about access to improve account security, define content preferences, and personalize information based on user interests, or track online purchases.

The DATA SUBJECT can disable the use of cookies and web beacons through the “help” button in most browsers.

X. DATA PROCESSING MANAGER: TAGEPA has a department responsible for addressing inquiries related to the use and processing of personal data, as well as those related to exercising ARCO rights. The person responsible for this department is Mr. Christian Schaeffer de León, who can be contacted in writing at the following address: AVENIDA ANTONIO DOVALI JAIME, No. 70, TORRE A PISO 8, COLONIA LOMAS DE SANTA FE, ALCALDÍA ALVARO OBREGÓN, CIUDAD DE MÉXICO, C.P. 01219, or by email at: [email protected]

XI. EXERCISING ARCO RIGHTS: In accordance with the Law and its Regulations, the DATA SUBJECT has the following rights:

  • Access: Request TAGEPA to provide a report on the personal data collected, the processing given to it, and the conditions of use. An electronic copy of this information can be requested.

  • Rectification: Request TAGEPA to correct personal information if it is outdated, inaccurate, or incomplete.

  • Cancellation: Request the deletion of personal data from TAGEPA’s records or databases when it is not being used for the purposes for which it was collected or when its processing does not comply with the principles, duties, and obligations provided in the regulations.

  • Opposition: Request TAGEPA not to use (or to stop using) personal data for specific purposes.

To exercise these rights, the DATA SUBJECT must submit, personally or through a legal representative with specific powers, a written or email request addressed to the data processing manager described in the previous section. The request must contain the following information:

  • The DATA SUBJECT’s name and address or other means of communication to provide a response to their request.

  • Documents proving their identity or, if applicable, their legal representation.

  • A clear and precise description of the personal data in relation to which one of the aforementioned rights is sought to be exercised.

  • Any other element or document that facilitates the location of personal data.

  • In the case of rectification requests, they must indicate the changes to be made and provide supporting documentation.

Any request that does not meet these requirements may be rejected by TAGEPA until it is corrected.

Requests that meet the aforementioned requirements will be addressed within 20 business days following the date on which the request was received. If the request is valid, TAGEPA will fulfill it within 15 business days following the date on which it has communicated its response to the DATA SUBJECT. The deadlines described here may be extended once if the circumstances of the case justify it.

If, for any justified reason established in the Law or Regulations, it is not possible to comply with the request, TAGEPA must inform the DATA SUBJECT of its total or partial refusal, informing them of the reason for its decision, and attaching any relevant evidence.

XII. REVOCATION OF CONSENT FOR THE USE OF PERSONAL DATA: The DATA SUBJECT can revoke, totally or partially, their consent for the use of their personal data if they consider that it is being used for purposes different from those for which it was collected. To do so, they must submit a request in accordance with the requirements, procedures, and deadlines established in section XI.

The cancellation of personal data will lead to a blocking period after which the data will be deleted. TAGEPA may keep personal data exclusively for the purpose of liabilities arising from processing. The blocking period will be equivalent to the statute of limitations for actions arising from the legal relationship that underlies the processing in accordance with the applicable Law. Once the data has been cancelled, the DATA SUBJECT will be notified.

XIII. COMPLIANCE WITH GDPR PROVISIONS OF THE EUROPEAN UNION: If the DATA SUBJECT is a national or resident of the European Union, they are informed that TAGEPA, in compliance with the provisions established by the GDPR, has taken various measures for the protection of their personal data, including:

  • Recognition of additional rights:

    • Right to restriction of processing: the right of the DATA SUBJECT to obtain from TAGEPA the restriction of the processing of their data in certain cases.

    • Right to data portability: the right to receive the personal data that concerns them, which they have provided to TAGEPA, in a structured, commonly used, and machine-readable format, and to transmit it to another controller when processing is carried out by automated means.

    • Right to individual automated decisions: the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects for them or significantly affects them in a similar way, unless it is necessary for the provision of services that TAGEPA offers to them.

These rights can be exercised, where applicable, in accordance with the requirements, procedures, and deadlines established in section XI.

  • Record of processing activities: TAGEPA is obligated to enter into a contract with the data processor, mentioned in section X, who will be obliged to keep a record of the processing activities carried out under their responsibility in accordance with the GDPR.

XIV. SUPERVISORY AUTHORITY: For any complaint or claim related to this notice that has not been properly addressed by TAGEPA within the deadlines and forms established in this notice, the DATA SUBJECT may go to the National Institute for Transparency, Access to Information, and Protection of Personal Data (INAI).

XV. SECURITY MEASURES: TAGEPA will take reasonable organizational and technical security measures to prevent the loss, misuse, alteration, or unlawful disclosure of the DATA SUBJECT’s information and personal data. These measures are also required of the service providers it contracts, including subsidiaries, affiliates, or companies within the same business group as TAGEPA.

Among the security measures that TAGEPA may take to protect personal information are:

  • Restricting access by its personnel to physical or digital databases containing the personal data collected.

  • The use of keys, passwords, and encryption of documents for physical and digital files where personal data is stored.

  • The use of antivirus software and firewalls to prevent unauthorized access by hackers.

  • Any other security measure deemed appropriate.

In the event of a breach of security measures, TAGEPA is obligated to take the necessary steps to assess the impact of the breach and to take the necessary measures to remedy the damage caused to its security system. If applicable, TAGEPA must notify the DATA SUBJECT when it considers that the breach may cause them harm.

XVI. MODIFICATIONS TO THE PRIVACY NOTICE: If TAGEPA makes any changes or modifications to this Privacy Notice, the changes will be announced on the website www.dolphinaris.com.

XVII. CONSENT: By providing their personal data to TAGEPA, the DATA SUBJECT expresses their consent to the processing of their personal data in accordance with the terms and conditions of this Privacy Notice, except for any reservations that they expressly state.

Date of last update of this Privacy Notice: August 2024