In compliance with the provisions of Law 1581 of 2012, Regulatory Decree 1377 of 2013, Sole Regulatory Decree 1074 of 2015 and the other regulations that repeal, modify or complement them, we show you our PERSONAL DATA TREATMENT POLICY (from now on, the Policy), informed to all the collected data holders.
We guarantee your right to privacy, your intimacy, and your good name once you reveal your personal information to us.
Our Policy applies to files and/or databases, physical and digital, that contain your personal information, of suppliers, collaborators, employees, current or past, or any other natural person, whose information is subject to treatment.
The treatment of your data is governed by the principles of legality, purpose, freedom, truthfulness or quality, transparency, restricted access and circulation, security, and confidentiality. All information or personal data collected may be known, updated, or rectified once we have your authorization to do so.
Through the authorization you grant us, we will collect, update, or delete your information while you receive our property services.
We harmoniously and comprehensively apply the following principles, in light of which the Treatment, transfer and transmission of your personal data should be carried out:
Principle of legality
The treatment of your data is a regulated activity, subject to the current legal provisions applicable to the subject.
Principle of freedom
The Treatment can only be carried out with your prior, express and informed consent. Your personal data will not be obtained or disclosed without your prior authorization, or in the absence of a legal, statutory, or judicial mandate that exempts from your consent.
Principle of truth or quality
The information subject to Treatment is true, complete, exact, updated, verifiable and understandable. We are prohibited from Treating partial, incomplete, fractioned or misleading data.
Principle of transparency
In the treatment of your data, we guarantee your right to obtain at any time and without restrictions, information about the existence of any type of information or personal data that is of your interest or ownership.
Principle of access and restricted circulation
The Treatment is subject to the limits that derive from the nature of these, from the provisions of the law and the Constitution. Consequently, the Treatment can only be done by people authorized by yourself and/or by the people provided by law.
Your personal data, except for public information, will not be available on the internet or other dissemination or mass communication means, unless access is technically controllable to provide restricted knowledge to you or authorized third parties in accordance with the law. For these purposes, our obligation will be of means.
Your information is managed with the necessary technical, human and administrative measures to provide security to the records avoiding their modification, loss, search, use or unauthorized or fraudulent access.
Principle of confidentiality
The people who manage, handle, update, or have access to information of any kind registered in our databases, are obliged to guarantee the confidentiality of your information, thus we are committed to keeping it strictly confidential and not revealing to third parties all the information that they come to know in the execution and exercise of their functions; Except in the case of activities expressly authorized by the data protection law. This obligation persists and will be maintained even after the end of your relationship with any of the activities included in the Treatment.
For the purposes of this Policy, we will understand the following as:
- Authorization: Your prior, express, and informed consent to perform the treatment of your personal data.
- Database: Organized set of personal data that is subject to treatment in accordance with the Law.
- Assignee: Person whom the rights of another have been transferred to.
- Personal data: Information linked or that may be associated with one or more specific or ascertainable natural persons.
- Public data: It is the data that is not semi-private, private or sensitive. Public data are considered, among others, data related to the marital status of people, their profession or job and their status as a merchant or public servant. Due to their nature, public data may be contained, among others, in public registers, public documents, gazettes and official bulletins and duly executed judicial decisions that are not subject to summary reserve.
- Sensitive data: Those that affect your privacy or which improper use may generate discrimination, such as, for example: those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership to unions, social organizations or human rights, data related to health, sexual life and biometric data.
- Responsible for the treatment: The natural or legal person that carries out the processing of your personal data on our behalf.
- Source of Information: It is the person, entity or organization that receives or knows personal data of the information owners, as a result of a commercial or service relationship and that, due to legal or owner authorization, provides such data to an information operator. The information operator, in turn, will deliver personal data to the end user. If the source delivers the information directly to the users and not, through an operator, it will have the dual status of source and operator and will assume the duties and responsibilities of both. The source of the information is responsible for the quality of the data provided to the operator and must guarantee the protection of the Data Owner rights.
- National Registry of Databases (RNBD): Public directory of personal databases subject to Treatment that operate in the country, administered by the Superintendency of Industry and Commerce and of free consultation for citizens.
- Responsible for the treatment: Natural or legal person that decides on the data bases and treatment.
- Third Party: Any natural or legal person other than the people who belong to our work group.
- Owner: Natural person whose personal data is subject to treatment.
- Transfer: The transfer of data takes place when the person in charge and/or responsible of the processing of personal data located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is inside or outside the country.
- Transmission: Treatment of personal data that implies the communication of such within or outside the Colombian territory when the intention is to carry out a treatment by the person in charge on behalf of the person responsible.
- Treatment: Any operation or set of operations on personal data such as collection, storage, use, circulation or deletion.
The Treatment performed by us requires your free, prior, express, and informed consent. In our capacity as Treatment Responsible Party, we have made available all the necessary mechanisms to obtain your, your assignee’s or legitimate representatives’ authorization. The Authorization may be given by means of a physical, electronic document or any other format that allows guaranteeing its subsequent consultation, and that, in addition, it can be demonstrated, unequivocally, that you, as the Owner:
- Authorized the treatment;
- Know and agree that we will collect and use the information for the purposes that have been informed to you. By virtue of the foregoing, the requested Authorization must include:
- The Party Responsible for Data treatment and what data is collected;
- The purpose of your data treatment;
- The rights of access, correction, update or deletion of the personal data provided by you and;
- If Sensitive Data is collected: the identification, physical or electronic address and telephone number of the Party Responsible for Data treatment.
You have the following rights:
- To know, update and rectify your Personal Data.
- Request proof of the authorization granted, except in the cases that the Law specifically determines:
- Information required by a public or administrative entity in the exercise of its legal functions or by court order;
- Data of a public nature
- Medical or health emergency
- Information Treatment authorized by law for historical, statistical or scientific purposes
- Data related to the civil registration of persons.
- To be informed, upon request, regarding the use that we have given to your Personal Data.
- To submit inquiries to the Party Responsible for Data treatment.
- To present before the Superintendence of Industry and Commerce complaints for infractions to the provisions of this law and the other regulations that modify, add or complement it, once the inquiry or claim process has been exhausted before the Data treatment Responsible Party, according to Article 16 of Decree 1377.
- To have free access to your Personal Data that are subject to Treatment. As the Owner, you must keep your information updated and guarantee, at all times, its veracity. We are not responsible, in any case, for any type of liability derived from the inaccuracy of the information provided by you.
We have the Privacy Notice, which contains the information required by Decree 1377 of 2013, which is communicated to you through the documents by which commercial, labor or civil relations are consolidated.
As Owner, or your eventual Assignee, you can make inquiries about your personal information through the email email@example.com
Through your request, we will supply all the information contained in the individual record or linked to your personal identification.
We will respond to the query within a maximum term of ten (10) business days from the date of receipt. If it is not possible to give you an answer within this period, we will inform you of the reasons for the delay and we will indicate the response date that cannot exceed five (5) business days following the first expiration date.
As the Owner, or your possible Assignee, you can make a claim before us so that your personal information is subject to correction, updating, deletion or when you consider that we have breached the current legislation applicable to this matter. Likewise, you may revoke the authorization granted for the processing of your Personal Data.
Claims are made through the email firstname.lastname@example.org
Claims must contain:
- Your identification
- Description of the facts that cause the claim
- Attached documents (if applicable)
If the person in charge of receiving the claim detects that the data is not complete, we will ask you, within five (5) days after receiving the claim, to make the necessary corrections. The person in charge of receiving the claim will respond to it. If they are not the person competent to do so, they will send it within a maximum period of two (2) business days to whom must answer and will inform you of such situation.
We will respond to the claim within fifteen (15) business days from the day following receipt. If it is not possible to give you an answer within this period, we will inform you of the reasons for the delay and we will indicate the response date, within eight (8) business days following the first expiration date.
The claims presented by the owners must be registered in the National Registry of Databases.
This Policy comes into effect on the date of its publication.
GUTIERREZ GROUP SASPARADISE VALLEY SAS