PERSONAL DATA PROTECTION POLICY
1. SCOPE
This Personal Data Protection policy will apply to all databases and/or files that contain Personal Data that are subject to Processing byAGNEEX SAS.
2. IDENTIFICATION AS THE CONTROLLER OF DATA PROCESSING
PERSONAL.
AGNEEX SAS COLOMBIA, identified with NIT: 900.575.335-4 located at Carrera 28B No. 71 A 48 in Manizales (Caldas) Colombia and with telephone number +57 314 703 13 65
3. DEFINITIONS
According to the definitions established in article 3 of Law 1581 of 2012 and article 3 of Decree 1377 of 2013:
•Authorization:Prior, excess and informed consent of the Owner to carry out the Processing of Personal Data.
•Database:Organized set of Personal Data that is subject to Treatment.
•Personal Data:Any information linked or that can be associated with one or several specific or determinable natural persons.
•Data Processor:Natural or legal personnel, public or private, who, by themselves or in association with others, carry out the Processing of Personal Data on behalf of the person responsible for the Treatment. In events in which the person responsible does not act as Data Base Manager, the person in charge will be expressly identified. In this caseAGNEEX SAS
•Responsible for the treatment:Natural or legal person, public or private, who alone or in association with others, decides on the Database and/or Processing of the data.
•Terms and Conditions:general framework in which the conditions are established for participants in promotional or related activities.
•Owner:Natural person whose Personal Data is subject to processing.
•Treatment:Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
•Privacy Notice:Verbal or written communication generated by theController, addressed to the owner for the Processing of their Personal Data, through which they are informed about the existence of the Information Processing Policies that will be applicable to them, the way to access to them and the purposes of the Treatment that is intended to be given to the personal data.
•Public Data:It is data that is not semi-private, private or sensitive. Public data are considered, among others, data relating to the marital status of people, their profession or trade, and their status as a merchant or public servant. Due to its nature, public data may be contained, among others, in public registries, public documents, official gazettes and bulletins, and duly executed judicial rulings that are not subject to confidentiality.
•Sensitive Data:Sensitive data is understood to be data that affects the privacy of the Owner or whose improper use may lead to discrimination, such as that which reveals racial or ethnic origin, political orientation. Religious or philosophical convictions, membership in unions, social organizations, human rights organizations or organizations that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, life sexual and biometric data.
•Transfers:the transfer of data takes place when theControllerand/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is located inside or outside of the country.
•Transmission:Processing of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of theController.
4. PRINCIPLES
The following principles constitute the general framework for compliance with the provisions enshrined in this Policy:
a) Purpose principle. The Treatment must obey a legitimate purpose in accordance with the Constitution and the law, which must be informed to the Owner.
b) Principle of freedom. Treatment can only be carried out with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that requires consent.
c) Principle of truthfulness or quality. The information subject to Treatment must be true, complete, accurate, updated, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited.
d) Transparency principle. In the Treatment, the right of the Owner to obtain from the DataControlleror the Data Processor, at any time and without restrictions, information about the existence of their Personal Data and the Treatment given to themmust be guaranteed .
e) Principle of restricted access and circulation. The Treatment is subject to the limits derived from the nature of the personal data and the applicable law.
f) Safety principle. The information subject to Treatment by theControlleror Processor must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access.
g) Confidentiality principle. All persons involved in the Processing of Personal Data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks included in the Processing has ended, and may only supply or communication of Personal Data when this corresponds to the development of activities authorized by law and in the terms thereof.
h) Protection of Sensitive Data. NeitherAGNEEX SAS nor anyone it designates as Controller or Processor will collect or process Sensitive Data without the express authorization of the Owner and exhausting for such purposes the formalities established by law.
i) Data Protection of Minors. These Policies will take into account the prevailing rights of minors, providing special protection to their fundamental rights in accordance with the Political Constitution of Colombia.
5. DATA PROCESSING
This policy establishes the terms, conditions and purposes under whichAGNEEX SAS, as the person in charge of the personal data obtained through its different service channels, processes the information of all people who, at any time, for reasons of the activities it carries out. the entity has provided personal data (hereinafter «owner»).
These terms and conditions apply to any registration of personal data carried out in person and/or virtually for connection to any procedure or service thatAGNEEX SASin the proper development of its activities as service providers in technology and computer systems, as well as their own for the development of their mission.
The owner registers or delivers his or her information freely and voluntarily and acknowledges that he or she has read and expressly accepts these terms and conditions.
6. PURPOSE OF DATA PROCESSING
The purpose of this document is to regulate the procedures for the collection, handling and processing of personal data carried out by AGNEEX SAS, in order to guarantee and protect the fundamental right of habeas data of its clients, users, suppliers and collaborators in the framework of what is established in the law. Personal Data is processed by AGNEEX SAS with the following activities:
•To strengthen relationships with clients, by sending relevant information and responding to Requests, Complaints and Claims (PQR’s).
•To eventually consult and/or contact, via email, or by any other means, natural persons with whom they have or have had a relationship.
•Carry out procedures and processes specific to AGNEEX SAS
•Provide assistance.
•Consultation of personal data, information about clients, workers and suppliers.
•Comply with the provisions of the Colombian legal system on labor and social security matters, among others, applicable to former workers, current workers and candidates for future employment.
•Carry out marketing or commercial prospecting activities
•Conduct surveys about our events, products and/or services.
7. RIGHTS OF THE OWNERS OF PERSONAL DATA
Natural persons whose personal data are processed by AGNEEX SAS have the following rights, which they can exercise at any time:
•Know the Personal Data on whichAGNEEX SASis processing. Likewise, the Owner may request at any time that their data be updated or rectified, for example, if they find that their data is partial, inaccurate, incomplete, fragmented, misleading, or those whose processing is expressly prohibited or not. has been authorized.
•RequestAGNEEX SASto delete your personal data and/or revoke the authorization granted for the Treatment thereof,by submitting a claim, in accordance with the provisions of section 11 of this policy. However,the request for deletion of the information and the revocation of the authorization will not proceed when the Owner of the information has a legal or contractual duty to remain in the Database and/or files, nor while the relationship between the owner andAGNEEX SAS, under which the data was collected.
•Right of cancellation. The Owner may delete his/her Personal Data when it is excessive or not relevant for the Processing, or the Processing is contrary to the regulations, except in those cases contemplated as exceptions by law.
•Right to revoke consent. The Owner may revoke the authorization or consent that enablesAGNEEX SASand/or whoever it designates, to Processing for a certain purpose, except when there is a legal or contractual duty that imposes the obligation for the Personal Data to remain in the Data Bases. Data fromAGNEEX SAS.
•Right to file complaints and claims or to take action regarding the Processing of your Personal Data. The Owner may submit complaints and claims to the Superintendency of Industry and Commerce, or the competent entity, as well as any actions that may be relevant for the protection of their Personal Data.
•Right to grant Authorization for the Processing of Personal Data. The Owner has the right to grant Authorizationto AGNEEX SAS, or to whomever it designates, for the Processing of its Personal Data.
8. OBLIGATIONS OF THE DATA CONTROLLER.
AGNEEX SAS, in its capacity asResponsiblefor the Processing of Personal Data that resides in the Personal Data Bases, will comply with the following obligations:
•Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data.
•Request and keep, under the conditions provided for in the applicable regulations, a copy of the respective Authorization granted by the Owner.
•Duly inform the Owner about the purpose of the collection of Personal Data and the rights granted to him by virtue of the Authorization granted.
•Preserve and store the Personal Data provided under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
•Guarantee that the information provided to the Data Processor, as the case may be, is true, complete, exact, updated, verifiable and understandable.
•Update the information, communicating in a timely manner to the Data Processor, all the news regarding the Personal Data that has previously been provided to it and adopt the necessary measures so that the information provided to it remains updated.
•Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor.
•Provide the Data Processor, as the case may be, only Personal Data whose Processing is previously authorized in accordance with the provisions of the applicable regulations.
•Demand that the Data Processor at all times respect the security and privacy conditions of the Owner’s Personal Data.
•Process queries and claims made by the Owners in the terms indicated in these Policies and in the law.
•Inform the Data Processor at all times of respect for the security and privacy conditions of the Owner’s information.
•Process the queries and claims formulated in the terms indicated in articles 14 and 15 of Law 1581 of 2012 and those enshrined in the Policies.
•Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been submitted and the respective process has not been completed.
•Inform, at the request of the Owner, about the Treatment that is being given to their Personal Data.
•Inform the data protection authority when there are violations of security codes and there are risks in the administration of the Personal Data of the Owners.
•Comply with the instructions and requirements given by the Superintendency of Industry and Commerce regarding the protection of Personal Data.
Â
9. RESPONSIBLE FOR THE IMPLEMENTATION AND ENFORCEMENT OF THIS POLICY
AGNEEX SASis in charge of the development, implementation, training and observance of this policy, for which it will coordinate with the administrative area, as pertinent. For this purpose, all workers who process Personal Data in the different areas ofAGNEEX SASare obliged to immediately transfer to it all requests, complaints or claims they receive from the Holders of Personal Data. .
10. AUTHORIZATION
AGNEEX SASmust request prior, express and informed authorization from the Owners of the Personal Data on which the Treatment is required.
Prior Authorization means that consent must be granted by the Owner, no later than at the time of collection of the Personal Data.
This manifestation of the Owner’s Will can occur through different mechanisms made available toAGNEEX SAS, such as:
•In writing, for example, by filling out an authorization form such as the one indicated in Annex 1.
•Orally,forexample, in a telephone conversation or video conference.
•Through your acceptance of the Terms and Conditions of an activity within which the authorization of users is required for the Processing of their Personal Data.
11. ATTENTION TO REQUESTS, QUERIES, COMPLAINTS AND CLAIMS FROM PERSONAL DATA HOLDERS.
Express in writing the request, query, complaint or claim of the owner of the personal data, addressed to the address: Carrera 28 No. 71 A 48 in Manizales (Caldas) Colombia.AGNEEX SAS, by Telephone: (+57 314 703 13 65), or to the email account provided for this procedure:administracion@agneex.com
Once the request has been entered, the internal procedure for handling the request, query, complaint or claim will be followed.
12. SECURITY OF PERSONAL DATA.
AGNEEX SASwill not be liable in any case and under any circumstances for attacks or incidents against the security of its computer systems; or for any unauthorized, fraudulent or illicit exposure or access, which may affect the confidentiality, integrity or authenticity of the information published or associated with the content and services offered.
AGNEEX SAS, in strict application of the principle of Security in the Processing of Personal Data, provides the technical, human and administrative measures that are necessary to grant the records minimizing the risk of their lost adulteration, consultation, unauthorized use or access or fraudulent, technical failures. The obligation and responsibility ofAGNEEX SASis limited to having the appropriate means for this purpose.
13. APPLICABLE LEGISLATION
This Personal Data Protection policy is governed by the provisions of current legislation on the protection of Personal Data referred to in article 15 of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012, the Decree 1377 of 2013, Decree 1727 of 2009 and other regulations that modify, repeal or replace it.
AGNEEX SASreserves the right to modify it in order to adapt it to the new legal requirements.
14. VALIDITY
This Policy is effective from the date of its issuance. The period of validity of the databases will be governed by the provisions that govern the matter in accordance with the principles of purpose and temporality of the information.
