The present policy of data processing has as objective, protect the personal data of the people (natural and legal) that are linked to the company.
The present policy will establish the parameters and conditions of how the company should treat and protect the data provided by the people who are linked to it.
3. NOTES OF EXCHANGE
Does not apply
The person in charge of the personal data treatment policy is the company’s legal area
5. LEGAL REGULATION AND SCOPE OF APPLICATION
6. DEFINITIONS AND INTERPRETATION
- a) Authorization: means the prior, express and informed consent of the holder to execute the processing of personal data.
- b) Privacy notice: shall mean, any physical, electronic document or in any other format generated by the person responsible previously authorised by the holder for the processing of their personal data. In the Privacy Notice, the holder is informed about the existence of the information treatment policies that will be applicable to them, the way to access them and the purpose of the processing that is intended to apply upon personal data.
- c) Database: means an organized collection of personal data that will be provided by the holder.
- d) Personal data: shall mean, any kind of information relating to an identified or identifiable natural person; an ‘identifiable person’ is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
- e) Public data: It means the data classified as public according to the mandates of the law or the Political Constitution of Colombia and that which is not semi-private, private or sensitive. Also, it is public the data relating to the marital status of people, their profession, their status as a merchant or public servant and those that can be obtained without any reservation. Public data may be contained in public records, public documents, gazettes and official gazettes.
- f) Private data: means the data that due to its intimate or reserved nature is only relevant for the holder.
- g) Sensitive data: it is defined as the data that may affect the privacy of the holder or whose misuse may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, trade-union membership, social organizations, human rights organizations or those that promote the interests of any political party or the data that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
- h) Data processor: shall mean, the natural person or company, public or private, who by itself or in association with others, performs the processing of personal data through the party responsible.
- i) Data controller: means the natural person or company that by itself or in association with others, decides the processing treatment of the database and / or the processing of personal data.
- j) Holder: shall mean, the natural person whose personal data are processed by the data controller.
- k) Processing of personal data or processing: means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
7.1. PURPOSE OF THE PROCESSING OF PERSONAL DATA: NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS S.A.S. may use personal data to:
a). Business development b) Facilitate the achievement of financial resource management companies. c) For transfer of data to third parties; d) Comply with the obligations acquired with our customers, suppliers and employees.
7.2 THE APPLICABLE PRINCIPLES WITH REGARD TO PROCESSING OF PERSONAL DATA: The processing of personal data in NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS S.A.S. will be executed by the following principles:
- a) Principle of purpose: The processing of personal data must obey a legitimate purpose, which must be informed to the holder.
- b) Principle of freedom: The processing can only be executed with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorisation, or in the absence of legal or judicial mandate that revoke the consent.
- c) Principle of truth or quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data will not be executed.
- d) Principle of transparency: During the processing of personal data the data controller must guarantee the right of the Holder to obtain from NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS S.A.S at any time and without restrictions, information about the existence of data that concerns him.
- e) Principle of access and restricted circulation: The processing is subject to the limits of the nature of personal data, the provisions of this law and the Constitution of Colombia. Personal data, except public information, and the provisions of the authorization granted by the holder of the data, must not be available on the Internet or other means of dissemination or mass communication, unless the access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties;
- f) Principle of security: The data subject to processing by NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SASmust be protected through the use of technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
- g) Principle of confidentiality: All persons directly or indirectly involved the processing of personal data are required to guarantee the confidentiality of information, even after the end of their relationship with any of the tasks involved in the treatment.
PARAGRAPH: In the event that sensitive data are collected, the Holder may refuse to authorise its processing.
7.3 PROCESSING OF PERSONAL DATA: Given the relevance of the information to establish contact with our customers, suppliers and employees, such as the one related to personal details, identification, telephone number, date of birth, among others, NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS will guarantee that the processing of this information will be made seeking to establish mechanisms that improve their processes and in compliance with the provisions contained in Law 1581 of 2012 of Colombia.
7.4. PROCESSING OF PERSONAL DATA OF MINORS: The processing of data of minors
must observe compliance with and respect for their rights. In case of processing Personal
Data of minors, NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS S.A.S will observe the applicable regulation and the pronouncements of the Constitutional Court of Colombia in this field.
7.5. RIGHTS OF THE PERSONAL DATA HOLDERS OBJECT OF PROCESSING BY NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS: Holders of personal data by themselves or through their legal representative and / or attorney may exercise the following rights, with respect to personal data that are subject to of processing by NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS:
- a) Right of access to information: Holder can access to personal data that are under the control of NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS, for the purpose of consulting them for free at least once each calendar month, and whenever there are substantial modifications of the Information Treatment Policies that motivate new consultations.
- b) Right of update, rectification and erasure: you may request the updating, rectification and / or erasure of the personal data object of processing, in such a way that the purposes of it are satisfied.
- c) Right to request proof of authorisation: except in the events in which, according to the legal norms in force, the authorization to execute the processing is not required.
- d) Right to be informed regarding the use of personal data;
- e) Right to file complaints with the Superintendence of Industry and Commerce of Colombia: for infractions to the provisions of current regulations on the treatment of personal data.
- f) Right to require compliance with the orders issued by the Superintendence of Industry and Commerce of Colombia in this field.
PARAGRAPH 1: For purposes of exercising the rights described above, the holder and the person representing them must prove their identity and, if applicable, the quality of which they represent the owner.
PARAGRAPH 2: The rights of minors will be exercised by means of the persons who are authorized to represent them.
7.6 DUTIES OF NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS S.A.S. All those who are obliged to comply with this policy must be aware that NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS S.A.S is obliged to comply with the duties imposed by law. Consequently, the following duties must be complied:
A. Duties when acting as data processor: (i) Request and keep, in the conditions provided in this policy, a copy of the respective authorisation granted by the holder. (ii) Clearly and sufficiently inform the holder about the purpose of the collection and the rights that assist him by virtue of the authorisation granted. (iii) Inform at the request of the holder about the use given to their personal data. (iv) Process the consultations and claims formulated in the terms indicated in this policy. (v) Ensure the principles of truth, quality, security and confidentiality in the terms established in the following policy. (vi) Keep the information under the right security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access. (vii) Update the information when necessary. (viii) Rectify personal data when appropriate. B. Duties when acting as data controller of processing personal data. If you perform the processing of your personal data on behalf of another entity or organization (as party responsible or joint controller), you must comply with the following duties: (i) Establish that the Data Controller is authorised to provide the personal data that will be processed by the party responsible. (ii) Guarantee the holder, at all times, the full and effective exercise of the right of habeas data. (iii) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorised or fraudulent access. (iv) Conduct timely updates, rectification or erasure of the personal data. (v) Update the information reported by the Managers of the treatment within five (5) business days counted from its receipt. (vi) Process the queries and claims made by the holders in the terms indicated in this policy. (vii) Record in the database the legend “claim in process” in the form established in this policy. (viii) Insert in the database the legend “information in judicial discussion” once notified by the competent authority about judicial processes related to the quality of personal data. (ix) Refrain from circulating information that is being contested by the holder and whose blockade has been ordered by the Superintendence of Industry and Commerce of Colombia. (x) Allow access to information only to persons authorised by the holder or authorised by law for such effect. (xi) Inform the Superintendence of Industry and Commerce of Colombia when there are violations of the security codes and there are risks in the administration of the information of the holders. (xii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce of Colombia. C. Duties when performing the processing of personal data through a data processor (i) Provide the data processor only personal data whose treatment is previously authorised. For the purposes of national or international transmission of data, a contract for the transmission of personal data must be signed or contractual clauses agreed in accordance with article 25 of Decree 1377 of 2013 of Colombia. (ii) Guarantee that the information provided to the party responsible of the processing is true, complete, accurate, updated, verifiable and understandable. (iii) Communicate in a timely manner to the person in charge of processing all the news regarding the data previously provided to him and adopt the other necessary measures so that the information provided to him is kept updated. (iv) Report in a timely manner to the data processor of processing the rectifications made on the personal data so that the latter may proceed to make the pertinent adjustments. (v) To demand from data processor of the processing, at all times, respect for the security and privacy conditions of the holder’s information. (vi) Inform the data processor of the processing when certain information is under discussion by the holder, once the claim has been filed and the respective procedure has not been completed. D. Duties with the Superintendence of Industry and Commerce of Colombia (i) Inform you of possible violations of the security codes and the existence of risks in the administration of the information of the holders. (ii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce of Colombia.
7.7 REQUEST FOR AUTHORISATION TO THE PERSONAL DATA OF THE HOLDER
In advance and/or at the time of collecting the personal data, NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS will request the holder of the personal data his authorization to execute his collection and processing, indicating the purpose for which the data is requested, using for that purpose automated technical means, written or oral, that allow to keep proof of authorization and/or conduct described in article 7 of Decree 1377 of 2013 of Colombia. The authorization will be requested for the time that considered reasonable and necessary to satisfy the needs that caused the need for the request of the personal data and, in any case, with observance of the legal provisions that govern on the subject.
8. PRIVACY NOTICE
9. TEMPORARY LIMITATIONS TO THE PROCESSING OF PERSONAL DATA.
NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS can only collect, store, use or circulate personal data for as long as is reasonable and necessary, in accordance with the purposes that justified the processing, in accordance with the legal provisions applicable to the matter under consideration and the administrative, accounting, fiscal, legal and historical information. Once the purpose(s) of the processing have been fulfilled and without prejudice to legal norms that stipulate otherwise, it will proceed to the suppression of the personal data in its possession. However, personal data must be retained when required for the fulfillment of a legal or contractual obligation.
10. RESPONSIBLE AREA AND PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF
THE PERSONAL DATA OF HOLDERS: THE ADMINISTRATOR will be responsible for attending to the petitions, complaints and claims made by the holder of the data in exercise of the rights contemplated in numeral 7 of the present policy, with the exception of that described in its literal e). For such purposes, the holder of the personal data or whoever exercises his representation may send his petition, complaint or claim from Monday to Friday from 8:00 a.m. at 5:30 p.m. To email firstname.lastname@example.org, may call the telephone line +57 301 623 4212 WhatsApp: +316 5149 1291., or lodge it at the following address corresponding to our office on Carrera 11b # 99 – 25, We Work Bogotá, Colombia. The petition, complaint or claim must contain the identification of the Holder, the description of the facts that give rise to the claim, the
billing address, and attaching the documents you consider necessary. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the mistakes. After two (2) months following the date of receipt of the complaint, without the applicant submitting the required information, it shall be understood that the claim has been abandoned. In the event that the person receiving the claim is not competent to resolve it, it will notify the corresponding party within a maximum period of two (2) business days and inform the interested party of the situation. Once the complete claim has been received, the claim must be marked as “claim in process” and the reason for it will be included in the database, in a term not exceeding two (2) business days and it will be maintained in that state until the claim is decided. The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to attend the claim within this time period, the interested party will be informed of the reasons for the delay and the date on which his claim will be handled, which in any case may exceed eight (8) business days following the expiration of the first finished. In case of consultations, it will be attended within a maximum of ten (10) business days from the date of receipt of the consultation. When it is not possible to attend the consultation within this time period, the interested party will be informed of the reasons for the delay and the date on which his consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.
11. SECURITY MEASURES
In development of the security principle established in Law 1581 of 2012 of Colombia, NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS will adopt the technical, human and administrative measures that are necessary to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. The party responsible that carry out the processing of the personal data will execute the established protocols in order to guarantee the security of the information.
NVEST AGENCIA DE DESARROLLO DE NEGOCIOS SAS S.A.S