PERSONAL DATA PROTECTION POLICY
- AIM
This document establishes the Personal Data Processing Policy of CU CONECTORES S.A.S., to guarantee proper handling of personal data collected in its databases, in order to allow holders to exercise the right of Habeas Data.
- SCOPE
The Personal Data Protection Policy will be applied to all Databases and/or Files that contain Personal Data that are subject to Treatment by CU CONECTORES S.A.S.
- REGULATORY FRAMEWORK
The Personal Data Protection Policy is governed by the provisions of current legislation on the protection of Personal Data referred to in Article 15 of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013, Decree 1727 of 2009 and other regulations that modify, repeal or replace them.
- DEFINITIONS
Notice of Privacy: Verbal or written communication generated by the person in charge of the processing of personal data, addressed to the Owner of said data, through which he is informed about the existence of the data processing policies that will be applicable to him, the way to access them and the purposes of the treatment that is intended to be given to personal data.
Authorization: Prior, express and informed consent of the owner of the personal data to carry out the processing of said data.
Databases: Organized set of personal data that is subject to Treatment.
Personal Data: Any information linked or that can be associated with one or several determined or determinable natural persons.
Public Data: It is the data that is not semi-private, private or sensitive. Public data is considered, among others, data related to the marital status of people, their profession or trade and their status as merchants or public servants. Due to its nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins, and duly executed judicial sentences that are not subject to confidentiality.
Sensitive Data: Corresponds to that data that affects the privacy of the Owner or whose improper use can generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, rights human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
Headline: Natural person whose personal data is processed.
Transfer: The transfer of data takes place when the person in charge and/or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is located inside or outside the country. .
Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
- BEGINNING
Principle of Legality in terms of data processing: Data processing is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.
Principle of Purpose: The treatment must obey a legitimate purpose in accordance with the Political Constitution and the law, which must be informed to the Owner.
Freedom Principle: The treatment can only be exercised with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
Principle of Truth or Quality: The information subject to treatment must be true, complete, exact, updated, verifiable and understandable. The processing of partial, incomplete, fractional or misleading data is prohibited.
Principle of Transparency: In the treatment, the right of the Holder to obtain from the person in charge of said treatment or from the Manager, at any time and without restrictions, information about the existence of data that concerns him must be guaranteed.
Principle of Access and Restricted Circulation: The treatment is subject to the limits that derive from the nature of the personal data and the constitutional and legal provisions. In this sense, the treatment can only be done by persons authorized by the Owner and/or by the persons provided for in the Law. Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless the access is technically controllable to provide knowledge restricted only to the Holders or authorized third parties in accordance with the aforementioned law.
Safety Principle: The information subject to treatment by the person in charge of the treatment or in charge of the treatment to which the law refers must be handled with the technical, human and administrative measures that are necessary to grant security to the records, and avoid their adulteration, loss, consultation, unauthorized or fraudulent use or access.
Principle of Confidentiality: All persons involved in the processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the treatment, and may only supply or communicate of personal data when it corresponds to the development of the activities authorized by the Law and in its terms.
- SPECIAL CATEGORIES OF DATA
Sensitive Personal Data
Sensitive data are those data that affect the privacy of the owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, of human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
CU CONECTORES S.A.S. will restrict the processing of sensitive personal data to what is strictly essential and will request prior and express consent on the purpose of its processing.
Treatment of Sensitive Personal Data
Data classified as sensitive may be used and processed when:
- The Holder has given his explicit authorization to said treatment, except in cases where, by law, the granting of said authorization is not required.
- The treatment refers to data that is necessary for the recognition, exercise or defense of a right in a judicial process.
- The treatment has a historical, statistical or scientific purpose, or within the framework of improvement processes, as long as the measures leading to the suppression of the identity of the holders are adopted.
Personal Data of Boys, Girls and Adolescents
Minors are Holders of their personal data and therefore bearers of the corresponding rights. In accordance with the provisions of the Political Constitution and in accordance with the Code for Children and Adolescents, the rights of minors must be interpreted and applied in a prevailing manner and therefore must be observed with special care. As stated in Ruling C-748 of 2011, the opinions of minors must be taken into account when processing their data.
CU CONECTORES S.A.S. undertakes then, in the processing of personal data, to respect the prevailing rights of minors. The processing of personal data of minors is prohibited, except for those data that are of a public nature.
- RIGHTS OF HOLDERS
The Holders of personal data have the following rights:
- Access, know, update and rectify your personal data against CU CONECTORES S.A.S.in its capacity as data controller.
- By any valid means, request proof of the existence of the authorization granted to CU CONECTORES S.A.S., except in cases in which the Law exempts the authorization.
- Receive information from CU CONECTORES S.A.S, upon request, regarding the use that has been given to your personal data.
- Go before the legally constituted authorities, especially before the Superintendency of Industry and Commerce (SIC) and present complaints for violations of the provisions of current regulations, prior to the consultation process or request before the person responsible for the treatment.
- Modify and revoke the authorization and/or request the deletion of personal data when the current constitutional principles, rights and guarantees are not respected in the treatment.
- Be aware of and have free access to your personal data that has been processed.
- INFORMATION PROCESSING POLICIES
Authorization
CU CONECTORES S.A.S. will request authorization for the processing of personal data by any means that allows it to be used as evidence and will inform the owner of the data, the following:
- The treatment to which your personal data will be subjected and the purpose thereof.
- The rights that assist you as Owner.
- The channels in which you can make queries and/or claims.
Guarantees of the Right of Access
CU CONECTORES S.A.S. will guarantee the right of access, prior accreditation of the identity of the owner, legitimacy, or personality of his representative, making available to him, at no cost or expense, in a detailed and detailed manner, the respective personal data.
inquiries
The Holders of personal data may consult their personal data that rests in the database. Consequently, CU CONECTORES S.A.S. will guarantee the right of consultation, enabling electronic means of communication or others that it deems appropriate.
Regardless of the mechanism that is implemented for the attention of consultation requests, these will be attended to within a maximum term of ten (10) business days from the date of receipt. In the event that a query request cannot be answered within the term indicated above, the interested party will be informed before the expiration of the term of the reasons why no response has been given to their query, which, in no case may exceed five (5) business days following the expiration of the first term.
Queries made regarding personal data must be sent by email to the following address protecciondedatospersonales@cuconectores.com.
claims
The Owner or his successor in title who considers that the information contained in a database must be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the Personal Data Protection regulations, may present a complaint to the data controller.
The claim must be submitted by the Owner of the personal data, filling out the Claim form for the Processing of Personal Data that may be requested by sending an email to the address protecciondedatospersonales@cuconectores.com. In this format, the Holder must indicate if he wishes his data to be updated, rectified or deleted or if he wishes to revoke the authorization that had been granted for the processing of personal data. For the purposes of claims, the Holder must take into account the provisions of article 15 of law 1581 of 2012.
If the claim is incomplete, the Holder can complete it within five (5) business days following receipt of the claim so that the failures can be corrected. After two (2) months from the date of the request without the applicant submitting the required information, it will be understood that he has withdrawn the claim.
Once the complete claim is received, the maximum term to address it will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
Rectification and Update of Data
CU CONECTORES S.A.S. has the obligation to rectify and update, at the request of the Holder, the information of the latter that turns out to be incomplete or inaccurate in accordance with the procedure and the terms indicated above. CU CONECTORS S.A.S. may establish forms, systems and other methods, which will be made available to interested parties by requesting them by email to protecciondedatospersonales@cuconectores.com.
Data Suppression
The Owner of personal data has the right, at all times, to request CU CONECTORES S.A.S., the deletion (elimination) of their personal data when:
- Consider that they are not being treated in accordance with the principles, duties and obligations provided for in current regulations.
- They have ceased to be necessary or pertinent for the purpose for which they were collected.
- The period necessary for the fulfillment of the purposes for which they were collected has been exceeded.
The deletion implies the total or partial elimination of personal information as requested by the Holder in the records, files, databases or treatments carried out by CU CONECTORES S.A.S.
Transfer of Personal Data to Third Countries
The transfer of personal data to third countries will only be carried out when there is corresponding authorization from the Holder.
- DUTIES OF CU CONECTORS S.A.S. FOR PROTECTION OF PERSONAL DATA.
- Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data.
- Request and keep, under the conditions provided in this law, a copy of the respective authorization granted by the Owner.
- Duly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.
- Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
- Rectify the information when it is incorrect.
- Process inquiries and claims formulated in the terms indicated in the law.
- Inform at the request of the Owner the use given to their personal data.
- Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders.
- Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce (SIC).
- SECURITY MEASURES
CU CONECTORS will adopt technical, human and administrative measures that are necessary to grant security to the records avoiding adulteration, loss, consultation, use or unauthorized or fraudulent access. Said measures will respond to the minimum requirements made by current legislation and their effectiveness will be evaluated periodically.
- VALIDITY
This Personal Data Protection Policy was approved by the General Management of CU CONECTORES S.A.S. on 06/07/2021.