1.LEGAL REGULATIONS, SCOPE OF APPLICATION AND GENERAL PRINCIPLES:
This personal data processing policy is prepared in accordance with the provisions of the Political Constitution, Law 1581 of 2012, the Regulatory Decree 1377 of 2013 and other complementary provisions, will be applied by IGNIWEB SAS, regarding the collection, storage, use, circulation, deletion and all those activities that constitute personal data processing.
However, the information processing policy is adopted in order to establish the means and guidelines to ensure the right to Habeas Data that can be accessed by all those natural or legal persons who, being holders, provide data to IGNIWEB S.A.S. and that are part of the activities and processes carried out by the company for the fulfillment of its corporate purpose.
2.IDENTIFICATION OF THE PERSON RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA :
Company name: IGNIWEB SAS
NIT: 900.518.746-5
Address: Armenia, QUINDIO
Address: Avenida Bolívar No 15N-39
Telephone: (6) 7451042
E-mail: [email protected]
3. DEFINITIONS.
a) Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of personal data.
b) Database: Organized set of personal data that is subject to processing.
c) Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons.
d) Data Processor: Natural or legal person, public or private, who by itself or in association with others, carries out the Processing of personal data on behalf of the Data Controller.
e) Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and the Processing of the data.
f) Data Subject: Natural person whose personal data is the object of Processing.
g) Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
h) Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Data Subject for the Processing of his personal data, by means of which he is informed about the existence of the information processing policies that will be applicable to him, the way to access them and the purposes of the Processing that is intended to be given to the personal data.
i) Public data: Data that is not semi-private, private or sensitive. Public data are considered, among others, data relating to the marital status of individuals, their profession or trade and their status as merchant or public servant. Due to their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality.
j) Sensitive data: Sensitive data is understood as that which affects the privacy of the Data Subject or whose improper use may generate discrimination, such as that which reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data, as well as biometric data, which may be used to identify the data subject life, and biometric data.
k) Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.
l) Transmission: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when the purpose of the Processing is carried out by the Processor on behalf of the Controller.
4. PROCESSING AND PURPOSE OF PERSONAL DATA:
IGNIWEB SAS may use personal data for:
– Customers.
– Suppliers.
– Employees.
– Areas and procedures involved in the operation, development of the company and its corporate purpose.
a) The company makes a classification of the information contained in media and documentation inside and outside the company that are governed by the following parameters:
I. Public Information: it is that of knowledge of both internal and external users to the company and that can be made known without any type of restriction without generating any type of damage neither for the company nor for the users of the information, such as, for example:
▪ The company’s website.
▪ The portfolio of services.
▪ The company’s general information.
II. Internal Information: It is that of knowledge of the different functional areas of the company and that are used for the development of some functions in the same and in some occasions not known but by the area to which it generates interest, such as, for example:
▪ Processes and Activities.
▪ Logs.
▪ Project Information.
▪ Trainings.
▪ Internal Regulations.
▪ Corporate Manifesto.
▪ Manuals.
▪ Policies.
▪ Quotations.
▪ Some Minutes.
▪ Back-up copies.
▪ Databases.
III. Confidential Information: Information that is only of interest to the management and administrative part of the company and that will not be used by the operational part of the company. This information is available to a selective group of people, such as, for example:
▪ Accounting and Finance.
▪ Costs and Budgets.
▪ Customer Information.
▪ Personnel Information.
▪ Surveys and Proof of Work.
▪ Marketing.
▪ Sales.
▪ Quotations.
▪ Minutes considered confidential to the company.
▪ Back-up copies.
▪ Databases.
In this way, a procedure for the digitalization of personal data is developed in order to manage, label and label all the information handled in the company. In order to make known, the type of information in a clearer and safer way.
b) To provide the services and/or products required by its users.
c) To inform about new products or services and/or changes in them.
d) Evaluate the quality of the service.
e) Send commercial, advertising or promotional information about products and/or services, events and/or promotions of a commercial nature to the e-mail, cell phone, landline, in order to promote, invite, direct, execute, inform and generally carry out campaigns, promotions or contests of a commercial or advertising nature, carried out by and/or third parties.
f) To develop the process of selection, evaluation and employment.
g) Support internal or external auditing processes.
h) To register the information of employees and/or pensioners (active and inactive) in the databases of IGNIWEB SAS.
i) Those indicated in the authorization granted by the data owner or described in the respective privacy notice, as the case may be.
j) To provide, share, send or deliver your personal data to companies that require it.
k) IGNIWEB S.A.S. may subcontract to third parties for the processing of certain functions or information. When effectively subcontracting with third parties for the processing of personal information or providing personal information to third party service providers, IGNIWEB S.A.S. warns such third parties about the need to protect such personal information with appropriate security measures, prohibits the use of the information for its own purposes and requests that personal information not be disclosed to others.
5. TREATMENT OF SENSITIVE PERSONAL DATA, CHILDREN AND TEENAGERS
The processing of sensitive data by IGNIWEB SAS. Will be null and void. However, in the event of needing to use, store and/or manipulate information that according to the regulation and its categories belong to this type of data, the company with its objectivity will use them in a determined manner for the following purposes and authorizations:
a) The Data Subject has given his explicit authorization to such Processing, except in cases where by law the granting of such authorization is not required;
b) The Processing is necessary to safeguard the vital interest of the Data Subject and he/she is physically or legally incapacitated. In these events, the legal representatives must grant their authorization;
c) The Processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided that they refer exclusively to its members or to persons who maintain regular contacts by reason of their purpose. In these events, the data may not be provided to third parties without the authorization of the Data Controller.
d) The Processing refers to data that are necessary for the recognition, exercise or defense of a right in a legal proceeding.
e) The processing has a historical, statistical or scientific purpose. In this event, the measures leading to the suppression of the identity of the Data Controllers must be adopted.
6. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA:
The processing of personal data in IGNIWEB SAS shall be governed by the following principles:
a) Principle of purpose: The Processing of personal data collected must obey a legitimate purpose, which must be informed to the Data Subject.
b) Principle of freedom: Processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent.
c) Principle of truthfulness or quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. Partial, incomplete, fractioned or misleading data will not be processed.
d) Principle of transparency: In the Processing, the right of the Data Subject to obtain from IGNIWEB S.A.S. at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed.
e) Principle of restricted access and circulation: The Processing is subject to the limits derived from the nature of the personal data, from the provisions of this law and the Constitution. Personal data, except for public information, and as provided in the authorization granted by the owner of the data, may not be available on the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to the Owners or authorized third parties.
f) Principle of security: The information subject to Processing by IGNIWEB S.A.S. must be protected through the use of the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
g) Principle of confidentiality: All persons involved in the processing of personal data are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing.
FIRST PARAGRAPH: In the event that sensitive personal data is collected, the Data Subject may refuse to authorize its Processing.
7. RIGHTS OF THE HOLDERS OF PERSONAL DATA PROCESSED BY TREATMENT BY IGNIWEB S.A.S.
The holders of personal data by themselves or through their representative and/or proxy or their successor in title may exercise the following rights with respect to the personal data that are subject to processing by
IGNIWEB SAS:
a) Know, update and rectify their personal data before IGNIWEB S.A.S This right may be exercised, among others against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Processing is expressly prohibited or has not been authorized.
b) Request proof of the authorization granted to IGNIWEB SAS. except when expressly exempted as a requirement for the Processing, in accordance with the provisions of Article 10 of Law 1581 of 2012.
c) To be informed by IGNIWEB SAS, upon request, regarding the use given to their personal data.
d) File complaints before the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other rules that modify, add or supplement it.
e) To revoke the authorization and/or request the deletion of the data when the processing does not respect the principles, rights and constitutional and legal guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the processing of the data IGNIWWATCH has not respected the constitutional and legal principles, rights and guarantees.
determined that in the Processing IGNIWEB S.A.S. has incurred in conduct contrary to Law 1581 of 2012 and the Constitution.
f) Access free of charge to your personal data that have been subject to processing.
PARAGRAPH ONE
For the purposes of exercising the rights of the holders in accordance with Decree 1377 of 2013, mentioned and described above, these may be exercised by the holder, the assignee or third party representing him/her by proving his/her identity and, if applicable, the quality (accreditation or power of attorney) by virtue of which he/she represents the holder.
8. PROOF AND EVIDENCE OF AUTHORIZATION
At the time of requesting the holder’s authorization, IGNIWEB S.AS. is responsible for the processing of personal data and will be responsible for informing in a clear and express manner that:
a) The physical authorizations and other personal data that are provided by exercise of the company’s activities will be digitalized, in order to have copies that maintain the quality of the information.
b) Information and copies of the data provided and stored based on the policy of the rights of the Holders will be provided with the respective request and procedure thereof.
c) Likewise, information will be provided on the authorizations that are by non-written means.
9. CASES IN WHICH AUTHORIZATION IS NOT NECESSARY
IGNIWEB S.A.S. will not request authorization information for the processing of personal data when:
(a) Information required by a public or administrative entity in exercise of its legal functions or by court order.
b) Data of a public nature.
c) Cases of medical or health emergency.
d) Processing of information authorized by law for historical, statistical or scientific purposes.
e) Data related to the Civil Registry of Persons.
10. AREA RESPONSIBLE AND PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF THE HOLDERS OF THE PERSONAL DATA
The administration office of IGNIWEB S.A.S. shall be responsible for handling the requests, complaints and claims made by the data owner in exercise of the rights contemplated in paragraph 5 of this policy, with the exception of the one described in paragraph e) thereof. For such purposes, the holder of the personal data or whoever exercises his representation may send his request, complaint or claim from Monday to Friday from 8:00 a.m. to 12:00 p.m. to the e-mail [email protected], call the telephone line of IGNIWEB SAS, Armenia telephone (6) 7451042, or file it at the following address corresponding to our office in Armenia, Avenida Bolivar No 15N-39 Piso 2. The petition, complaint or claim must contain the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying documents to be asserted. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been abandoned. In the event that the person receiving the claim is not competent to resolve it, he/she will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of the situation. Once the complete claim has been received, a legend will be included in the database stating “claim in process” and the reason for the claim, within a term not exceeding two (2) business days. Such legend shall be maintained until the claim is decided. The maximum term to address the claim shall be fifteen (15) business days from the day following the date of receipt. If it is not possible to respond to the claim within such term, the interested party shall be informed of the reasons for the delay and the date on which it will be decided.
reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
11. PROCEDURE FOR THE HOLDERS OF THE INFORMATION TO EXERCISE THEIR RIGHTS TO:
I. CONSULTATIONS:
a) The consultation shall be formulated by means of written communication sent to the e-mail [email protected], physical to the office in Armenia, Avenida Bolivar No 15N-39 Piso 2 or by telephone to the number (6)7451042 enabled by IGNIWEB SAS, and proof thereof shall be kept.
b) The consultation will be answered within a maximum term of ten (10) business days from the date of receipt thereof. When it is not possible to answer the consultation within such term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the consultation will be answered, which in no case may exceed five (5) business days following the expiration of the first term.
II. CLAIMS.
The Data Subject or his assignees who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, may file a claim with IGNIWEB SAS. office in Armenia, Avenida Bolivar No 15N-39 Floor 2 which will be processed under the following rules:
a) The Holder shall formulate the claim by means of a request addressed to IGNIWEB S.A.S. through the Administration Office, with the following data:
1. Name and identification of the Holder.
2. Description of the facts giving rise to the claim.
3. The physical address and e-mail address to provide information on the status of the procedure and to send the response.
4. Attach documents to be asserted.
b) If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, if the applicant does not submit the required information, it will be understood that the claim has been abandoned.
c) In the event that the person receiving the claim is not competent to resolve it, he/she will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of the situation.
d) Once the complete claim has been received, a legend will be included in the database stating “claim in process” and the reason for the claim, within a term no longer than two (2) business days. Said legend shall be maintained until the claim is decided.
e) The maximum term to address the claim shall be fifteen (15) business days from the day following the date of its receipt. When it is not possible to address the claim within such term, the interested party shall be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
12. OTHER PROVISIONS (DELETION OF DATA)
a) The company will resort to the deletion of data when the Data Subject requests the deletion of his/her personal data and/or the revocation of the authorization granted. All this under the presentation of a claim.
b) On the other hand, the deletion of personal data will not be carried out when the Data Subject has a legal or contractual duty to remain in the database. That is to say, if the suppression of this data may hinder judicial or fiscal actions or sanctions by the administration.
13. PERSONAL DATA SECURITY MEASURES
IGNIWEB S.A.S. under the principle of law 1581 of 2012, which by virtue seeks to ensure the protection of information and personal data. For this reason, we have a series of administrative processes
a) Prevent access to unauthorized personnel, not only to the physical facilities but also to the company’s information.
b) Permanent control over the information handled in the work stations, located in the different departments of the company.
c) Use passwords on all equipment in the company’s facilities and keep them locked when they are not being handled.
d) Digitalize all types of information in order to avoid loss or adulteration of the same, taking into account that personnel access to this information is limited.
14. FINAL PROVISIONS
IGNIWEB S.A.S. will inform the Holders and/or assignees of the changes and updates to be made to the personal data, which may be carried out through the policies in force under the regulations, whether legal or administrative.
15. EFFECTIVE DATE:
This Personal Data Policy was created on October 31, 2012 and is effective as of November 01, 2012. Any changes to this policy will be informed through the following email: [email protected]