Privacy Policy
AUTHORIZATION OF THE PERSONAL DATA PROCESSING POLICY INNOVATION AND COMMUNICATIONS FOR BEHAVIORAL CHANGE SAS
In accordance with the provisions of Statutory Law 1581 of 2012, which establishes the General Regime of Habeas Data and Treatment of Personal Data, INNOVATION AND COMMUNICATIONS FOR BEHAVIORAL CHANGE SAS (hereinafter "the Company), a commercial company incorporated under the laws of Colombia, identified with NIT No. 901486090, as an entity that stores and collects personal data, requires obtaining this authorization for the processing of your personal data, after having informed the following:
1. THE COMPANY is dedicated to conducting research and experimental development in the field of social sciences and humanities, as well as other management consulting activities.
2. In the course of its research activities, THE COMPANY designs physical and technological tools that allow it to carry out quantitative and qualitative studies. THE COMPANY's tools can be applied to sample population groups or to scale.
3. THE COMPANY will act as Responsible for the Processing of Personal Data in cases where it directly collects information through the physical or technological Tools that it has designed or within its Platform.
4. By entering a user through the Platform of THE COMPANY and/or accessing or using any Tool, service or the Platform, whoever uses it accepts the Personal Data Processing Policy of THE COMPANY. COMPANY and all the Terms and Conditions contained herein. Likewise, it is understood that you accept all other operating rules, policies and procedures that may be published by THE COMPANY
on the Platform, each of which is incorporated by reference.
5. When the information that is processed by THE COMPANY is of a sensitive nature or is of minors, the granting of authorization for processing is optional.
6. The Holder expressly states that THE COMPANY disclaims responsibility for the Holder's breach of its obligations related to the handling of personal data. Additionally, the Holder is responsible for the information of third parties that he shares in the Technological Platform without his authorization.
The personal information collected and processed by the company is and will be used in the development of its commercial and investigative activities, in the operation and optimization of the Tools that THE COMPANY has designed and the creation of new functionalities for them.
Especially the information collected will be incorporated into the databases of THE COMPANY with the following purposes:
- Carry out your research and commercial activities, optimize your technologies, Technological Tools and develop new functionalities for said Tools based on the data you collect.
- Measure the effectiveness of the Tools designed by THE COMPANY.
- Carry out quantitative and qualitative studies based on the results obtained from the use of THE COMPANY's Tools.
- Use the data obtained from the use of THE COMPANY's Tools, to carry out scientific research activities that may conclude in academic and scientific publications and investigative articles.
- Create new tools for research and experimental development.
- Analyze the behavior of sample population groups or at scale.
- Undertake and deploy digital and information literacy and education projects using behavioral sciences, communication and technology, based on the analysis of the information obtained from the use of THE COMPANY's Tools.
- Comply with internal requirements of both THE COMPANY and its platforms, for creation as users, linking Workers, contracting with Clients and Suppliers.
- Engage in direct contact with the Clients, Employees and Suppliers of THE COMPANY.
- Execution of the contracts that THE COMPANY enters into in the course of developing its activities and providing its services.
- Send promotional and advertising information by any online and offline means.
- Create a file with the contact data of Clients, Suppliers and Workers in order to keep an internal record of their personal data.
- Achieve a follow-up of the fulfillment of the provision of services in development of the corporate purpose of THE COMPANY,
- Address requests, complaints, claims, concerns, and requests raised by Users, Customers or Suppliers
- Report news, important events and information of interest to the Holders.
- Share personal data with third parties, if necessary, to achieve the purpose of THE COMPANY.
- The other purposes that are specifically established in this
Politics
- Incorporate and store them in our databases.
- Establish direct contact with users, beneficiaries of the projects carried out by THE COMPANY, workers and other interest groups linked to THE COMPANY through different channels.
- Comply with internal requirements, for the creation as users or beneficiaries.
- Provision of data in the registration forms of the Website, or registration forms for projects, programs, activities, campaigns or services offered by THE COMPANY.
- Send promotional and advertising information by any online and offline means.
- Create promotional and advertising material that may be of interest to the owner.
- Preparation of satisfaction surveys.
- Create a file with the contact data of users and/or beneficiaries in order to keep an internal record of their personal data and contact the Holders of the information.
- For the linking of workers and compliance with the obligations derived from said employment link.
- Obtain authorizations for the processing of personal data through different means, such as data messages, internet, websites and/or any means that allows obtaining the consent of the Owner.
- Create alliances with other entities of a public or private nature for the development and financing of programs, projects, tools and activities carried out by THE COMPANY related to its corporate purpose, commercial and research activities. The Allies of THE COMPANY, will act in turn as Responsible for the Treatment of Personal Data, when they collect the information themselves or when said collection
occurs on their servers or technological platforms, or they will act as Information Managers when the same is transmitted to them by THE COMPANY for the development
of a specific order.
- Achieve a follow-up of the fulfillment of the activities, programs, projects and campaigns
deployed by THE COMPANY in the development of its corporate purpose, commercial activities and
investigative.
- Address requests, complaints, claims, concerns, and requests raised by the Holders.
- Inform about news, important events and information of interest to the Holder.
- Share, transfer or transmit personal data including sensitive data with third parties,
if necessary, to achieve the deployment, development, start-up and execution of the
programs, projects and activities carried out by THE COMPANY related to its purpose
social, investigative and commercial activities.
- The other purposes that are specifically established in this
Politics.
The Holder of the information has the rights conferred by the Constitution and the Law between
others, those of knowing, updating, rectifying and requesting the deletion of personal data
provided, know the uses used on the data, revoke the authorization granted and
free access to your personal data. In the same way, The Holder may request LA
COMPANY, at any time, that promotional or advertising information is not sent, or that
You will be sent only certain information that is of interest to you.
By virtue of this authorization, THE COMPANY is authorized to collect, compile, store,
circulate, share with third parties, transfer and transmit nationally or internationally,
use, communicate, process, organize, analyze, study, classify, delete and dispose of my data
in accordance with the purposes set forth in this authorization and this Policy.
Notwithstanding the foregoing, the services offered on the Platform that imply terms and
additional conditions, will imply the additional acceptance of these. In the event that the User does not
accept, you must refrain from using them in any way.
The Holder can exercise their rights by directing a free consultation or claim to the address
email hola@somosdip.com to the physical address Cra 5 No. 74-75, service channels available
by THE COMPANY.
NOTICE OF PRIVACY
INNOVATION AND COMMUNICATIONS FOR BEHAVIORAL CHANGE SAS (Hereinafter
THE COMPANY) commercial company incorporated under the laws of Colombia, identified with NIT No.
901486090, makes this Personal Data Processing Policy available to the public
of THE COMPANY (hereinafter the "Policy"), which establishes the mechanisms, guarantees and
instruments held by the holders of the information we collect and process as
Responsible for Treatment in light of Law 1581 of 2012, Decree 1377 of 2013 and other regulations
applicable in terms of personal data protection.
Due to the activity carried out by THE COMPANY, it collects, and in some cases, communicates to third parties
people, information about the users who make use of the Digital Education Tools
designed by THE COMPANY, as well as its Clients, Workers and Suppliers. In that order
of ideas, the following Policy is intended to provide them with a clear picture regarding
the personal data that THE COMPANY collects, the treatment given to them and the
procedures that the holders have within their reach to be able to make effective the rights derived
of those.
The treatment that THE COMPANY will carry out consists of the following activities: collection,
storage, classification, organization, use, processing, circulation, disclosure of your data
with third parties, study, analysis, purification, deletion, transmission, national transfer and
international and disposition of the personal data of the Holder, which may occur in systems of
information and networks whose servers may be inside or outside the national territory. The data
collected may be stored on the servers of THE COMPANY or third-party providers of
data storage services whose servers may be outside the national territory
which may require a transfer and/or processing of these data outside the country of residence of the
Headline.
This Treatment is carried out so that THE COMPANY can fulfill its corporate purpose, develop
projects related to its commercial, research, academic and study activities,
statistics, the development of events and campaigns that may take place during the execution of their
daily activities, in addition to the purposes set forth in its Data Processing Policy
Personal.
As Owner of the information you have the right to: Access your data free of charge, know,
update and rectify your information, request proof of your authorization for the treatment of your
data, file complaints with the Superintendency of Industry and Commerce, revoke your authorization or
request the deletion of your data and refrain from answering questions related to data
sensitive or children and adolescents.
The holders must read in advance and in detail the information contained in this Policy, since the
It intends to provide you with a clear picture regarding the personal data that THE COMPANY
collected, the treatment given to them and the procedures available to them to
be able to exercise their rights.
The Owner can access our Personal Data Processing Policy, which can be found
published on our website: https://www.somosdip.com/. The modifications made to the
this Privacy Notice or the Personal Data Treatment Policy, will be the same
manner available to the public through our website for consultation at any time; or know
We will send them to the last email you have provided us.
If they do not agree with this Policy, the holders must refrain from providing their
data to THE COMPANY.
PERSONAL DATA PROCESSING POLICY OFINNOVATION AND COMMUNICATIONS FOR BEHAVIORAL CHANGE SAS
INNOVATION AND COMMUNICATIONS FOR BEHAVIORAL CHANGE SAS (Hereinafter
THE COMPANY) commercial company incorporated under the laws of Colombia, identified with NIT No.
901486090, with Telephone 3123068893, and email hola@somosdip.com, through the
Hereby it is allowed to establish the principles and parameters by which it will treat the data
personal information that it collects in the development of its corporate purpose, when it acts both as Responsible or
as Information Officer.
THE COMPANY in the execution of its business activity, collects personal data from third parties, for
such reason to guarantee the constitutional and legal rights of the people who have had
well supplying us with your data and of those who provide it to us in the future, THE COMPANY adopts the
following personal data processing policies, under the terms of Law 1581 of 2012, the
Decree 1377 of 2013, and other regulations that modify them.
1. OBJECTIVE.
Through this data processing policy, THE COMPANY intends to establish the
rules applicable to the processing of personal data collected, used and stored by LA
COMPANY in development of its corporate purpose; in the capacity of responsible and/or in charge of the
treatment of the information as the case may be.
All of the above is based on statutory law 1581 of 2012, regulated by Decree
National 1377 of 2013, Decree 1074 of 2015 and its constitutional foundations regarding the
protection of privacy, protection of personal data, the right to habeas data and other
applicable regulations that replace or modify it in terms of personal data protection.
2. SCOPE OF APPLICATION.
This policy will apply to the processing of personal data carried out in Colombian territory,
or when the regulations on the protection of personal data are applicable to the person in charge and/or
person in charge located outside Colombian territory, by virtue of international treaties, relations
contracts, among others.
The provisions contained in this policy will apply to any personal database that
are in the custody of THE COMPANY, either as responsible and/or in charge of the
treatment.
In the case of Clients, natural persons, legal entities, the COMPANY informs that their data
they are recruited by a company domiciled in Colombia. Therefore, at the time of supplying us
your data you are submitting to the rules of this data protection policy and the rules
that Colombian legislation has provided for this purpose.
3. DEFINITIONS.
In accordance with current legislation on the matter, the following definitions are established,
which will be applied and implemented accepting the interpretation criteria that guarantee
a systematic and comprehensive application, and in line with technological advances, neutrality
technology, and the other principles and postulates that govern the fundamental rights that surround,
orbit and surround the right of habeas data and protection of personal data.
• Authorization: Prior, express and informed consent of the Holder to carry out the
Treatment of Personal Data.
• Privacy Notice: Verbal or written communication generated by the person in charge, addressed to the Holder
for the Treatment of your Personal Data, through which you are informed about the existence
of the Information Treatment Policies that will be applicable, the way to access the
same and the purposes of the treatment that is intended to give personal data.
• Database: Organized set of Personal Data that is subject to Processing.
• Clients: Natural or legal person, public or private with whom THE COMPANY has a
business relationship.
• Personal Data: Any information linked or that can be associated with one or more people
natural determined or determinable. Some examples of personal data are the following:
name, citizenship card, address, email, telephone number, marital status,
health, fingerprint, salary, assets, financial statements, etc.
• Sensitive data: Information that affects the privacy of the Holder or whose improper use may generate
discrimination, such as those that reveal racial or ethnic origin, political orientation,
religious or philosophical convictions, membership in trade unions, social organizations, rights
or that promotes the interests of any political party or that guarantees the rights and
guarantees of opposition political parties as well as data related to health, sexual life and
biometric data, among others, the capture of still or moving images, fingerprints,
photographs, iris, voice, facial or palm recognition, etc.
• Treatment Manager: Natural or legal person, public or private, who by himself or in
associated with others, carry out the Processing of Personal Data on behalf of the Responsible for the
Treatment. In the events in which the person in charge does not act as person in charge of the database,
The person in charge will be expressly identified.
• Tool: Refers to all the digital education material that THE COMPANY develops and
has developed by combining different techniques to help people become aware of their
vulnerability to information toxicity and from which information projects are deployed and executed.
digital and information literacy and education. The Tools may comprise videos,
surveys, interviews, trivia, audiovisual productions, online games among other modalities
that THE COMPANY deems appropriate.
• Technological Platform: Refers to the technological developments managed by THE COMPANY
and that allow you to interact with Users and Clients through a website under the name
domain https://www.somosdip.com/.
• Data Controller: Natural or legal person, public or private, who by himself or in
I associate with others, decide on the Database and/or the Treatment of the data.
• Claim: Request from the Owner of the data or from the persons authorized by him or by the Law to
correct, update or delete your personal data or to revoke the authorization in the cases
established in the Law.
• Terms and Conditions: general framework in which the conditions are established for the
participants in promotional or related activities.
• Holder: Natural person whose Personal Data is subject to Treatment.
• Transfer: The transfer of data takes place when the Responsible and/or Person in Charge of the
Treatment of personal data, located in Colombia, sends the information or personal data to
a receiver, who in turn is Responsible for the Treatment and is located inside or outside the country.
• Transmission: Processing of Personal Data that implies the communication thereof inside or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of the Responsible.
• Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
• User: Person who enters, registers, logs in to the technological Platforms of THE COMPANY or uses them, as well as any person who uses the Tools of THE COMPANY.
4. RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA.
The person in charge of processing personal data is THE COMPANY, domiciled in Bogotá, Colombia; Address Cra 5 No. 74-75, Telephone +57 (1) 3123068893. The area directly in charge of the Processing of personal data is the Customer Service Area of THE COMPANY and the e-mail provided for this purpose ishello@somosdip.com
5. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA.
For the Treatment of Personal Data, THE COMPANY will apply the principles mentioned below, which constitute the rules to follow in the collection, handling, use, treatment, storage and exchange of personal data:
• Legality: The processing of personal data will be carried out in accordance with the applicable legal provisions (Statutory Law 1581 of 2012 and its regulatory decrees).
• Purpose: The personal data collected will be used for a specific and explicit purpose which must be informed to the Holder or permitted by Law. The Holder will be informed in a clear, sufficient and prior manner about the purpose of the information provided.
• Freedom: The collection of Personal Data may only be exercised with the prior, express and informed authorization of the Owner.
• Truthfulness or Quality: The information subject to the Processing of Personal Data must be truthful, complete, exact, up-to-date, verifiable and understandable.
• Transparency: In the Processing of Personal Data, the Holder's right to obtain, at any time and without restrictions, information about the existence of data that concerns him is guaranteed.
• Restricted access and circulation: The processing of personal data may only be carried out by the persons authorized by the Holder and/or by the persons provided for in the Law.
• Security: The Personal Data subject to Treatment will be handled adopting all the necessary security measures to avoid loss, adulteration, consultation, use or unauthorized or fraudulent access.
• Confidentiality: All officials who work at THE COMPANY and those in charge of the information are obliged to keep confidential the personal information to which they have access on the occasion of their work.
6. TREATMENT TO WHICH THE DATA WILL BE SUBJECTED.
The treatment that THE COMPANY will carry out acting as Responsible and/or in Charge will be to collect, compile, store, circulate, share with third parties, transfer and transmit nationally or internationally, use, communicate, process, organize, analyze, study, classify, delete and dispose of personal data, strictly following the guidelines established by law.
Collection Specifications
Personal data is provided directly by the Owner to THE COMPANY. Data and Treatment authorizations will be collected as follows:
Physical media:
This is when the information is supplied by the Holders, by telephone, in writing, or verbally.
Electronic media:
The Holder's data will be obtained by electronic means in the following cases:
1. When the Holder enters the company's website and through it his data is required to access certain functionalities of the page.
2. When the Holder uses the Tools designed by THE COMPANY that are incorporated into technological means, or that are online, and in the course of their use provides personal information
3. When the Holder's data is obtained through email, mobile communication applications, social networks, text messages (SMS) or PUSH notifications (instant messages that you will receive on the device on which you enter the Platform).
Storage Specifications
The data collected and the authorizations will be stored in the Databases of THE COMPANY and/or the Manager and will remain in their custody under conditions of suitability, confidentiality and generally accepted security. Only authorized personnel may access these Databases. The access and security protocols that are considered standard in these activities will be observed to avoid the violation or manipulation of the information collected.
Notwithstanding the foregoing, THE COMPANY may operate the databases through a Data Processing Manager, in which case, it will inform the holders of the information that these policies will be extended and, therefore, will be applicable to such Manager, so that the Holder can exercise the rights conferred by law, both against THE COMPANY and against the Treatment Manager appointed by it.
Similarly, all these treatments can occur in information systems and networks whose servers may be inside or outside the national territory. In that order, the data collected may be stored on the servers of THE COMPANY or on servers of companies that provide services for the storage of information, which may be outside the national territory, which may require an international transfer and/or data processing. these data outside the country of residence of the Holder.
The information collected will be used in the manner described in the following point.
7. PURPOSE OF THE PERSONAL INFORMATION COLLECTED IN THE DATABASES.
The personal information that THE COMPANY and/or the Manager has collected from the beginning of its operations and that which it collects from now on, will be used for the following purposes:
7.1. User Data
THE COMPANY makes its Technological Platform and its Tools available to the public in order to advance its investigative processes and deploy, according to the data collected and the research carried out, projects for digital literacy and digital and informative education. The aforementioned projects by virtue of which information is also collected, are intended to make Users aware of their vulnerability to information toxicity, and to be able to forge a criterion that allows them to discern between the information that is true and that which is not. .
In that order, the information that is collected from Users through the Technological Platforms
and in the Tools designed by THE COMPANY has the following purposes:
- Carry out your research and commercial activities, optimize your technologies, Technological Tools and develop new functionalities for said Tools based on the data you collect.
- Measure the effectiveness of the Tools designed by THE COMPANY.
- Carry out quantitative and qualitative studies and analyzes based on the results obtained from the use of THE COMPANY's Tools.
- Use the data obtained from the use of THE COMPANY's Tools, to carry out scientific research activities that may conclude in academic and scientific publications and investigative articles.
- Create and design new tools for research and experimental development.
- Analyze the behavior of sample population groups or at scale.
- Based on the information, carry out measurements in sample groups or on a scale.
- Undertake and deploy digital and information literacy and education projects using behavioral sciences, communication and technology, based on the analysis of the information obtained from the use of THE COMPANY's Tools.
- Identify which tools are capable of reducing the polarization and manipulation that is generated from the dissemination of inaccurate, incomplete or untrue information.
- Within the website https://www.somosdip.com/ create contact channels between THE COMPANY and its Users, as well as the collection of Cookies (small text files that are placed by a web server, in the hard drive of whoever browses a web page or application) to identify how the User uses the services of THE COMPANY, if he has entered the system, when and how he enters, as well as to personalize and improve the
User experience.
- Manage the use that Users make of the Technological Platforms of THE COMPANY's Tools.
- Obtain authorizations for the processing of personal data through different means, such as data messages, internet, websites and/or any means that allows obtaining the consent of the Holder.
- Create alliances with other entities of a public or private nature for the development and financing of programs, projects, tools and activities carried out by THE COMPANY related to its corporate purpose, commercial and research activities. The Allies of THE COMPANY, will act in turn as Responsible for the Treatment of Personal Data, when they collect the information themselves or when said collection
occurs on their servers or technological platforms, or they will act as Information Managers when the same is transmitted to them by THE COMPANY for the development of a specific order.
- Achieve a follow-up of compliance with the activities, programs, projects and campaigns deployed by THE COMPANY in the development of its corporate purpose, commercial and investigative activities.
- Address requests, complaints, claims, concerns, and requests raised by the Holders.
- Inform about news, important events and information of interest to the User.
Specifications on delivery of information to the Allies
In order to deploy, develop and execute its research, programs, projects, campaigns, benefit plans and activities, THE COMPANY may create alliances by contacting entities of a public or private nature so that they can contribute to the realization and fulfillment of the objectives set by THE COMPANY for the development of its projects and activities. In this sense, it is necessary for THE COMPANY to share, transfer or transmit the personal data of the Users, if necessary, with the Allies of THE COMPANY.
However, the Allies of THE COMPANY may act as Persons in Charge of the Processing of Personal Data, when THE COMPANY commissions them to carry out specific activities to be carried out on behalf of THE COMPANY. In this case, the Allies will not be able to deal with the
data for purposes other than those entrusted by THE COMPANY and are subject to the Personal Data Processing Policies and guidelines that THE COMPANY indicates.
In the same way, the Allies of THE COMPANY, will act in turn as Responsible for the Treatment of Personal Data, when they collect the information themselves, when said collection occurs on their servers or technological platforms, when through the Platforms Technological, electronic forms or Tools designed by THE COMPANY the Holders of the information are redirected to the servers and technological platforms of the Allies or when THE COMPANY and the ALLIED agree to share it by different means such as magnetic means, data messages or physical means. In this case, the Allies are subject to their own Policies and procedures for the Treatment of Personal Data, for which the Holder is recommended to review them and verify if they agree with the treatment carried out by the Allies of THE COMPANY of your personal data.
In this sense, the Allies may carry out the collection and processing of data and personal information through email, electronic communication or electronic messaging applications, as well as from the tools, web or mobile applications, technological platforms and/or software that have designed through which they access personal information, or they may perform the collection by physical means.
In any case, THE COMPANY informs that the Allies are and will be themselves responsible for the security, the information systems they manage, the Policies, measures and practices they have adopted for the treatment and handling of personal data. It is then reiterated to the Holder, that, when authorizing the circulation of personal data with the Allies of THE COMPANY, he does so with full knowledge of the aforementioned situation and at his own risk.
Any issue related to the handling of Personal Data that is carried out with the Partner must be validated with it or will be sent by THE COMPANY to the respective Partner. THE COMPANY will not be responsible for the
Policies, measures and practices adopted by the Allies regarding the processing of personal data, since this is outside their scope of control. The foregoing is without prejudice to the fact that THE COMPANY may make requirements or observations to its Allies regarding the Treatment they give to the Personal Data, when it deems it convenient.
7.2 Allied Data
THE COMPANY, in carrying out its corporate purpose, processes the information contained in this database for the following purposes:
- Comply with internal requirements, for the creation as Allies.
- Incorporate them into databases.
- Create in a file, the contact data of Allies in order to keep an internal record of their personal data.
- Make known to the Allies the tools, projects, campaigns, activities and plans of THE COMPANY to invite them to be part of them or to make contributions within them.
- Engage in direct contact with Allied officials through different channels, email, video calls, WhatsApp, instant or electronic messaging tools and applications, via cell phone or telephone.
- Celebration of commercial, administrative or civil agreements.
- Perform due diligence processes and knowledge of the counterparty.
- Monitor the contributions made by the Allies to the projects, campaigns,
investigations and activities of THE COMPANY and verify compliance with them.
- Carry out follow-ups or studies aimed at improving the service it provides, as well as
as well as the products marketed by THE COMPANY.
- Generate and send information of interest regarding advertising, activities, news,
events and news of THE COMPANY.
- Share personal data with third parties, if necessary, to achieve the purpose of THE COMPANY.
- Transfer the information collected to different areas of THE COMPANY when this is necessary for the development of its operations.
- Any other activity of a similar nature to those described above that are necessary to develop the corporate purpose of THE COMPANY.
7.3. Customers:
THE COMPANY, in carrying out its corporate purpose, processes the information contained in this database for the following purposes:
− Market products and services that, in development of its corporate purpose, THE COMPANY usually offers in the market.
− Issue sales invoices generated from the purchase of services by the Client.
− Carry out monitoring or studies aimed at improving the service it provides, as well as the technological products marketed by THE COMPANY.
− Address requests, concerns, complaints and requests raised by Users and Clients.
− Engage in direct contact with Clients through different channels.
− Comply with internal requirements, for the creation as Clients.
− Execution of the contract and provision of contracted services.
− Generate and send information of interest regarding advertising, promotional activities, contests, and raffles (email marketing).
− Affiliate to loyalty programs, create consumer profiles, among other promotional and advertising materials that may be of interest to the owner.
− Preparation of satisfaction surveys.
− Create in a file, the contact data of Clients in order to keep an internal record of their personal data.
− Achieve monitoring of compliance with the provision of services in development of THE COMPANY's corporate purpose.
− Share personal data with third parties, if necessary, to achieve the purpose of THE COMPANY.
− Transfer the information collected to different areas of THE COMPANY when it is necessary for the development of its operations (portfolio collection and administrative charges, treasury, accounting, among others).
− Carry out due diligence processes and knowledge of the counterparty.
− Any other activity of a similar nature to those described above that are necessary to develop the corporate purpose of THE COMPANY.
7.4. Employee Data
- Create specific files for each worker with their personal data in order to use it whenever it is required.
- Comply with the obligations contracted by THE COMPANY in favor of the employee in development of the relationship contract signed with the employee.
- Advance the affiliations of the employees and the beneficiaries designated by it, aimed at fulfilling the obligations determined by the labor law generated as a result of the employee's relationship with THE COMPANY.
- Assignment of users and corporate email accounts, which entails the generation and sending of correspondence in development of the contract signed between the worker and THE COMPANY.
- Consultation and custody of the employee's academic, disciplinary and work history in order to keep a historical record of such information of the workers who enter the company, which in the future can be used to provide references if required.
- Compliance with Payroll payment and parafiscal obligations caused in favor of the employee by virtue of their employment relationship.
- Creation of contact channels between THE COMPANY, the employee and their relatives if required.
- Management of accounting and labor information to comply with contractual and legal requirements.
- Regarding former employees, the information will be kept in case it is required by any judicial or administrative authority.
- Regarding candidates who provided their information at the time of participating in selection processes, occasionally this information will be kept in order to make a new contact in case a new vacancy is opened.
- Perform due diligence processes and knowledge of the counterparty.
7.5. Supplier and Contractor Data
The data compiled in this database will be used to:
- Collect general and contact information of all suppliers and contractors who have provided, provide and may provide services in favor of THE COMPANY.
- Establish a contact channel between the suppliers and contractors of THE COMPANY.
- Preparation and forwarding of correspondence and information by THE COMPANY regarding internal activities, in which suppliers and contractors may participate.
- Generation and sending of correspondence in cases that THE COMPANY must request from the supplier or contractor.
- Monitoring of the execution of the agreements, contracts, or purchase orders generated by virtue of the commercial relationship between THE COMPANY and the supplier or contractor.
- Accounting record and internal monitoring regarding payments to suppliers and contractors.
- Generate purchase orders or services.
- Compliance with administrative, contractual, accounting and/or tax obligations.
- Contact for quotes and requests for new services and products required by THE COMPANY in order to duly develop its corporate purpose.
- Verify commercial references.
- Perform due diligence processes and knowledge of the counterparty.
8. RIGHTS THAT ASSIST THE HOLDER OF THE INFORMATION.
In accordance with the constitutional and legal norms, the Holder of the information collected in our Databases has the following prerogatives and rights, which can be invoked or exercised against THE COMPANY or against the Person in Charge of the Treatment of Personal Data that acts for account of THE COMPANY as Responsible for Treatment:
8.1. Free access to your Personal Data, as well as knowing, updating, rectifying, correcting and deleting them, following the procedures established below.
8.2. Request and obtain proof of the authorization granted for the processing of personal data, except in the case in which it is presumed to have used alternative communication mechanisms, as provided for in article 10 of Decree 1377 of 2013.
8.3. Obtain information about the use that has been given to your personal information.
8.4. Go before the authorities, especially before the Delegate Superintendence for the Protection of Personal Data of the Superintendency of Industry and Commerce, in order to request and demand the protection of the rights conferred by the Laws.
8.5. Revoke, at any time, the authorization for the Processing of your Personal Data, modify or condition it. Likewise, request the deletion of the data, its modification or clarification, unless the information is necessary for legal or contractual reasons.
9. DUTIES OF THE COMPANY AS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA.
THE COMPANY bears in mind that the Personal Data are the property of the persons to whom it refers and only they can decide on them. In this sense, THE COMPANY will use the Personal Data collected only for the purposes for which it is duly empowered and respecting, in any case, the current regulations on the Protection of Personal Data. THE COMPANY will attend to the duties provided for those Responsible for Treatment, contained in article 17 of Law 1581 of 2012 and the other regulations that the COMPANY
regulate, modify or replace.
10. AUTHORIZATION.
THE COMPANY will request prior, express and informed authorization from the Holders of the Personal Data on which the Treatment is required. This manifestation of the Holder's will can occur through different mechanisms made available, such as:
• In writing, filling out an authorization form for the Processing of Personal Data.
• Orally, through a telephone conversation or videoconference.
• Through unequivocal behaviors that allow concluding that you granted your authorization, through your acceptance of the Terms and Conditions of an activity within which the authorization of the participants is required for the Processing of your Personal Data or when you accept through the Web page of THE COMPANY, the Data Processing Policy.
• By electronic means when it is possible to keep a record of the Authorization for later consultation. The Authorization will be obtained by electronic means in the following cases: (i) When the Holder accesses the company's website and through it his Authorization is required to access certain functionalities of the page. (ii) When the Holder makes use of the Digital Tools or those that are online developed by the company. (iii) When the Authorization of the owner is obtained through email, mobile communication applications such as (WhatsApp, Messenger, Telegram, among others), through social networks or through messages
text (SMS).
11. SPECIAL PROVISIONS FOR THE PROCESSING OF PERSONAL DATA.
Treatment of Personal Data of a Sensitive Nature:
The Treatment of Personal Data of a sensitive nature is prohibited by law, unless there is express, prior and informed authorization from the Holder, among other exceptions enshrined in Article 6 of Law 1581 of 2012. In this case, in addition to comply with the requirements established for the authorization, THE COMPANY will inform the Holder:
• That because it is sensitive data, you are not obliged to authorize its Treatment.
• Which of the data that will be subject to Treatment are sensitive and the purpose of the Treatment.
Additionally, THE COMPANY will treat the sensitive data collected under security standards
and confidentiality corresponding to its nature.
For this purpose, THE COMPANY has implemented administrative, technical and legal measures, in order to seek the protection, security and confidentiality of the personal data to which it has access.
Treatment of Personal Data of Children and Adolescents:
According to the provisions of Article 7 of Law 1581 of 2012 and article 12 of Decree 1377 of 2013, THE COMPANY will only carry out the Treatment, corresponding to children and adolescents, as long as this Treatment responds to and respects the best interests of children and adolescents and ensure respect for their fundamental rights.
Once the above requirements have been fulfilled, THE COMPANY must obtain the Authorization of the legal representative of the child or adolescent, prior to the exercise of the minor's right to be heard, an opinion that will be valued taking into account the maturity, autonomy and ability to understand the matter.
12. PROCEDURES FOR THE INFORMATION HOLDERS TO EXERCISE THEIR RIGHTS:
In order to safeguard the rights of the Holders of the information that rests in our Databases, and that which is collected directly from now on, THE COMPANY establishes the following
procedures:
12.1. The Holder of the information (understood as Holder the natural person who provided the information, his successors in title and/or attorneys-in-fact) may request at any time, from Monday to Friday on business days electronically, information (queries) about the personal data that The databases of THE COMPANY and the authorizations granted are recorded.
12.2. Likewise, the Holder may submit requests or claims regarding clarification, correction, modification, rectification or deletion of data; revocation or conditioning of authorizations for Treatment, accompanying the documents or evidence that it intends to assert.
12.3. To exercise the prerogatives referred to in the preceding paragraphs, the Holder must send an email to hola@somosdip.com fully identifying himself, so that THE COMPANY can confirm that the petitioner is the Holder of the information.
The request must specify:
12.3.1. Full and correct name of the Holder and/or his proxy, if applicable.
12.3.2. Identification of the Holder and his representative, in the event that he acts through a proxy.
12.3.3. Data or authorization that you want to know, correct, modify, suppress or revoke, with a clear and detailed indication of the way in which the correction or modification is requested.
12.3.4. Email where the Holder will receive a response.
12.4. However, if it considers it, and with the sole purpose of establishing the full identity of the petitioner and Owner of the information, THE COMPANY may require that they identify themselves, before proceeding to
answer him.
12.5. The response to the queries referred to in numeral 10.1., will be sent by THE COMPANY within a maximum term of ten (10) business days counted from the date of receipt of the same.
When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.
12.6. The response to the claims referred to in numeral 6.2, will be given by THE COMPANY within a maximum term of fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.
13. SECURITY POLICY IN THE PROCESSING OF PERSONAL DATA.
In order to safeguard the rights of the Holders of the information that rests in our Bases
of data, and that which is collected in the future, THE COMPANY establishes the following procedures, in
in relation to the security in the processing of personal data:
13.1 Storage of information. Information collected from customers, employees
and suppliers, is stored and protected in the work equipment, computers of
desk and/or laptops of the officers of the company THE COMPANY and of the Person in Charge who
They have personal access codes that are linked to each user's profile.
13.2 Use and access of the server. The information in the systematized databases is found
stored and may only be consulted by authorized employees, who may access the
system only with the designated user and a security key, which is secret
and non-transferable.
13.3 Confidentiality of information. In relation to the confidentiality of information LA
COMPANY maintains under reserve, absolute confidentiality and without disclosure to third parties not
authorized, the information of the holders of personal information that are part of the bases of
Company data. This information will be confidential, whatever the means.
under which it has been provided, including the information poured into software or media
electronic storage. Additionally, THE COMPANY includes within the contracts that
subscribes with its suppliers, strict clauses of confidentiality and data protection
where the duty of custody and protection of the personal data that must be
assist and monitor suppliers and other legal and natural persons who receive said information
as data processors. Access to personal data information is restricted
according to the profile of each employee and/or contractor, which is created at the time of entering work at
THE COMPANY and has enabled only the necessary accesses by virtue of the position profile to
perform within THE COMPANY.
13.4 Security measures: THE COMPANY applies all the necessary measures to maintain the
information security and for the reduction of risks of security incidents.
13.5 Security Incident Management: If information security incidents occur
personnel, THE COMPANY undertakes to adopt the technical, human and administrative measures
necessary to guarantee the security of the personal data subject to treatment, thus avoiding their
unauthorized or fraudulent tampering, loss, consultation, use or access.
14. TRANSFER AND TRANSMISSION OF PERSONAL DATA.
THE COMPANY may deliver Personal Data to third parties when:
• In the case of contractors in execution of contracts or alliances for the development of the activities of
THE COMPANY.
• By transfer to any title of any line of business to which the
information.
In any case, when THE COMPANY wishes to send or transmit data to one or more Managers
located inside or outside the territory of the Republic of Colombia, will establish contractual clauses
or will enter into a contract for the transmission of personal data in which, among others, the following is agreed:
• The scope and purposes of the treatment.
• The activities that the Processor will carry out on behalf of the COMPANY
• The obligations that must be fulfilled by the Person in Charge with respect to the Owner of the data.
• The duty of the person in charge to treat the data in accordance with the authorized purpose for the same and
observing the principles established in Colombian law and this policy.
• The obligation of the Processor to adequately protect personal data and databases,
as well as to keep confidentiality regarding the treatment of the transmitted data.
• A description of the specific security measures that are going to be adopted by both LA
COMPANY as by the person in charge of the data in its place of destination.
THE COMPANY will not request authorization when the international transfer of data is
covered by any of the exceptions provided for in the Law and its Regulatory Decrees.
15. THE COMPANY AS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA.
THE COMPANY, as the person in charge of processing personal data, undertakes to:
• Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data;
• Keep the information under the security conditions necessary to prevent its adulteration,
unauthorized or fraudulent loss, consultation, use or access;
• Perform timely updating, rectification or deletion of data under the terms of the
present law;
• Update the information reported by those responsible for Treatment within five (5) business days from its receipt;
• Process queries and claims made by the Holders in the terms set forth in this law;
• Refrain from circulating information that is being controversial by the Holder and whose blocking has been ordered by the Superintendence of Industry and Commerce;
• Allow access to information only to persons who may have access to it;
• Inform the Superintendence of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the Holders' information;
• Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
• Respect the personal data processing and information security manuals and policies of the Person Responsible for the processing of personal data.
16. EFFECTIVE DATE OF THE PERSONAL DATA PROCESSING POLICY.
The Personal Data Processing policy referred to in this document will be in force as of October 1, 2021, but may be modified at any time by THE COMPANY, in which case the Holders will be informed of the relevant information.