Terms and Conditions
TREATMENT POLICY FOR THE PROTECTION OF PERSONAL DATA ABUSAID GOMEZ & ASSOCIATES
1. General Objective
The purpose of this policy is to guarantee the confidentiality of information, privacy, and treatment of personal data of clients, suppliers, employees and third parties with whom Abusaid Gómez & Asociados is obliged to exchange information in accordance with the guidelines established by law.
2. Definitions.
The following are the definitions enshrined in Law 1581 of 2012, which will allow to know the development of each of the issues raised in this document:
a. Processing: Any operation or set of operations on personal data, such as the collection, conservation, ordering, evaluation, blocking, storage, use, circulation, suppression or destruction and in general, the processing of Personal Data, as well as its transfer to third parties through communications, consultations, interconnections, assignments, data messages.
b. Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons.
c. Financial Data: Any Personal Data referring to the birth, execution and extinction of monetary obligations, regardless of the nature of the contract that gives rise to them, whose Processing is governed by Law 1266 of 2008 or the rules that complement, modify or add to it.
d. Public Data: It is the Personal Data qualified as such according to the mandates of the law or the Political Constitution and that which is not semi-private, private or sensitive. Public data includes, among others, data related to the marital status of individuals, their profession or trade, their status as merchant or public servant and those that may be obtained without any reservation. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, duly executed court rulings that are not subject to confidentiality.
e. Sensitive Data: Personal Data that affects the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal union affiliations, racial or ethnic origin, political orientation, religious, moral or philosophical convictions, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life, and biometric data.
f. Database: Organized set of personal data subject to processing.
g. Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of personal data. It shall be understood that the authorization complies with these requirements when it is expressed in writing, orally or through unequivocal conduct of the Data Subject that allows the reasonable conclusion that he/she granted the authorization.
h. Authorization: It is the legitimization that expressly and in writing by means of a contract or document that takes its place, granted by the Company to third parties, in compliance with the applicable Laws, for the Processing of Personal Data turning such third parties into Processors of the Personal Data delivered or made available.
i. Data Controller: Natural or Legal Person, public or private, who by itself or in association with others, decides on the database and/or the Processing of Personal Data.
j. Authorized: The Company and all persons under the responsibility of the Company, who by virtue of the Authorization and these Policies have the legitimacy to Process the Personal Data of the Data Subject. The Authorized Party includes the gender of the Entitled Parties.
k. Data Processor: Natural or legal person, public or private, who by itself or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller.
With the foregoing, and in compliance with the provisions of the Statutory Law 1581 of 2012 and Decree 1377 of 2013, which regulate the handling of personal data information contained in databases of Abusaid Gómez & Asociados (hereinafter the “Company”), the present treatment policy for the protection of personal data, which regulates the collection, storage, management and protection of that information received from the Data Controllers, is made known.
3. General Data of the Data Controller.
The legal entity responsible for the processing of personal data and therefore of the databases in which they are located, is Abusaid Gómez & Asociados, whose main data are as follows:
Principal place of business: Bogotá D.C.
Tax ID: 900.485.913-5
Address Calle 100 #8ª-55 Torre C Office 207
E-mail: info@abusaidgomez.com
Telephone 314-290-5025
4. Treatment and purpose of personal data.
The personal data provided to the Company will be stored in the corresponding databases and will be used for one of the following purposes:
a. With respect to customers: The processing of personal data will be carried out for the purpose of the development of a mobile platform that will be constituted as the intermediary between small businesses and suppliers of electronic products, home, toy, makeup, and textile, to offer better prices and greater facilities using electronic platforms.
b. With respect to employees: The processing of the data will be carried out for the purpose related to its connection, execution and termination of the employment relationship that arises between the employee and the Company.
c. With respect to Authorities and control entities: The processing of personal data will be carried out for the purpose of responding to any requirement or request from regulatory entities, including tax authorities such as the National Tax and Customs Directorate of Colombia (DIAN), foreign exchange authorities such as the Bank of the Republic and administrative authorities at the national, departmental or municipal level.
d. Regarding internal financial management: The processing of data will be carried out in order to meet the legal requirements of the Company’s financial management, including auditing, accounting and auditing processes.
e. With regard to job candidates: The processing of personal data will be carried out in order to carry out personnel selection processes and labor linkage to the Company.
f. Processes within the Company: It refers to the updating of systems, protection and custody of information and databases.
g. Other purposes: The other purposes determined by those responsible in processes of obtaining personal data to be communicated to the owners at the time of collection of personal data.
The Company undertakes not to collect unnecessary information and to maintain the confidentiality and security of the same. The processing of data will be assigned to specific employees, according to the area in charge of the database. At any time, the Company may establish additional purposes, as well as create new databases to achieve such purposes.
In this regard, it may:
a. Know, order, catalog, classify, store and process all the information provided by the owners in one or more databases, in the format it deems most convenient. In the same way, it may eliminate databases when it deems it convenient.
b. Verify, corroborate, check, validate, investigate or compare the information provided by the owners, with any information that is legitimately available to it.
c. Access, consult, compare and evaluate all the information about the owners stored in the databases of any credit, financial, judicial record or security risk center legitimately constituted, of state or private, national or foreign nature.
d. To study, process, treat, analyze, personalize and use the information provided by the owners for the follow-up, development and/or improvement, both individual and general, of the conditions of affiliation, service, administration, security or attention.
e. In the event that the Company does not have the capacity to carry out the processing by its own means, it may transfer the data collected to be processed by a third party, with prior notification to the owners of the data collected, in which case it will be in charge of the processing and must ensure appropriate conditions of confidentiality and security of the information transferred for processing.
5. Rights of the Owners of the Personal Data:
In accordance with the provisions of Article 8 of Law 1581 of 2012, the Company discloses the rights held by the Holders:
a. Right to know, update and rectify their personal data against the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose Processing is expressly prohibited or has not been authorized;
b. The right to request, at any time, proof of the authorization granted to the Data Controller, except when expressly exempted as a requirement for the Processing,
c. The right to be informed by the Company as the Data Controller or the Data Processor, upon request, regarding the use it has made of your personal data;
d. The right to submit requests to the Company or the Data Processor regarding the use that has been made of his/her Personal Data, and to be provided with such information;
e. The right to file complaints before the Superintendence of Industry and Commerce for infringements to the provisions of this law and other regulations that modify, add or complement it;
f. The right to revoke the authorization and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees. The revocation and/or deletion shall proceed when the Superintendence of Industry and Commerce has determined that in the Processing the Controller or Processor has incurred in conduct contrary to the law and the Constitution;
g. The right to access free of charge to your personal data that have been subject to Processing.
6. Cases in which Abusaid Gómez & Asociados does not require authorization for the processing of the data in its possession:
a. When the information is requested to Abusaid Gómez & Asociados by a public or administrative entity that is acting in the exercise of its legal functions or by court order.
b. When dealing with data of a public nature due to the fact that these are not protected by the scope of application of the regulation.
c. Events of medical or sanitary urgency duly proven.
d. In those events where the information is authorized by law to comply with historical, statistical and scientific purposes.
e. When dealing with data related to the civil registry of persons because this information is not considered private data.
7. To whom information may be provided by Abusaid Gómez & Asociados without the need for authorization from the owners of the Data:
a. To the owners of the data, their heirs or representatives at any time and through any means when requested to Abusaid Gómez & Asociados.
b. To the judicial or administrative entities in the exercise of their functions that make a requirement to the company to deliver the information.
c. To third parties that are authorized by any law of the Republic of Colombia.
d. To third parties to whom the Data Subject expressly authorizes to deliver the information and whose authorization is delivered to Abusaid Gómez & Asociados.
8. Authorization for the Collection of Personal Data.
The processing of personal data carried out by the Company implies a prior and informed authorization by the owner, unless the data is public. The Company will adopt a procedure to request the collection of personal data and will inform the purposes for which the data will be stored, guaranteeing the possibility of verifying the granting of such authorization.
The authorization may be given verbally, in writing or any other format that allows to guarantee its subsequent consultation.
The Holder undertakes to provide true, truthful, exact, authentic and current information and is responsible for the content of the same and for the damages caused to the Company or third parties by the delivery of false information. The Holder must keep the information updated at all times.
9. Area Responsible for the Attention of Requests, Inquiries and Claims Related to the Processing of Personal Data
The means for the reception and attention of queries, requests and claims before which the holder of the information may exercise his/her rights to know, update, rectify and delete the data and revoke the authorization granted are:
E-mail: info@abusaidgomez.com
Telephone number: 314-290-5025
10. Procedure for the Exercise of the Rights to Know, Update, Rectify, Rectify, Suppress information and to Revoke the Authorization by the Owners of the Information.
a. Consultations.
The Data Owners, their successors in title, their representative and/or attorney-in-fact or by stipulation in favor of another, may consult the personal information of the Data Owner contained in any database. For such purpose, the aforementioned persons shall prove the following information:
i. Name and surname
ii. Proof of the capacity in which he/she is acting.
iii. Type of document.
iv. Telephone number.
v. E-mail address.
vi. Country.
vii. Subject.
The consultation will be answered within a maximum term of ten (10) working days from the date of receipt of the same. When it is not possible to resolve the consultation within such term, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case shall exceed five (5) working days following the expiration of the first term.
b. Claims.
When the Data Subject or his/her assignees make a claim because they consider that the information contained in a database should be corrected, updated or deleted, or when they notice an alleged breach of the Law, they may file a claim, which must contain the following information:
i. The name and address of the Data Subject or any other means to receive a response.
ii. Documents proving the identity of the holder or his legal representative.
iii. The clear and precise description of the reason for non-compliance and the personal data in respect of which the holder seeks to exercise any of the rights.
In the event that the person who receives the claim is not competent to resolve it, he/she will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of the situation.
Once the claim is received with the complete documentation, a legend marked “claim in process” and the reason for the claim will be included in the Company’s Data Base, where the Data Subject to claim is stored, within a term no longer than two (2) business days. This legend shall be maintained until the claim is decided.
The maximum term to attend the claim will be fifteen (15) working days from the day following the date of its receipt. When it is not possible to address the claim within such term, the interested party shall be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. If the claimant does not submit the required documentation and information within two (2) months from the date of the initial claim, it will be understood that the claim has been withdrawn.
The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party shall be informed of the reasons for the delay and the date on which the claim will be addressed, which shall not exceed eight (8) business days following the expiration of the first term.
c. Suppression of information.
The Data Subject, the assignee, or his/her legal representative has the right to request the deletion of his/her data. The suppression implies the total or partial elimination of the personal information in the database files or treatments carried out in accordance with the request of the Data Subject. The request must indicate the intention to have the personal data deleted from the Company’s databases or to revoke the authorization granted for the processing of personal data. Likewise, the request must be made clearly identifying the name of the holder, the number of his identity document and his contact information (telephone and an updated e-mail).
11. Incidents Regarding Personal Information:
Upon the occurrence of any event that constitutes an incident or any circumstance that may jeopardize the security of the personal information of the Holders, the Company shall constitute the “Personal Information Security Committee” formed by the members of the Area Responsible for the Attention of Petitions, Inquiries and Claims Related to the Processing of Personal Data and by one (1) employee of the Company’s Management level in order to resolve the situation in a celere manner and inform the Holders of the events that have occurred.
12. Transfer of Data Abroad:
In accordance with Law 1581 of 2012, the Company may transfer data abroad when it has the authorization of the Holder. This transfer of information may be made, but is not limited to, to any parent, subsidiary or affiliate that the Company has or may have.
However, the Company shall refrain from transferring personal data of any kind to countries that do not provide adequate levels of data protection according to the standards set by the Superintendence of Industry and Commerce on the matter.
This abstention shall not apply when it concerns:
a. Information with respect to which the Data Subject has granted express and unequivocal authorization for the transfer.
b. Exchange of medical data, when so required by the treatment of the Data Subject for reasons of health or public hygiene.
c. Banking or stock exchange transfers, in accordance with the applicable legislation.
d. Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
e. Transfers necessary for the execution of a contract between the Data Subject and the Data Controller, or for the execution of pre-contractual measures, provided that the authorization of the Data Subject is obtained.
f. Transfers legally required for the safeguarding of the public interest, or for the recognition, exercise or defense of a right in a judicial process.
13. Modifications to the Data Processing Policy:
The Company reserves the right to modify this Policy at any time. However, any modification will be published on this page, and if applicable, a new authorization will be requested when the change refers to the purpose of the Processing.
14. Law, jurisdiction and validity
This Policy is effective as of June 9, 2021. Any interpretation, judicial or administrative action arising from the Processing of personal data that make up the Company’s databases and this policy shall be subject to the personal protection rules established in the Republic of Colombia and the competent administrative or jurisdictional authorities for the resolution of any concern, complaint or lawsuit about them shall be those of the Republic of Colombia.
In any case, in general, the information obtained will not be subject to Processing for a period longer than the legal existence of the Company in accordance with the legal or contractual circumstances that make necessary the handling of the information, without prejudice that, in any case, it will be kept if necessary to comply with statistical, historical or any other legal obligation.
Abusaid Gómez & Associates