Personal data processing policy
Our company informs the holders of the personal data that are treated in any way by the company this information treatment policy, complying with the law. The main purpose of this policy is to inform the holders of the holders of the personal data the rights that assist them, the procedures and mechanisms provided by the company to make effective those rights of the holders, and to make them known the scope and purpose of the treatment to which the personal data will be submitted in case the Holder grants its express, prior and informed authorization. The company also confirms its commitment to the various interest groups with which it is related; and with the manifest interest of respecting all their rights, especially with this instrument their right to habeas data, intimacy and others related.
Chapter I.
General provisions
Article First: Definitions. These definitions are related to the meaning that should be given to the terms within this document.
a) Authorization: It is the prior, express and informed consent of the holder to carry out the processing of your personal data.
b) Database: It is the set of personal data that are subject to treatment regardless of the modality of it.
c) Financial data: It is all personal data referred to the birth, execution and extinction of monetary obligations, regardless of the nature of the contract that gives them origin, whose treatment is governed by the correpoidente standards.
d) Personal data: It is any information related or related to a natural person.
e) Public fact: It is one that the law calls as such, or the one that rests in records, certificates, documents or databases with a public character.
f) Sensitive data: It is the personal data related to the intimacy of the holder or that can lead to differentiated discrimination or treatment. Biometric data are also part of this category.
g) In charge of the treatment: it is the natural or legal person, of a public or private nature, which by itself or in association with others, performs the processing of personal data on behalf of the person responsible for the treatment.
h) Authorized: He is the person and his dependents who by virtue of authorization and these policies have legitimacy to treat the personal data of the holder. The authorized includes the genre of the authorized.
i) Enabling: It is the legitimation that expressly and in writing through a contract or document that makes its times, grants the company to third parties, in compliance with the applicable law, for the processing of personal data, making such third parties in charge of the treatment of personal data delivered or made available.
j) Treatment responsible: he is the person, authorized by the holder, who manages and makes decisions regarding the database.
k) Holder: It is the natural person to whom the data that rests in the database, and the object of protection of the law and concordant norms.
l) Transfer: It is the communication of personal data between the person in charge and the person in charge of the treatment.
m) Transmission: It is the activity of personal data processing through which they communicate, internally or with third parties, inside or outside the country, when such communication is intended to carry out any personal data processing activity.
n) Personal data processing: It is all aimed at the processing of databases, as well as its transfer to third parties.
Second article: Object. The database and information processing policy aims to develop the procedure to collect, store, use and carry out any activity on personal data, and other constitutional rights, freedoms and guarantees; as well as the right to information, as stipulated in the law and other concordant norms.
Third article: Subject to legal provisions. The company states that the guidelines for the processing of personal data will be those arranged by the norms in force in the field.
Fourth article: Purpose of the data collected. All the data that the company collects are aimed at: i) generate and administer the collection of all the necessary information for the fulfillment of the tax, commercial, civil, labor, legal and in general any obligation that concerns the company; i) Manage the company, regarding its clients, suppliers, shareholders and other interest groups; In front of customers, the information collected could be used, without restricting to: Delivery of information to financial entities for financial services management; customer loyalty; customer service management; advertising; marketing; management and commercial contact; Contacts for informative emails; sending physical and email; portfolio management; Offer of sale, rent and exchange of real estate; receipt and sending of real estate offers; transfer of information for contractual purposes; update or correct real estate data; information from our commercial allies; Realization of calls (Call Center) for administrative, commercial and advertising purposes; and in general, information related to the activity involved in the contracts signed between the parties; Develop technologies, services or plans that represent a better service for customers iii) comply with the legal and contractual obligations of the company; iv) Act within the framework of legal requirements in order to verify the legal nature and situation of some clients, contractors or suppliers; v) conserve the physical or digital file for the legally required time in such a way that they can be consulted later by the holder or an authority; vi) the transfer and transmission of the databases when necessary to comply with collection actions, procedure of credits, judicial actions and in general the other purposes provided in this numeral; vii) Information management of employees related to payroll, social management, social security, selection processes, contractual linking and well -being of employee IX) The other activities necessary for the effective provision of any of the usual or accidental services provided by the company.
Fifth article: Principles. The principles indicated in this article are the guidelines that will be respected by the company in the processes of collection, storage, use and administration of personal data:
- Principle of legality in the field of personal data processing: the treatment referred to in this policy is an activity regulated by law, which must be subject to the provisions of it and in the other provisions that develop it.
- Principle of Purpose: The treatment is due to the purposes established in the fourth article of this document.
- Principle of freedom: treatment can only be exercised with the consent, prior, express and informed of the holder. Personal data may not be obtained or disseminated without prior authorization, or in the absence of legal or judicial mandate that relieves consent.
- Principle of truthfulness: the information subject to treatment must be truthful, complete, accurate, updated, verifiable and understandable.
- TRANSPARENCE PRINCIPLE: The treatment of the holder to obtain from the person in charge of the treatment or the person in charge of the treatment must be guaranteed, at any time and without restrictions, information about the existence of data that concern it.
- Principle of access and restricted circulation: the processing of personal data and databases can only be done by the company or who is delegated according to the authorization provided by the holder. Personal data may not be available in public access and mass dissemination. In case of stored in the cloud, software or similar mechanisms, they will have restricted access and will not be public.
- Security principle: The company will provide minimal safety conditions to protect the information contained in its databases, for this purpose basic file measures regarding physical documents and digital security systems such as anti-virus and/or storage in storage will be implemented in The cloud for digital files.
- Confidentiality principle: As a general rule and except the provisions of the law, in the respective contract, or in this policy (with the authorization of the holder in the last two cases) the information and personal data will be of confidential treatment.
Chapter II
Rights and duties
Sixth article: Rights of the holder of personal data. According to the law, personal data holders have the following rights: i) Know, update and rectify their personal data against the company or those in charge of their treatment. This right may be exercised, among others, in the face of partial, inaccurate, incomplete, fractional data, which induce error, or those whose treatment is expressly prohibited or has not been authorized; ii) request proof of the authorization granted to the company, unless the law indicates that such authorization is not necessary; iii) submit applications to the company or the person in charge of the treatment regarding the use it has given to your personal data, since they give them such information; iv) present to a competent control agency the complaints about violations of the law; v) Revoke its authorization and/or request the suppression of their personal data of the company's databases, when the Superintendence of Industry and Commerce has determined by final administrative act that in the treatment the company or the person in charge of the treatment has incurred in behaviors contrary to the law or when there is no legal or contractual obligation to maintain personal data in the database of the person responsible; vi) request access and access their personal data that have been subject to treatment in accordance with the law; vii) know the modifications to the terms of this policy in a previous and efficient way to the implementation of the new modifications or, failing that, of the new information treatment policy; viii) have easy access to the text of this policy and its modifications; IX) Access easily and easily to the personal data found under the control of the company to effectively exercise the rights that the law grants to the holders; x) Know the agency or person empowered by the company against whom he may submit complaints, consultations, claims and any other request on their personal data.
The holders may exercise their rights and carry out the procedures established in this policy, through the presentation of their original identification document. Minors may exercise their rights personally, or through their parents or adults who hold parental rights, who must demonstrate it through the relevant documentation. Likewise, the rights of the holders who accredit said quality, the representative and/or attorney of the holder with the corresponding accreditation and those who have made a stipulation in favor of another or for another may exercise. The requests may be physically or via email according to the heading data.
Seventh article: Manager and responsible for the processing of personal data. The company will be directly who will serve as responsible and in charge of the processing of personal data; Inside you may delegate any area or dependence for such purposes. In general, the company undertakes to: i) Receive requests from personal data holders, process and respond to those that are based on the law or this document, such as: requests for updating personal data; requests to know personal data; Personal data suppression requests when the holder submit a copy of the decision of a competent control agency in accordance with the provisions of the Law, requests for information on the use given to your personal data, requests for updating personal data, requests of proof of the authorization granted, when she had proceeded according to the law; i) respond to the holders of the personal data on those requests that do not proceed in accordance with the Law. The contact data of the company is those indicated in the corresponding section.
Chapter III
Procedures
Eighth Article: Mechanisms for the Protection of the Holder. The holder may claim their rights, supplying the following procedures for this purpose:
8.1. Consultations: The company will have mechanisms so that the holder, his beneficiaries, his representatives and/or proxies, those whom he has stipulated in favor of another or for another, and/or the representatives of minors holding age, formulate consultations regarding What are the personal data of the holder that rest in the company's databases.
Whatever the medium, the company will keep proof of the consultation and its response. a) If the applicant has the capacity to formulate the consultation, in accordance with the accreditation criteria established in the law, the company will collect all the information about the holder that is contained in the individual registry of that person or that is linked to the identification of the holder within the databases of the company and will be known to the applicant. b) The person in charge of attending the consultation will respond to the applicant as long as he was entitled to it for being the holder of the personal data, his successful cause, attorney, representative, has been stipulated by another or another, that is, the legal responsible in the case of minors. This response will be sent within ten (10) business days from the date on which the application was received by the company. c) In the event that the application cannot be attended to the ten (10) business, the applicant will be contacted to communicate the reasons why the status of your application is in process. For this, the same medium or one will be used similar to the one used by the holder to communicate his application. d) The definitive response to all requests will not take more than fifteen (15) business days from the date on which the initial application was received by the company.
8.2. Claims: The company has mechanisms for the holder, its beneficiaries, representative and/or guardians, those who stipulated for another or another, and/or the representatives of minors holding age, formulate claims with respect to (i) personal data Treated by the company that must be the subject of correction, update or suppression, or (ii) the alleged breach of the duties of the company. The claim must be submitted by the holder, their beneficiaries or representatives or accredited in accordance with the law, like this:
It must be addressed electronically to the email given in the relevant section; or physically the direction given by the company.
You must contain the name and identification document of the holder.
It must contain a description of the facts that give rise to the claim and the objective pursued (update, correction or suppression, or fulfillment of duties).
You must indicate the address and contact and identification data of the claimant.
It must be accompanied by all the documentation that the claimant wants to assert.
8.2.1 The company before meeting the claim will verify the identity of the holder of the personal data, its representative and/or attorney, or the accreditation that there was a stipulation for another or another. To do this, you can require the citizenship card or original identification document of the holder, and the special powers, generals or documents that are required as the case may be.
8.2.2 If the claim or additional documentation is incomplete, the company will require the claimant for only one time within five (5) days following the reception of the claim to subsane the failures. If the claimant does not present the documentation and information required within the two (2) months following the date of the initial claim, it will be understood that he has withdrawn from the claim.
8.2.3 Once the claim has been received with the complete documentation, it will be included in the company's database where the owner's data subject to claim a legend that says “claim in process” and the reason for it, in a term, in a term Not greater than two (2) business days. This legend must be maintained until the claim is determined.
8.2.4 The maximum term to meet the claim will be fifteen (15) business days from the day following the date of your receipt. When it is not possible to meet the claim within said term, the interested party will be informed of the reasons for the delay and the date on which its claim will be met, which in no case may exceed eight (8) business days following the expiration of the first term.
VALIDITY. This policy governs from July 1, 2017. Personal data that are stored, used or transmitted will remain in our database, based on the criterion of temporality and need, during the time necessary for the purposes mentioned in This policy, for which they were collected.
