1. PERSONAL DATA PROCESSING POLICIES
Acting voluntarily and ensuring that everything stated here is true, I make the following statement regarding the origin of the funds that I provide to GRUPO ESPUMADOS in order to comply with the provisions set forth in the latest update of Chapter X of the Legal Basic Circular issued by the Superintendency of Companies of Colombia No. 100 – 000016 of 12/24/2020, Resolution 100-006261 of 10/02/2020, implemented in accordance with what is contemplated in External Circular No. 100-00003 of July 26, 2016, Transparency and Business Ethics Program, other norms that modify, expand or repeal, and other legal requirements; as follows: 1. That my economic activity, employment, profession or occupation is lawful and I exercise it within the legal framework and the resources I possess do not come from illicit or illegal activities contemplated in the Colombian Penal Code Arts. 323 and 345. 2. That the resources that derive from the development of the legal relationship that I enter into with GRUPO ESPUMADOS will not be used to finance terrorism, financing of armed groups for the development of terrorist activities. 3. That I authorize GRUPO ESPUMADOS to cancel any legal relationship, in case of infringement of any of the commitments and obligations contained in this document or because the entity that represented me or my name or identification appears on the inhibitory or binding lists. 4. That therefore I exempt GRUPO ESPUMADOS from all responsibility that may arise from the erroneous, false or inaccurate information provided in this document or in any document that modifies, adds or complements it. 5. That the resources that the company I represent or my name or identification possesses in the inhibitory or binding lists come from the development of a legal activity.
I authorize GRUPO ESPUMADOS to take the corresponding measures in case of detecting any inconsistency in the information provided, exempting GRUPO ESPUMADOS from any responsibility that may arise from it. I permanently and irrevocably authorize GRUPO ESPUMADOS, and whoever represents its rights, to process, report, store, consult, provide or update any financial and commercial information for statistical, control, supervision, and commercial information purposes to other entities, from the moment of the connection, to the duly constituted information centers or databases that it deems appropriate, on the terms and during the time that the database systems, rules and authorities establish. The consequence of this authorization will be the inclusion of my data in the mentioned databases and therefore financial entities or any other entity will know my present and past behavior related to my financial obligations or any other personal or economic data that it deems relevant.
You have the right to submit correction, update or removal requests for personal information that we have requested in accordance with Colombian statutory law 1581 of 2012, to the information operators of GRUPO ESPUMADOS.
By accepting the data policy, the client expressly, freely, voluntarily and previously grants consent to GRUPO ESPUMADOS for the information considered by law as Personal Data to be collected, used, stored and processed by it in accordance with the purposes described in the Personal Data Processing Policy of GRUPO ESPUMADOS. I also acknowledge that I have been informed by GRUPO ESPUMADOS in advance about the following aspects:
This authorization is granted for the processing of Personal Data that I have provided in the past and that I will provide in the future, for information that will be used for the purposes described in the Personal Data Processing Policy of GRUPO ESPUMADOS, including sensitive data such as my fingerprints, photographs, videos and other data that may be considered sensitive according to the Law, will be processed in order to achieve the purposes related to carrying out control, monitoring, surveillance, and in general, ensuring the security of its facilities.
GRUPO ESPUMADOS will be responsible for the treatment of personal data of which I am the owner and may collect, use, and process my personal data in accordance with the Personal Data Treatment Policy of GRUPO ESPUMADOS, which is available in case it is required, and its customer service phone number is 316 5277692.
My personal data may be considered sensitive in accordance with the law and will be processed for the purpose of executing control, monitoring, surveillance, and generally ensuring the security of its facilities.
I acknowledge that my rights as the owner of the data are those provided for in the Constitution, especially the right to know, update and delete my personal information, as well as the right to revoke the consent granted for the processing of personal data. These rights can be exercised through the channels provided by GRUPO ESPUMADOS, such as their website www.grupoespumados.com and the communication channels displayed on it.
I authorize GRUPO ESPUMADOS to make inquiries in any database of competent public or private authority to certify the information on background that may be required by the company. I also authorize the Police, the Attorney General’s Office, SIJIN, DIJIN, INTERPOL, UIAF, and other jurisdictional and administrative entities to consult information regarding convictions, investigations, and judicial proceedings that have been or are being carried out against me.
Note 1: The above is in accordance with Law 1581 of 2012 and regulatory decrees.
Note 2: I authorize the company GRUPO ESPUMADOS and/or its delegate to consult, report, withdraw, and update my personal data and information related to my credit behavior as a debtor and/or user of any credit with the Company, to information centers such as Datacrédito, Cifin, Asobancaria system, which are duly constituted, and others that manage or administer databases for the same purposes.
I declare that I am aware of and accept the Personal Data Treatment Policy of GRUPO ESPUMADOS, and the information provided by me is truthful, complete, accurate, updated, and verifiable. By signing this document, I acknowledge and accept that any inquiry or claim related to the treatment of my personal data may be raised verbally or in writing before GRUPO ESPUMADOS as the data controller, and any changes must be notified to the company.
Article 15 of the Constitution of the Republic of Colombia establishes the right of any person to know, update, and rectify the personal data that exist about them in databases or files of public or private entities. Likewise, it orders those who have personal data of third parties to respect the rights and guarantees provided for in the Constitution when collecting, processing, and circulating such information.
Similarly, in balance, justice, and equity with the aforementioned Article 15, Article 20 of the Constitution of the Republic of Colombia establishes the right of any person, responsible party, or processor, to receive truthful and impartial information.
GRUPO ESPUMADOS is committed to complying with the regulations on the protection of personal data and respecting the rights of the information owners. Therefore, it adopts the following Personal Data Treatment Policy, which is mandatory in all activities involving the processing of personal data and mandatory compliance by the company, its administrators, employees and officials.
The Company, within the scope of its social purpose, receives, transmits and processes Personal Data internally and externally for the mission and support activities it carries out in accordance with its bylaws, social purpose, and the law.
These policies are mandatory and strictly enforced by GRUPO ESPUMADOS, its administrators, employees in Colombia and contractors and third parties acting on behalf of GRUPO ESPUMADOS.
All GRUPO ESPUMADOS employees must observe and respect these policies in the performance of their duties.
With this document, Grupo Espumados guarantees compliance with applicable personal data protection laws, and for the attention of queries and claims of the holders of the Personal Data on which the Company carries out Processing.
*Authorization: Prior, express and informed consent of the data subject to carry out the processing. This can be written, verbal or through unequivocal conduct that allows it to be reasonably concluded that the data subject gave authorization.
*Database: It is the organized set of Personal Data that are subject to electronic or non-electronic processing, regardless of the modality of their formation, storage, organization and access.
*Query: Request by the data subject or persons authorized by him/her or by law to know the information that is stored about him/her in databases or files.
*Personal data: Any information linked or that can be associated with one or more determined or determinable natural persons.
This data is classified as sensitive, public, private and semi-private.
*Sensitive personal data: Information that affects the privacy of the person or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social or human rights organizations; That promotes the interests of any political party or guarantees the rights and guarantees of opposition political parties; Also data relating to health, sexual life and biometric data (fingerprinting, among others).
*Public personal data: It is the data qualified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. Among others, the data contained in public documents, public records, gazettes, official bulletins and duly executed judicial sentences that are not subject to reserve are public, as well as those relating to the civil status of persons, their profession or occupation and their status as merchants or public servants. Personal data existing in the commercial register is public. Personal data in the mercantile registry of the Chambers of Commerce are public (Article 26 of the Commercial Code). Likewise, data that, by virtue of a decision of the owner or a legal mandate, are in freely accessible and consultable archives are public data. This data can be obtained and offered without reservation, regardless of whether it refers to general, private, or personal information.
*Private personal data: This is data that is intimate or confidential in nature and is only relevant to the data subject. Examples include books of merchants, private documents, and information extracted from home inspections.
*Semi-private personal data: This is data that is not intimate, confidential, or public in nature, and whose knowledge or disclosure may be of interest not only to the data subject but also to a certain sector or group of people or society in general. Examples include data relating to compliance or non-compliance with financial obligations or data relating to relationships with social security entities.
*Data processor: The person responsible for the processing of personal data is a natural or legal person, public or private, who, either alone or in association with others, decides on the database and/or processing of such data.
“Authorized” refers to the Company and all persons under its responsibility who, by virtue of the Authorization and Policy, have legitimacy to subject the Personal Data of the Owner to Processing. The Authorized includes the category of Enabled.
“Enabled” or being “Enabled” is the explicit and written authorization that the Company grants to third parties, in compliance with the applicable law, for the Processing of Personal Data, making such third parties Data Processors of the Personal Data provided or made available.
*Claim: A request by the data subject or persons authorized by them or by law to correct, update, or delete their personal data or when they notice a presumed violation of the data protection regime, according to Article 15 of Law 1581 of 2012.
*Data subject: The natural person to whom the information refers.
*Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion of such information, among others.
*Transmission: Processing of personal data that involves the communication of such data within (national transmission) or outside of Colombia (international transmission) and aims to carry out processing by the Processor on behalf of the Controller.
*Transfer: Data transfer takes place when the Controller and/or Processor of personal data located in Colombia sends the information or personal data to a recipient, who in turn is responsible for the processing and is located within or outside the country.
*Prerequisite for filing complaints: The Data Subject or heir may only file a complaint with the Superintendency of Industry and Commerce once they have exhausted the consultation or claim process with the Data Controller or Processor, as stipulated in Article 16 of Law 1581 of 2012.
PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
The processing of personal data must comply with the general and specific rules on the matter and must be carried out for activities permitted by law; In the development, interpretation, and application of this policy, the following principles will be harmoniously and comprehensively applied:
PRINCIPLES RELATED TO THE COLLECTION OF PERSONAL DATA
Principle of Freedom: Unless otherwise provided by law, the collection of data can only be carried out with the prior, express, and informed consent of the data subject. Personal data cannot be obtained or disclosed without the prior consent of the data subject or in the absence of a legal or judicial mandate that relieves consent.
The data subject must be informed clearly, sufficiently, and in advance about the purpose of the information provided, and therefore, data cannot be collected without clear specification of its purpose.
The principle of freedom must be observed for both the case of data collected through forms and those that are part of the annexes or documents that data subjects provide to GRUPO ESPUMADOS.
Principle of Limitation of Collection: Only personal data that are strictly necessary for the fulfillment of the purposes of processing should be collected, so the registration and disclosure of data that do not have a close relationship with the objective of processing is prohibited. Therefore, everything reasonably possible should be done to limit the processing of personal data to the minimum necessary. In other words, data should be: (i) adequate, (ii) relevant, and (iii) in accordance with the purposes for which they were intended.
PRINCIPLES RELATED TO THE USE OF PERSONAL DATA.
Purpose Principle: The processing of personal data must serve a legitimate purpose according to the Constitution and the Law, which must be informed to the data subject. The data subject must be informed in a clear, sufficient and prior manner about the purpose of the information provided, and therefore data cannot be collected without a specific purpose.
Temporal Principle: Personal data will be kept only for a reasonable and necessary period of time to fulfill the purpose of the processing and legal requirements or instructions from supervisory and control authorities or other competent authorities. Data will be kept when necessary for the fulfillment of a legal or contractual obligation. To determine the end of the processing, the applicable regulations for each purpose and the administrative, accounting, fiscal, legal and historical aspects of the information will be considered.
PRINCIPLES RELATED TO THE QUALITY OF INFORMATION.
Truth or Quality Principle: Information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fragmented or misleading data is prohibited. Reasonable measures must be taken to ensure that the data is accurate and sufficient, and when requested by the data subject or when determined by GRUPO ESPUMADOS, it must be updated, rectified or deleted as appropriate.
PRINCIPLES RELATED TO THE PROTECTION, ACCESS AND CIRCULATION OF PERSONAL DATA.
Security Principle: Each person linked to GRUPO ESPUMADOS must comply with the technical, human and administrative measures established by the entity to provide security to personal data, avoiding its alteration, loss, consultation, unauthorized or fraudulent use or access.
Transparency Principle: The data subject’s right to obtain information at any time and without restrictions about the existence of data concerning them must be guaranteed in the processing.
Restricted Access Principle: Access to personal data will only be allowed to the following persons:
To the data subject
To persons authorized by the data subject
To persons who, by legal mandate or court order, are authorized to access the data subject’s information.
Principle of Restricted Circulation: Personal data can only be sent or provided to the following individuals:
· The data subject
· Persons authorized by the data subject
· Public or administrative entities exercising their legal functions or by court order
Principle of Confidentiality: All individuals involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks involved in the processing has ended, and may only supply or communicate personal data when it corresponds to the development of activities authorized by law.
Any new project within the Company that involves the Processing of Personal Data must be consulted with the COMPLIANCE OFFICER, who is the person and department responsible for the data protection function to ensure compliance with the policy and the necessary measures to maintain the confidentiality of Personal Data.
PROCESSING TO WHICH PERSONAL DATA WILL BE SUBJECT AND ITS PURPOSE
GRUPO ESPUMADOS will process (collect, store, use, among others) personal data in accordance with the conditions established by the data subject, the law, or public entities, to fulfill in particular the activities inherent to its corporate purpose, such as contracting, execution, and commercialization of goods and services of GRUPO ESPUMADOS.
The processing of personal data may be carried out through physical, automated, or digital means according to the type and form of collection of personal information.
GRUPO ESPUMADOS may also process personal data, among others, for the following purposes:
· Exercise their right to sufficiently know the user with whom they intend to establish relationships, provide services, and evaluate the present or future risks of such relationships and services. Carry out the pertinent procedures for the pre-contractual, contractual and post-contractual stage with GRUPO ESPUMADOS, regarding any of the products or services offered by GRUPO ESPUMADOS that may or may not have been acquired, or regarding any underlying business relationship they have with them, as well as comply with Colombian or foreign law and orders from judicial or administrative authorities;
· Carry out marketing, sales and promotional activities, telemarketing (telephone marketing), customer service, brand activation activities, prizes and promotions, directly or through third parties derived from commercial alliances or any other link.
· Implement relationship strategies with customers, suppliers, shareholders and other third parties with whom the Company has contractual or legal relationships.
· Send invitations to events, improve products and services or offer new products, and all activities associated with the commercial relationship or link existing with GRUPO ESPUMADOS or that may be established.
· Manage procedures (requests, complaints, claims), carry out satisfaction surveys regarding the goods and services of GRUPO ESPUMADOS, linked companies or commercial allies of GRUPO ESPUMADOS.
· Disclose, transfer and/or transmit personal data within and outside the country to the parent companies, subsidiaries or affiliates of GRUPO ESPUMADOS or to third parties, as a result of a contract, law or lawful link that requires it or to implement cloud computing services.
The data collected or stored about GRUPO ESPUMADOS employees through the completion of forms, by telephone, or with the submission of documents (resumes, attachments) will be processed for all issues related to legal or contractual labor matters. In accordance with the above, GRUPO ESPUMADOS will use personal data for the following purposes: (1) To comply with laws such as, among others, labor law, social security, pensions, occupational hazards, family compensation funds (Comprehensive Social Security System) and taxes; (2) To comply with the instructions of competent judicial and administrative authorities; (3) To implement labor and organizational policies and strategies. These purposes will apply to data collected or stored about GRUPO ESPUMADOS employees through the completion of forms, by telephone, or with the submission of documents (resumes, attachments) for all legal or contractual labor matters.
Order, catalog, classify, divide or separate the information provided by data subjects. Verify, corroborate, check, validate, investigate or compare the information provided by data subjects with any legitimately available information, such as commercial relationships. Access, consult, compare and evaluate all information about the data subject stored in the databases of any credit, financial, judicial or security risk center, whether state or private, national or foreign, or any commercial or service database, to establish a comprehensive and complete historical record of behavior as a debtor, user, client, guarantor, endorser, affiliate, beneficiary, subscriber, contributor and/or as a holder of financial, commercial, or any other type of services.
For security purposes of the people, assets and facilities of GRUPO ESPUMADOS, they may be used as evidence in any type of legal process regarding data (i) collected directly at security checkpoints, (ii) taken from documents provided by individuals to security personnel, and (iii) obtained from video recordings made inside or outside of GRUPO ESPUMADOS’ facilities. They will be used for security purposes of the people, assets and facilities of GRUPO ESPUMADOS and may be used as evidence in any type of legal process.
To know, store and process all information provided by data subjects in one or more databases, in the format deemed most appropriate for carrying out all tax, accounting, fiscal and billing procedures.
In the course of its business and relationships with third parties, including clients, employees, contractors, subcontractors, creditors, strategic and commercial allies, subsidiaries, among others, GRUPO ESPUMADOS constantly collects data whose owners grant authorization for the processing of such personal data for the following purposes, among others: To develop commercial activities, carry out promotion, marketing and/or advertising campaigns, comply with obligations arising from contracts entered into with clients, suppliers and employees; comply with legal provisions or court decisions, respond to inquiries about products and services offered, conduct studies for statistical purposes, customer knowledge; inform data owners about news, products, services and special offers; develop activities related to telephone support services, collections or others of a similar nature, as well as for administrative, informational, marketing and sales purposes.
In relation to the above, GRUPO ESPUMADOS may carry out the following Processing to which the collected personal data will be subjected: 1. Obtain, store, compile, keep, exchange, update, collect, process, reproduce and/or dispose of the data or information, either partially or totally, of those owners who grant the appropriate authorization in accordance with the law and in the formats and media deemed convenient for each case. 2. Classify, order, and separate the information provided by the data subject. 3. Extend the information obtained in accordance with the Habeas Data law to the companies with which it contracts the services of capturing, collecting, storing, and managing its databases, subject to the appropriate authorizations obtained in this regard. 4. Transfer or transmit the data, either partially or totally, to its subsidiaries, businesses, affiliated companies and/or strategic allies, operating or not in another jurisdiction or territory.
RIGHTS OF DATA SUBJECTS.
Data subjects have the right to:
· Access, Rectify, Cancel, Oppose
· Know, update, and rectify personal data. For this purpose, it is necessary to establish the person’s identification beforehand to prevent unauthorized third parties from accessing the data of the data subject.
· Obtain a copy of the authorization.
· Be informed about the use that GRUPO ESPUMADOS has given to the data subject’s personal data.
· Process inquiries and complaints following the guidelines established by law and this policy.
· Access the request for revocation of the authorization and/or deletion of personal data when the Superintendency of Industry and Commerce has determined that GRUPO ESPUMADOS has engaged in conduct contrary to Law 1581 of 2012 or the Constitution.
· The data subject may also revoke the authorization and request the deletion of data when there is no legal or contractual obligation to remain in the responsible or Processor’s database or file.
· The request for deletion of information and revocation of authorization shall not proceed when the data subject has a legal or contractual obligation to remain in the database of the responsible or Processor.
· Access personal data free of charge. The information requested by the data subject may be provided by any means, including electronic means.
DUTIES OF GRUPO ESPUMADOS WHEN ACTING AS THE RESPONSIBLE PARTY FOR THE TREATMENT OF PERSONAL DATA
DUTIES OF GRUPO ESPUMADOS REGARDING THE DATA SUBJECT.
a. Ensure the data subject, at all times, the full and effective exercise of the right to habeas data, that is, to know, update, or rectify their personal data.
b. Request and keep, under the conditions provided in this policy, a copy of the respective authorization granted by the data subject.
c. Clearly and sufficiently inform the data subject about the purpose of the collection and the rights that he or she is entitled to by virtue of the authorization granted.
d. Inform, at the request of the data subject, about the use given to his or her personal data.
e. Process inquiries and complaints made in the terms indicated in this policy.
DUTIES OF GRUPO ESPUMADOS REGARDING THE QUALITY, SECURITY AND CONFIDENTIALITY OF PERSONAL DATA.
Comply with the principles of truthfulness or quality, security, and confidentiality as established in this policy.
Keep information under the necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.
Update information when necessary.
Rectify personal data when appropriate.
DUTIES OF GRUPO ESPUMADOS WHEN PERFORMING DATA PROCESSING THROUGH A PROCESSOR.
a. Provide the processor with only the personal data whose processing has been previously authorized.
b. Ensure that the information provided to the processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.
c. Communicate to the processor in a timely manner any updates regarding the data previously provided and take the necessary measures to ensure that the information provided remains up-to-date.
d. Promptly inform the processor of any rectifications made to personal data so that it can make the relevant adjustments.
e. Demand that the processor at all times respect the security and privacy conditions of the data subject’s information.
f. Inform the processor when certain information is under discussion by the data subject, once a claim has been presented, and the respective process has not been completed.
DUTIES OF GRUPO ESPUMADOS REGARDING THE SUPERINTENDENCE OF INDUSTRY AND COMMERCE.
a. Report any violations of security codes and risks in the management of data subjects’ information.
b. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
DUTIES OF GRUPO ESPUMADOS AS DATA PROCESSOR
If GRUPO ESPUMADOS processes data on behalf of another entity or organization (data controller), it must comply with the following duties:
· Guarantee the data subject the full and effective exercise of the right to habeas data at all times.
· Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, use or unauthorized or fraudulent access.
· Carry out timely updates, rectifications or deletions of the data.
· Update the information reported by the data controllers within five (5) business days from receipt.
· Handle inquiries and claims made by data subjects in accordance with this policy.
· Refrain from circulating information that is being disputed by the data subject and whose blocking has been ordered by the Superintendency of Industry and Commerce.
· Allow access to information only to persons authorized by the data subject or empowered by law for that purpose.
· Notify the Superintendency of Industry and Commerce of any violations of security codes and risks in the administration of data subjects’ information.
· Comply with instructions and requirements issued by the Superintendency of Industry and Commerce.
AUTHORIZATION FOR DATA PROCESSING
Those obligated to comply with this policy must obtain the data subject’s prior, express and informed authorization to collect and process their personal data. This obligation is not necessary when it comes to public nature data.
To obtain authorization, the following instructions must be followed:
First, before the person authorizes, it is necessary to clearly and expressly inform them of the following:
· The treatment to which their personal data will be subjected and its purpose.
· The optional nature of the response to the questions asked, when they concern sensitive data or the data of children and adolescents.
· The rights that correspond to them as data subjects provided in Article 8 of Law 1581 of 2012.
· The identification, physical or electronic address of GRUPO ESPUMADOS.
Secondly, consent from the data subject will be obtained through any means that can be consulted later, such as websites, forms, formats, in-person or social media activities, complaints and claims, data messages, or apps. Proof of compliance with the obligation to inform and obtain consent must be kept. Authorization may also be obtained from unequivocal actions of the Data Subject that allow to reasonably conclude that he/she gave his/her consent for the processing of his/her information. Such action(s) must be very clear so that there is no doubt or mistake about the will to authorize the processing.
AUTHORIZATION FOR PROCESSING SENSITIVE DATA.
When collecting sensitive data, the following requirements must be met:
· Authorization must be explicit.
· The Data Subject must be informed that he/she is not obliged to authorize the processing of such information.
· The Data Subject must be informed explicitly and in advance which of the data to be processed is sensitive and for what purpose.
AUTHORIZATION FOR PROCESSING DATA OF CHILDREN AND ADOLESCENTS (NNA)
When collecting and processing data of children and adolescents, the following requirements must be met:
Authorization must be granted by individuals authorized to represent the NNA. The representative of the NNA must guarantee their right to be heard and evaluate their opinion on the processing, taking into account the maturity, autonomy, and capacity of the NNA to understand the matter. It must be informed that it is optional to answer questions about the data of the NNA.
GRUPO ESPUMADOS ensures that the processing of personal data of children and adolescents will be carried out respecting their rights, which is why, in the commercial and marketing activities it carries out, it must have the prior, express, and informed authorization of the parent or legal representative of the girl, boy, or adolescent.
NATIONAL OR INTERNATIONAL TRANSFER OF PERSONAL DATA.
GRUPO ESPUMADOS may transfer data to other data controllers when authorized by the information subject or by law or by an administrative or judicial mandate.
INTERNATIONAL AND NATIONAL TRANSMISSIONS OF DATA TO DATA PROCESSORS.
GRUPO ESPUMADOS may send or transmit data to one or several data processors located within or outside the territory of the Republic of Colombia in the following cases:
When authorized by the data subject.
When there is a data transmission contract between the data controller and the data processor, even if there is no authorization.
PROCEDURES FOR DATA SUBJECTS TO EXERCISE THEIR RIGHTS
The following procedures are detailed so that data subjects can exercise their rights to know, update, rectify, and delete information or revoke their authorization.
The rights of data subjects can be exercised by the following individuals as authorized by Article 20 of Decree 1377 of 2013:
By the data subject, who must provide sufficient identification by the various means made available by GRUPO ESPUMADOS.
By their successors, who must prove such status.
By the representative and/or attorney-in-fact of the data subject, after proving their representation or power of attorney.
By stipulation in favor of another or for another.
The rights of children and adolescents will be exercised by persons authorized to represent them.
For the full and effective exercise of the rights of data subjects, GRUPO ESPUMADOS has provided the following means through which they can submit all their inquiries, complaints, and/or claims: [email protected]
Guidelines for addressing inquiries and claims:
All inquiries made by authorized individuals to know the personal data held by GRUPO ESPUMADOS will be EXCLUSIVELY channeled through the channels designated by GRUPO ESPUMADOS for this purpose. In any case, proof must be kept of the following:
· Date of receipt of the inquiry
· Identity of the requester
Once the identity of the data subject has been verified, the required personal data will be provided to them. The response to the inquiry must be communicated to the requester within a maximum term of ten (10) business days counted from the date of receipt. If it is not possible to attend to the inquiry within this term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which their inquiry will be attended to, which in no case shall exceed five (5) business days following the expiration of the first term.
To properly address inquiries, it will be necessary to have the identification of the person who, in accordance with the law, is legitimized for the inquiry and/or complaint about personal data.
Complaints aim to correct, update, or remove data or to file a complaint for the alleged failure to comply with any of the duties established for the data protection regime and in this policy.
The complaint must be submitted through a request addressed to GRUPO ESPUMADOS that contains the following information:
· Name and identification of the data subject or the legitimate person
· Precise and complete description of the facts that give rise to the complaint
· Physical or electronic address to send the response and report on the status of the process
· Documents and other relevant evidence that the requester wishes to present
If the complaint is incomplete, the interested party will be requested to rectify the shortcomings within five (5) days following the receipt of the complaint. If two (2) months have elapsed since the date of the request, and the requester has not provided the requested information, it will be understood that they have withdrawn the complaint.
The maximum term to address the complaint shall be fifteen (15) business days counted from the day following the date of its receipt. If it is not possible to attend to the complaint within this term, the interested party will be informed of the reasons for the delay and the date on which their complaint will be addressed, which in no case shall exceed eight (8) business days following the expiration of the first term.
GRUPO ESPUMADOS undertakes to guarantee the exercise of the rights of the data subjects, which can be exercised through written communication sent to the email address [email protected].
PERSON OR AREA RESPONSIBLE FOR PERSONAL DATA PROTECTION
The COMPLIANCE AGENT is the person and department in charge of the function of data protection, which can be contacted through the email [email protected].
GRUPO ESPUMADOS uses various means of video surveillance installed in different internal and external locations of our facilities or offices.
GRUPO ESPUMADOS informs about the existence of these mechanisms by disseminating video surveillance notices in visible locations.
The collected information will be used for the security of people, assets, and facilities. This information may be used as evidence in any type of process before any type of authority or organization.
DATE OF ENTRY INTO EFFECT OF THIS POLICY AND PERIOD OF DATA RETENTION
This policy was approved after the issuance of Law 1581 of 2012 and modified to incorporate some aspects established by Decree 1377 of June 27, 2013, and is therefore in effect from July 2, 2013.
The validity of the database will be for a reasonable and necessary time to fulfill the purposes of the treatment, taking into account the provisions of Article 11 of Decree 1377 of 2013.
DATA OF THE DATA CONTROLLER
• www.grupoespumados.com is controlled and operated by GRUPO ESPUMADOS, consisting of:
• Espumados S.A, NIT. 860036649-5, Autopista sur Carrera 4 No 6-15 Soacha, Cundinamarca, PBX: (1) 7424502 / (1) 7309130;
• Espumas Medellín S.A, NIT. 890921665-9, Carrera 48 # 98 Sur – 05 Variante a Caldas La Estrella /Autopista Sur # 54a-62 Itagüí, Antioquia, PBX:57 (4) 4441423;
• Espumas del Valle S.A, NIT.890320240-3, Carrera 146 No. 25 – 105 Callejón De La Viga, Vía Cali – Jamundí. PBX: (2) 6849000 – (2) 3989000;
• Espumados del Litoral S.A, NIT. 800177119-1, Calle 110 No. 9G-520 Av. Circunvalar Km 7, PBX: (5) 3197430 / (5) 3289137).
INFORMATION SECURITY POLICIES
GRUPO ESPUMADOS will adopt the necessary technical, administrative, and human measures to ensure the security of personal data with which it processes, protecting the confidentiality, integrity, use, unauthorized access and/or fraudulent use of such data. Mandatory security protocols are implemented for all personnel with access to personal data and information systems.
The internal security policies under which the holder’s information is retained to prevent its alteration, loss, consultation, unauthorized use, or access are included in the manual of security policies for the protection of personal data.
In all events where GRUPO ESPUMADOS collects data, a notice of Personal Data Protection will be included with the following text: “By participating in the event, every participant declares that he/she is aware of and authorizes GRUPO ESPUMADOS to collect, record, process, disseminate, compile, exchange, update, and dispose of the data or partial information provided by him/her, for the purpose of participating in the Event; as well as to transfer such data to third parties with whom it has commercial and transactional links for order processing, to respond to inquiries about products and services offered, to carry out studies for statistical purposes and knowledge of the customer, to inform its customers of news, products, services, and special offers, as well as telephone service, collections, or other similar services of its own brands or those of third parties. The Processing of personal data will be from the beginning of the Event until the day GRUPO ESPUMADOS is dissolved and liquidated.
ADJUSTMENTS TO THE INFORMATION TREATMENT POLICY (PTI)
In order to maintain the validity of the PTI, GRUPO ESPUMADOS may adjust and modify the PTI, indicating the date of the update on the website or by using other means, such as data messages, physical materials at points of sale, etc.
2. INTELLECTUAL AND INDUSTRIAL PROPERTY
All content included or made available to the CLIENT, including text, graphics, logos, icons, images, audio files, digital downloads, and any other information (the “Content”), is the property of GRUPO ESPUMADOS and has been licensed to it by:
• Espumados S.A, NIT. 860036649-5, Autopista sur Carrera 4 No 6-15 Soacha, Cundinamarca, PBX: (1) 7424502 / (1) 7309130;
• Espumas Medellín S.A, NIT. 890921665-9, Carrera 48 # 98 Sur – 05 Variante a Caldas La Estrella /Autopista Sur # 54a-62 Itagüí, Antioquia, PBX:57 (4) 4441423;
• Espumas del Valle S.A, NIT.890320240-3, Carrera 146 No. 25 – 105 Callejón De La Viga, Vía Cali – Jamundí. PBX: (2) 6849000 – (2) 3989000;
• Espumados del Litoral S.A, NIT. 800177119-1, Calle 110 No. 9G-520 Av. Circunvalar Km 7, PBX: (5) 3197430 / (5) 3289137) domiciled in Colombia.
The compilation of the Content is the exclusive property of GRUPO ESPUMADOS and, as such, THE CLIENT must refrain from extracting and/or reusing parts of the Content without the prior and express consent of the Company.
In addition to the Content, the trademarks, denominative or figurative, service marks, industrial designs, and any other intellectual property element that is part of the Content (the “Industrial Property”), are the property of GRUPO ESPUMADOS and, for this reason, cannot be used by CLIENTS in connection with any product or service that is not provided by GRUPO ESPUMADOS. In the same sense, the Industrial Property may not be used by CLIENTS in connection with any product and service that is not one of those marketed or offered by GRUPO ESPUMADOS in a way that produces confusion with its customers or that discredits the companies that make up GRUPO ESPUMADOS.
3. INTELLECTUAL PROPERTY OF THIRD PARTIES
GRUPO ESPUMADOS is a law-abiding company and does not intend to take advantage of the reputation of third parties by appropriating the intellectual property protected by them. For this reason, we have tools that seek to ensure that products purchased through our website are original and have legally entered the country. Considering the above, if you suspect that any product on our website infringes the intellectual property rights of third parties or infringes legally protected rights owned by you, please contact us immediately at the email address servicioalclie[email protected] to initiate all actions aimed at preventing this from continuing to happen.
4. RESPONSIBILITY OF GRUPO ESPUMADOS
GRUPO ESPUMADOS will do its best within its capabilities to ensure that the transmission of the Site is uninterrupted and error-free. However, given the nature of the Internet, such conditions cannot be guaranteed. In the same sense, THE CLIENT’s access to the Account may be occasionally restricted or suspended in order to carry out repairs, maintenance or introduce new Services. GRUPO ESPUMADOS will not be liable for losses (i) that have not been caused by the breach of its obligations; (ii) loss of profits or commercial opportunities; (iii) any indirect damage.
5. TERMS OF LAW
This agreement will be governed and interpreted in accordance with the laws of Colombia, without giving effect to any principles of conflicts of law. If any provision of these Terms and Conditions is declared illegal or presents a void, or for any reason becomes unenforceable, it shall be interpreted within the framework of the same and in any case shall not affect the validity and enforceability of the remaining provisions.