DATA PROTECTION AND HABEAS DATA POLICY
- OBJECT OF THE POLICY
The DATA PROTECTION POLICY contains an exposition related to the subjects, concepts and definitions as well as the procedures linked to the treatment of personal data on the website and mobile application by MACCA S.A.S.
- SCOPE OF APPLICATION
The DATA PROTECTION POLICY will be applied to the website and mobile application MACCA S.A.S. and all other subjects related to the processing of data that are processed due to or in connection with the development of its services.
The website and mobile application MACCA S.A.S., is owned by MACCA S.A.S. SAS, domiciled in Medellin, Antioquia, Colombia, e-mail firstname.lastname@example.org its capacity as RESPONSIBLE for the processing of data obtained directly from the holder, or by transfer respecting the principles and prohibitions that govern this matter, or in its capacity as CHARGER.
Data subject is the person whose data is subject to processing and susceptible to protection.
Owner of personal data.
Person who can be identified with the data, or set of data.
- DEFINITIONS (LAW 1581 OF 2012 AND DECREE 1377 OF 2013)
- PERSON RESPONSIBLE FOR THE PROCESSING: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data;
- PERSON IN CHARGE OF PROCESSING: Natural or legal person, public or private, who by himself or in association with others, carries out the Processing of personal data on behalf of the Controller.
- Data Controller: Natural person whose personal data is the object of processing.
- PERSONAL DATA:
Any information linked or that can be associated to one or several determined or determinable natural persons. They are classified as public data, i.e., data which
- PUBLIC: Data that is not semi-private, private or sensitive. Public data are considered, among others, data related to the marital status of individuals, their profession or trade and their status as merchants or public servants. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.
- SEMI-PRIVATIVES: Credit, financial and similar information.
- PRIVATE or SENSITIVE: They refer to the privacy of the Data Subject. Their improper use may generate discrimination (racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, health, sex life, and biometric data).
- OF MINORS: They allow the identification of a minor.
- TRANSFER: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.
- TRANSMISSION: Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia when its purpose is the performance of a Processing by the Processor on behalf of the Controller.
- DATA BASE: Organized set of personal data that is the object of processing.
- PRIVACY NOTICE: Verbal or written communication generated by the Controller, addressed to the Data Subject for the Processing of his personal data, about the existence of the Processing policies that will be applicable, the way to access them and the purposes of the Processing.
- CONSENT: Prior, express and informed consent of the Data Subject to carry out the processing of personal data.
- PROCESSING: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
- HABEAS DATA: Fundamental right enshrined in the Colombian National Constitution and rules that develop it, protected even by tutela action. Tool or mechanism to provide protection to the owner of the personal data against natural or legal persons who carry out any treatment of the same.
- STAKEHOLDER GROUPS: will be ways to group the holders, taking into account their nature, their similarities and differences, the purpose in the handling of their personal data, the type of relationship they have with the company. The main stakeholders of the company are:
- PRINCIPLES (LAW 1581 OF 2012)
- LEGALITY: The processing of personal data is a regulated activity that must be subject to the provisions of the law and the provisions that develop it;
- PURPOSE: The processing of personal data must obey a legitimate purpose in accordance with the Constitution and the Law, informed to the Data Subject;
- FREEDOM: The processing of data can only be exercised with the prior, express and informed consent of the Data Subject. Personal data may only be obtained or disclosed with prior authorization, or by legal or judicial mandate that supersedes consent;
- TRUTH OR QUALITY: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited;
- TRANSPARENCY: The right of the Data Subject to obtain from the Controller or Processor, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed;
- RESTRICTED ACCESS AND CIRCULATION: The processing of personal data may only be carried out by persons authorized by the Holder and/or by the persons provided for by law, or by legal or judicial permission or mandate;
- SECURITY: Personal data may not be in information and communication technologies, Internet or other means of dissemination or mass communication, unless access is technically controllable and limited only to the Holders or authorized third parties in accordance with the regulations in force;
- CONFIDENTIALITY: The information subject to Processing by the Data Controller or Data Processor shall be handled with the technical, human and administrative measures necessary for the security of the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access;
Confidentiality prevails even after the end of the relationship with any of the activities that comprise the Processing. Personal data information may only be provided or communicated as authorized by law.
- PURPOSE OF DATA PROCESSING FOR MACCA S.A.S.
The processing of personal data of owners will be closely related to the development of the corporate purpose of MACCA S.A.S., and will be carried out in accordance with the regulatory framework.
The main purposes are:
- Develop the object on the website and mobile application MACCA S.A.S.
- Send commercial, advertising or promotional information, training related to products, services, activities, news, content of interest and other services offered by the website and mobile application MACCA S.A.S., to all its stakeholders through any means of communication such as physical mail, email, SMS text messages and others.
- To comply with the contractual obligations acquired with customers, suppliers, contractors, employees and other persons related to the website and mobile application MACCA S.A.S..
- Conduct surveys related to the quality of products and / or services provided through the website and mobile application MACCA S.A.S..
- Develop activities related to the granting and increase of credit quotas when necessary, as well as the collection of the portfolio.
- Develop personnel selection, recruitment and evaluation processes.
- Comply with regulations applicable to suppliers and contractors, including but not limited to tax and commercial regulations.
- Comply with the provisions of the Colombian labor and social security laws, among others, applicable to former employees, current employees and candidates for future employment.
- Conduct internal or external audit programs.
- PROHIBITIONS LIMITATIONS TO DATA PROCESSING:
- The processing of sensitive data is prohibited, except when:
- Mediates explicit authorization to the treatment, except when it is not required by law;
- Authorization is granted by the legal representatives of the Data Controller, since data processing is necessary to safeguard the vital interest of the Data Controller and the Data Controller is physically or legally incapacitated;
- Is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided that they refer exclusively to its members or to persons who maintain regular contacts by reason of their purpose. However, if the data is to be provided to third parties, the authorization of the Data Controller is required;
- Data necessary for the recognition, exercise or defense of a right in a judicial process;
- A historical, statistical or scientific purpose. Provided that the identity of the Holders is suppressed.
- The processing of sensitive data is prohibited, except when:
- The processing of personal data of children and adolescents is prohibited, except for data of a public nature.
- The transfer of personal data of any kind to countries that do not provide adequate levels of data protection, or lower than those contained in law 1581 of 2012 and decree 1377 of 2013, is prohibited, except that:
- There is express and unequivocal authorization from the owner for the transfer.
- In the case of exchange of medical data, when so required by the Data Controller's treatment for reasons of health or public hygiene;
- Bank or stock exchange transfers, in accordance with the applicable legislation;
- Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity;
- Transfers necessary for the execution of a contract between the Data Subject and the Data Controller, or for the execution of pre-contractual measures as long as the authorization of the Data Subject is obtained;
- Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial proceeding.
- viii.When the Superintendence of Industry and Commerce issues the declaration of conformity related to the international transfer of personal data.
- COLLECTION AND CONSENT MECHANISMS
The website and mobile application MACCA S.A.S. obtains and treats personal data received directly from the holder and at the time of collecting them allows him to give his informed, free, voluntary and express consent. For this purpose, the company has privacy notices, authorization forms for the processing of personal data, the latter accepted by signature (electronic or handwritten) and through unequivocal acts duly announced and freely consented and approved by the holder.
Likewise, there are contractual clauses authorizing the processing of personal data, where applicable, accepted by signature and/or unequivocal acts duly announced and freely consented to and approved by the owner.
In the cases in which data is processed, in the capacity of data processor, the company has the contractual clauses, orders or exonerations or legal exemptions or exceptions or those of the competent authority sufficient to support such processing, as well as the due exonerations of responsibility by the relevant responsible parties.
- RESPONSIBLE AREAS
Within the website and mobile application MACCA S.A.S., the main areas responsible for the processing of personal data and the implementation of the rules for their due protection are the following:
- Legal representative
- Employees and contractors
- CONTROL AND SURVEILLANCE ENTITIES AND COMPETENT AUTHORITIES
Any holder of rights related to the protection of personal data, is free to go to the control entities and competent authorities to exercise them, taking into account the procedures for this purpose.
- Control and Surveillance Agency: SUPERINTENDENCIA DE INDUSTRIA Y COMERCIO (Superintendency of Industry and Commerce)
- Arbitration Tribunal
- Jurisdictional Authorities
- SHARES HELD BY THE HOLDER:
- TO KNOW: the right to know what personal data is processed by a data controller or data processor, how, where, when, why, for what purpose it is processed, and the means by which it was collected.
- UPDATE: the right to request and require the data controller or data processor to keep the personal data current and in accordance with the real and current circumstances of the data subject.
- RECTIFICATION: the right to request and demand that the data controller or data processor correct any errors, inaccuracies, mistakes (erroneous or incomplete).
- OPPOSE: the right to request and require the controller or processor of personal data not to process in a certain way or through a certain action or omission.
- CANCEL: the right to request the controller or processor of personal data to refrain from any data processing, except as required by law or by a competent authority.
- MECHANISMS FOR EXERCISING ACTIONS THE HOLDER
The holder of personal data can access the complete HABEAS DATA POLICY through the link contained in our website. www.macca.com.co
The procedure for the exercise of the right of HABEAS DATA is as follows:
- REQUEST: the holder of the right will submit the request to know, update, rectify, oppose or cancel the personal data, by means of a physical or digital writing, which will be sent to the electronic address of the website and mobile application MACCA S.A.S. TRAVELLERS. email@example.comThe following information, as a minimum, must be included, otherwise the petition will be deemed not to have been filed:
- Date and place
- Full name and surname of the holder
- Identity document of the holder
- Titleholder's position
- Telephone or cell phone of the owner
- Mailing address of the holder, where he/she can receive notifications.
- E-mail address of the holder, where you can receive notifications (if you do not have one, please declare it expressly).
- viii.Indicate which personal data in particular you wish to protect.
- Action through which you intend to enforce the protection of personal data (mark with an x)
- Reasons on which the petition is based
- Signature (electronic which is understood to be constituted by the sending of your e-mail)
- RESPONSE: once the request is received in the indicated channel (either physical or digital), the responsible will respond to it in a term not exceeding fifteen (15) working days. The response will be given by physical or digital means, sent to the postal or electronic address indicated by the holder in his request. The receipt will be equated to the notification of the response, so from this the terms for appeals by the holder will be counted.
- APPEAL: once the response to the petition is received by the holder, either at his postal or e-mail address, as the case may be, he will have five (5) working days to file an appeal for review, when he is not satisfied with the response. This recourse shall be exercised using the same means that the holder would have chosen at the beginning of the exercise of the right of HABEAS DATA, either physically or digitally.
- RESPONSE TO THE APPEAL: once the appeal for review is received in the indicated channel, a response will be given confirming receipt and forwarding to the superior within a maximum of five (5) days following receipt.
The hierarchical superior shall have fifteen (15) more days to respond to the appeal, counted from the moment he/she receives the appeal that the subordinate has brought to his/her attention. The response shall be given in the same physical or digital media, and shall be sent to the physical or digital addresses stated in the initial petition.
In the processing of data by the company MACCA S.A.S., shall apply the provisions of the PRIVACY NOTICE AND / OR PRIVACY, which is accessed on the website and mobile application MACCA S.A.S..
It is a pillar of the data processing policy to respect and preserve the right to privacy as a fundamental right, constitutionally protected in Colombia.
- INFORMATION SECURITY
In the processing of data on the website and mobile application MACCA S.A.S. will apply principles and tools that provide information security under reasonable criteria.
- MODIFICATIONS AND NOTIFICATIONS
The website and mobile application MACCA S.A.S. reserves the right to unilaterally modify this DATA PROTECTION AND HABEAS DATA POLICY at any time, and will announce the changes through any visible notice on its website, and by sending e-mails to registered OWNERS.
Given in Medellín, on September 15, 2020.