This Personal Data Protection Policy regulates the collection, storage, use, transmission, transfer, circulation and/or deletion of Personal Data, carried out by Acsendo SAS. (hereinafter "Acsendo SAS" or the "Responsible"), in accordance with the provisions contained in the Statutory Law 1581 of 2012, Decree 1377 of 2013 and other applicable regulations, through which general provisions for the protection of Personal Data are issued, and as applicable in accordance with Law 1266 of 2008 regarding the management of information contained in personal databases, especially financial, credit, commercial, services and from third countries.
1. Information of the Responsible for the Processing of Personal Data
The company Responsible for the Processing of Personal Data is:
Company Name: Acsendo SAS
Address: Bogotá, Colombia.
Address: Calle 96 #12 -31 Floor 3-4
Telephone: (1) 4660529
The following are defined terms that will be used in this Policy in accordance with the provisions of Law 1581 of 2012, as well as those referring to the classification of data in accordance with Law 1266 of 2008 and other applicable regulations (hereinafter the Law):
Authorization: prior, express and informed consent of the Data Subject to carry out the Processing of Personal Data.
Database: Organized set of Personal Data that is subject to processing.
Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons.
Public Data: Data qualified as all those that are not semi-private or private. Public data includes, among others, data contained in public documents, public records, gazettes, official gazettes and duly executed court rulings that are not subject to confidentiality, data relating to the marital status of individuals, their profession or trade and their status as merchants or public servants. These data may be obtained and offered without any reservation whatsoever and regardless of whether they refer to general, private or personal information.
Sensitive Data: Any information that may affect the privacy of the Data Subject or whose use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations of human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life and biometric data (fingerprints among others).
Data Processor: Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller.
Claim: Request of the data owner or the persons authorized by him/her or by law to correct, update or delete his/her personal data.
Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and / or the processing of data.
Data Subject: Natural person whose personal data is the object of Processing.
Processing: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
Transfer: The Transfer of data takes place when the person responsible and/or in charge of the Processing of Personal Data, located in Colombia, sends the information or the Personal Data to a recipient, which in turn is the Data Controller and is located inside or outside the country.
Transmission: Processing of Personal Data that involves the communication thereof within or outside the territory of the Republic of Colombia when the purpose is the performance of a Processing by the Processor on behalf of the Controller.
3. Processing to Which the Personal Data Will Be Submitted
Personal Data is collected, stored, organized, used, circulated, transmitted, transferred, updated, rectified, deleted, eliminated and managed by Acsendo SAS, according to the purposes for which it was collected and which are set out in point 7 of this Policy.
The Processing carried out by Acsendo SAS will be carried out for the time that is reasonable and necessary in accordance with the type of Processing. However, Acsendo SAS will keep for an indefinite term, those data that are required in order to comply with legal obligations.
Processing of Sensitive Data
Acsendo SAS does not collect, store, organize, use, circulate, transmit, transfer, update, rectify, delete, eliminate and manage sensitive data.
4. Rights of the Holders
In accordance with the provisions of Article 8 of Law 1581 of 2012 and Decree 1377 of 2013, as applicable in accordance with Law 1266 of 2008 and other applicable regulations, the Holder of Personal Data has the following rights:
To know, update and rectify their Personal Data against Acsendo SAS, in its capacity as Data Controller. This right may be exercised against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is expressly prohibited or has not been authorized.
Request proof and/or copy of the authorization granted to Acsendo SAS, in its capacity as Data Controller, except when expressly excepted as a requirement for the Processing, in accordance with the provisions of Article 10 of Law 1581 of 2012 (or in the rules that regulate, add, supplement, amend or repeal it), or when the continuity of treatment has been presented as provided in paragraph 4 of Article 10 of Decree 1377 of 2013.
To be informed by Acsendo SAS, upon request, regarding the use that has been made of their personal data.
File before the Superintendence of Industry and Commerce (hereinafter "SIC"), complaints for violations of the provisions of Law 1581 of 2012 and other rules that modify, add or supplement it once the consultation or complaint process has been exhausted before Acsendo SAS.
To revoke the authorization and/or request the deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees. The revocation and/or deletion will proceed when the SIC has determined that Acsendo SAS or the person in charge have incurred in conduct contrary to the law and the Constitution.
Access free of charge to the Personal Data that have been subject to Processing by Acsendo SAS.
These rights may be exercised only by the following persons:
By the Data Subject, who must sufficiently prove his or her identity.
By his or her successors in title, who must prove such capacity
By the representative and/or attorney-in-fact of the Data Subject, prior accreditation of the representation or power of attorney.
By stipulation in favor of another or for another.
5. Duties of Acsendo SAS as Responsible for the Processing of Personal Data
Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data.
Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the Data Subject.
Duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Ensure that the information provided to the Data Processor is truthful, complete, accurate, current, verifiable and understandable.
Update the information, communicating in a timely and regular manner to the Data Processor, all developments with respect to the data previously provided and take other necessary measures to ensure that the information provided to this is kept up to date.
Rectify the information when it is incorrect and communicate the relevant information to the Data Processor.
Provide the Data Processor, as the case may be, only data whose processing is previously authorized in accordance with the provisions of the Law.
Require the Data Processor at all times to respect the security and privacy conditions of the Data Subject's information.
To process the queries and claims formulated in the terms set forth in the Law.
Adopt an internal manual of policies and procedures to ensure proper compliance with this Law and, in particular, for the handling of inquiries and claims procedures by the Data Subject.
Inform the Data Processor when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed.
Inform at the request of the Data Subject about the use given to his/her data.
Design and implement effective mechanisms to timely report the information to the Data Processor.
Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Controllers.
Comply with the instructions and requirements given by the SIC.
6. Duties of Acsendo SAS when it acts as Data Processor of Personal Data
Guarantee to the Data Subject, at all times, the full and effective exercise of the right of habeas data.
Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Timely update, rectify or delete data in accordance with the terms of the Law.
Update the information reported by the Data Controllers within five (5) business days from its receipt.
To process the queries and claims made by the Data Controllers under the terms set forth in the Law.
Adopt an internal manual of policies and procedures to ensure proper compliance with the Law and, in particular, for the handling of inquiries and claims procedures by the Holders.
Register in the database the legend "claim in process" in the manner regulated by the Law.
Insert in the database the legend "information under judicial discussion" once notified by the competent authority about judicial proceedings related to the quality of the personal data.
Refrain from circulating information that is being disputed by the Data Subject and whose blocking has been ordered by the Superintendence of Industry and Commerce.
Allow access to the information only to the persons who may have access to it.
Inform the Superintendence of Industry and Commerce when there are violations to the security codes and there are risks in the administration of the information of the Holders.
Comply with the instructions and requirements given by the Superintendence of Industry and Commerce.
7. Purposes of Processing
The purposes of the Processing of Personal Data carried out by Acsendo SAS, are as follows:
Personal Data of Customers
Development of commercial proposals for sales of products or services offered by Acsendo SAS to its customers.
Execution of sales contracts and / or provision of services concluded between Acsendo SAS and its customers.
Customer service, marketing, research, market analysis and advertising through internal and external media.
Perform billing, collection and collection of the value of the services provided by Acsendo SAS to its customers.
Consultation and reporting to the information and risk centers.
8. Transfer and Transmission of Personal Data to Third Countries:
In the Transfer and Transmission of Personal Data, Acsendo SAS will comply with the following rules:
Transfer of Personal Data
The Transfer of Personal Data to countries that do not provide adequate levels of data protection is prohibited. Notwithstanding the foregoing, Acsendo SAS may Transfer Data when:
The Data Subject has granted express and unequivocal authorization for the transfer.
Exchange of medical data is carried out, when so required by the Treatment of the Holder for reasons of health or public hygiene.
Bank or stock exchange Transfers are carried out, in accordance with the applicable legislation.
Transfers are made within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
Transfers necessary for the execution of a contract between the Data Subject and the Data Controller, or for the execution of pre-contractual measures, provided that the authorization of the Data Subject is obtained.
Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial process.
Acsendo SAS transfers customer data to the following countries Argentina, Bolivia, Brazil, Costa Rica, Ecuador, El Salvador, Guatemala, Honduras, Peru, Mexico, Panama, Uruguay, in order to prepare quotations, obtain information on ongoing business, initiate implementation processes and finally, refer business and opportunities.
Transmission of Personal Data
In the Transmission of Personal Data carried out by Acsendo SAS as Data Controller, it shall comply with the provisions set forth in Article 25 of Decree 1074 of 2015, in relation to the contract for the transmission of personal data that it enters into with the Data Processors.
Acsendo SAS transmits customer data to the following countries Argentina, Bolivia, Brazil, Costa Rica, Ecuador, El Salvador, Guatemala, Honduras, Peru, Mexico, Panama, Uruguay, in order to obtain information on products and services required to prepare quotations issued by Acsendo SAS.
9. Department Responsible for Attention to Requests, Inquiries and Complaints
The implementation department of Acsendo SAS, e-mail email@example.com, will be responsible for the attention of requests, consultations, claims and complaints to ensure the exercise of the rights of the Holder of the Personal Data object of Treatment by Acsendo SAS.
10. Procedure for Exercising the Rights of the Personal Data Holder
Procedure for access and consultation:
The Holder of the Personal Data, or any of the authorized persons in accordance with the provisions of point 4, may consult the information contained in the databases of Acsendo SAS, for which they must make the corresponding request to the following email: firstname.lastname@example.org or physically by sending the request Carrera 12 #96-49.
To prevent unauthorized third parties from accessing the personal information of the Data Subject, it will be necessary to previously establish the identification of the Data Subject. When the request is made by a person other than the Data Subject and it is not accredited that the person is acting on behalf of the Data Subject, it will be considered as not submitted. The consultation will be answered within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the consultation within such term, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.
Procedure to request updating, correction, deletion, revocation of the authorization or to file a claim.
The Holder, or any of the authorized persons in accordance with the provisions of point 4, who consider that the information contained in the databases of Acsendo SAS should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, Decree 1377 of 2013 or any rule that complements or modifies it, may file a claim with Acsendo SAS, which will be processed in accordance with the following rules:
The claim will be formulated by means of a request that will be sent to the following e-mail: email@example.com of the Quality and Processes area.
In order to prevent unauthorized third parties from accessing the personal information of the Data Holder, it will be necessary to previously establish the identification of the Data Holder. When the request is made by a person other than the Data Subject and it is not accredited that the person is acting on behalf of the Data Subject, it will be considered as not submitted.
The request must contain the following information:
The identification of the Holder.
The contact information (physical and/or electronic address and contact telephone numbers).
The documents proving the identity of the Holder, or the representation of its representative.
A clear and precise description of the personal data with respect to which the Data Subject seeks to exercise any of the rights.
The description of the facts that give rise to the claim.
The documents to be asserted (Signature, identification number and fingerprint).
If the claim is incomplete, Acsendo SAS will require the interested party within five (5) days of receipt of the claim, via email, to correct the faults. After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been abandoned.
If the Area that receives the claim is not competent to resolve it, it shall transfer it to the appropriate person within a maximum term of two (2) business days and inform the interested party of the situation.
Once the complete claim has been received, a legend will be included in the database stating "claim in process" and the reason for the claim, within a term no longer than two (2) business days. Such legend shall be maintained until the claim is decided.
The maximum term to address the claim shall be fifteen (15) business days from the day following the date of receipt or correction. When it is not possible to address the claim within such term, the interested party shall be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
11. Deletion of Data
The Data Subject has the right, at any time, to request Acsendo SAS the suppression (deletion) of his/her personal data when:
Consider that they are not being treated in accordance with the principles, duties and obligations under Law 1581 of 2012, Decree 1377 of 2013 and other rules that complement or modify them.
They are no longer necessary or relevant for the purpose for which they were collected.
The period necessary for the fulfillment of the purposes for which they were collected has been exceeded.
This suppression implies the total or partial elimination of personal information as requested by the Holder in the records, files, databases or processing carried out by Acsendo SAS.
The right of deletion is not absolute and the Controller may deny the exercise of the same when:
The Data Subject has a legal or contractual duty to remain in the Acsendo SAS database.
The suppression of Personal Data hinders judicial or administrative proceedings related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.
The Personal Data is necessary to protect the legally protected interests of the Data Subject, to carry out an action in the public interest, or to comply with an obligation legally acquired by the Data Subject.
12. Revocation of the Authorization.
The Data Subject may revoke consent to the Processing of his/her personal data at any time, as long as it is not prevented by a legal or contractual provision.
13. Information Security.
In development of the principle of security, Acsendo SAS has adopted reasonable technical, administrative and human measures to protect the information of the Holders and to prevent adulteration, loss, consultation, use or unauthorized or fraudulent access. Access to personal data is restricted where Acsendo SAS will not allow access to this information to third parties under conditions different from those announced, with the exception of an express request from the Data Subject or persons legitimized in accordance with national regulations.
Notwithstanding the foregoing, Acsendo SAS shall not be liable for any action aimed at violating the security measures established for the protection of Personal Data.
14. Validity of the Policy.
The Policy is effective as of June 30, 2017. As a general rule, the term of the authorizations on the use of personal data is valid for the term of the business relationship or the link to the service and during the exercise of the corporate purpose of the company.
In any case, Acsendo SAS reserves the right to make updates to this policy, without prior notification to its addressees, for which reason we are grateful to be consulting possible updates by this means.