Cart 0

Privacy policy

Personal data

 

AUTHORIZATION FOR DATA PROCESSING

I have been informed (a) by DC Dotaciones Corpotativas (Responsible for the treatment) of the following: (i) The data provided in this document will be processed for the following purposes: Send or use the information for contractual, customer service, marketing purposes (such as consumption analysis, brand traceability among others), Commercial, (Such as benefits, promotions,  discounts, current campaigns, promotional events, writings, images, data messages, allied brands and programs of own brands or allies among others), update data and provide relevant information; Consultation to answer queries about products and services offered, conducting studies for statistical purposes, customer knowledge. Information, to inform the owners of the data about news, products, services and special offers, for the development of activities related to telephone services, collections or others of a similar nature. Allowing you to transfer or transmit the data or partial or total information to its subsidiaries, businesses, companies and / or affiliated entities and strategic or commercial allies that operate or not in another jurisdiction or Colombian territory. (ii) It is optional to answer questions about sensitive data or minors; (iii) As the owner of the data and / or representative of the minor, I have the rights to know, update, rectify or delete my information or revoke the authorization granted; (iv) If my request is not resolved directly, and alternatively, I have the right to file complaints with the Superintendence of Industry and Commerce, in accordance with Law 1581 of 2012, Decree 1377 of 2013 and other complementary regulations; (v) My rights and obligations can be exercised by strictly observing the DC Dotaciones Corporativas Data Processing Policy. Available on www.dotacionescorporativas.com and communicating to the email contacto@dotacionescorporativas.com. I declare that the provision of data from third parties, I have done with their unequivocal and express authorization.

INTERNAL MANUAL OF POLICIES AND PROCEDURES ON THE PROTECTION OF PERSONAL DATA OF DC DOTACIONES CORPORATIVAS.

This personal data protection policy is carried out by DC DOTACIONES CORPORATIVAS to comply with article 15 of the Constitution, Law 1581 of 2012, Decree 1377 of 2013 and other provisions that regulate the duties that assist the Responsible and Responsible for the Processing of personal data, among which stands out the adoption of an internal manual of policies and procedures to guarantee adequate compliance with the rights of the Holders of personal data.

SECTION I. GENERAL PROVISIONS

FIRST: OBJECT. This manual establishes a series of principles, rules and procedures to guarantee the Right of Habeas Data of the holders of personal data on which DC DOTACIONES CORPORATIVAS is Responsible or Responsible for the Treatment.

SECOND: DEFINITIONS.

  1. Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data;
  2. Database: Organized set of personal data that is subject to Treatment;
  3. Personal data: Any information linked or that can be associated with one or more determined or determinable natural persons;
  4. Sensitive personal data: any information that affects the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, human rights or that promotes the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as the relative data  health, sex life and biometric data. DC DOTACIONES CORPORATIVAS will not process sensitive data;
  5. Public personal data: It is the personal data qualified as such by the Political Constitution or the Law, or that does not constitute a private or sensitive personal data. Public personal data are those contained in registers, documents, gazettes, bulletins and databases of public access such as those relating to the civil registry, the commercial registry, the single registry of motor vehicles, judicial and disciplinary records, enforceable judicial sentences, and data contained in judicial processes and judicial proceedings on which there is no legal reservation or on which the publicity of personal data is predicated;
  6. Private data: It is the data that due to its intimate or reserved nature is only relevant to the Owner;
  7. Person in charge of the Treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of personal data on behalf of the Responsible for the Treatment. DC DOTACIONES CORPORATIVAS and its employees are in charge of the treatment;
  8. Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data. DC DOTACIONES CORPORATIVAS, will be responsible for the treatment, unless it is carried out for third parties;
  9. Owner: Natural person whose personal data are subject to Treatment. DC DOTACIONES CORPORATIVAS' customers, employees, distributors, and persons involved in market research are part of DC DOTACIONES CORPORATIVAS;
  10. Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion;
  11. Transmission: Processing of personal data that implies a transmission thereof inside and outside Colombia;
  12. Transfer: Sending personal data made by the Responsible or the Processor to a third party who will assume the status of Responsible;
  13. Privacy notice: Physical, electronic document or in any other format generated by the Responsible that is made available to the Owner for the Treatment of their personal data. In the Privacy Notice, the Owner is informed of the information regarding the existence of the information processing policies that will be applicable, how to access them and the characteristics of the Treatment that is intended to give to personal data.

WARNING: In case of doubts about the role of DC DOTACIONES CORPORATIVAS within the data processing, it is recommended to present a legal consultation.

THIRD: PRINCIPLES. The principles set out below form the basis of the personal data protection policy. In case of doubt as to the interpretation of the provisions contained in this manual, the principles shall be used to determine the meaning of the rule to be applied. These are:

  1. Principle of legality: The Treatment is a regulated activity that must be subject to the provisions of the Law and the other provisions that develop it. The personal data protection policy of DC DOTACIONES CORPORATIVAS is governed by articles 15 and 20 of the Political Constitution, Law 1581 of 2012, Decrees 1377 of 2013 and 886 of 2014 copied in Decree 1074 of 2015, sentence C-748 of 2011 and the circulars issued by the Superintendence of Industry and Commerce,  as well as the provisions that amend, replace or repeal them;
  2. Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder. As a general rule, the purpose of the Treatment will be the development of the corporate purpose of DC Dotaciones Corporativas, However, the treatment may have other purposes, as long as those are indicated to the Owner of the information.
  3. Principle of freedom: The Treatment can only be exercised with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent;
  4. Principle of veracity or quality: The information subject to Treatment must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractional or misleading data is prohibited;
  5. Principle of transparency: In the Treatment, the right of the Holder to obtain from the Data Controller or the Processor, at any time and without restrictions, information about the existence of data concerning him must be guaranteed;
  6. Principle of access and restricted circulation: The Treatment is subject to the limits that derive from the nature of the personal data, from the provisions contained in the Law and the Constitution. In this sense, the Treatment may only be done by the personnel of DC DOTACIONES CORPORATIVAS, or by authorized third parties;

Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties;

  1. Principle of security: The information subject to Treatment by the Responsible or Person in Charge thereof must be handled with the technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access;
  2. Principle of confidentiality: All persons involved in the processing of personal data that do not have the nature of public are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the Treatment, being able to only supply or communicate personal data when this corresponds to the development of the activities authorized in this law and in the terms thereof.

FOURTH: DATABASES. The policies and procedures contained in this manual apply to the databases managed by the company, which will be registered in accordance with the provisions of Law 1581 of 2012, Decree 886 of 2014. The data stored by DC FUNDACIONES CORPORATIVASmust be deleted when the purposes of the Treatment are fulfilled, except that they must be kept for the fulfillment of a contractual or legal obligation.

SECTION II: RIGHTS AND DUTIES

FIFTH: RIGHT OF THE HOLDERS OF THE INFORMATION. In accordance with the provisions of Article 8 of Law 1581 of 2012, the Owner of personal data has the following rights:

  1. Know, update and rectify your personal data in front of DC DOTACIONES CORPORATIVAS. This right may be exercised, among others against partial, inaccurate, incomplete, fractional, misleading data, or those whose Treatment is expressly prohibited or has not been authorized;
  2. Request proof of the authorization granted DC DOTACIONES CORPORATIVAS, except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012;
  3. Be informed by DC DOTACIONES CORPORATIVAS of the Treatment, upon request, regarding the use that has been given to personal data;
  4. Submit to the Superintendence of Industry and Commerce complaints for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it;
  5. Revoke the authorization or request the deletion of the data when the principles or rights are not respected in the Treatment. In case of conflict between DC DOTACIONES CORPORATIVAS and the Holder, the revocation or suppression will proceed when the Superintendence of Industry and Commerce has determined that in the Treatment the DC DOTACIONES CORPORATIVAS have incurred in conduct contrary to Law 1581 of 2012 to the Constitution;
  6. Access free of charge to your personal data that have been subject to Treatment.

SIXTH: DUTIES OF DC DOTACIONES CORPORATIVAS IN RELATION TO THE PROCESSING OF PERSONAL DATA.

FUNDACIONES CORPORATIVAS AB, as Responsible or Responsible for the Treatment, undertakes to permanently comply with the following duties in relation to the Processing of personal data:

  1. Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data;
  2. Request and keep a copy of the respective authorization granted by the Holder;
  3. Duly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted;
  4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;
  5. Ensure that the information provided to the Processor or the Data Controller, as the case may be, is true, complete, accurate, updated, verifiable and understandable;
  6. Update the information, communicating in a timely manner to the Person in Charge or Responsible for the Treatment, as the case may be, of all the news regarding the data previously provided and adopt the other necessary measures so that the information provided to it is kept updated;
  7. Rectify the information when it is incorrect and communicate the pertinent to the Data Processor;
  8. Provide the Processor or Data Controller, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of the Law;
  9. Require the Person in Charge or Responsible for the Treatment, as the case may be, and at all times, to respect the security and privacy conditions of the Holder's information;
  10. Process the queries and claims formulated in the terms indicated in articles 14 and 15 of Law 1581 of 2012;
  11. Inform the Person in Charge or Responsible for the Treatment, as the case may be, when certain information is under discussion by the Owner, once the claim has been filed and the respective procedure has not been completed;
  12. Inform at the request of the Owner about the use given to their data;
  13. Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders;
  14. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce;
  15. Update the information reported by the Data Controllers or Data Processors within five (5) business days from its receipt;
  16. Register in the database the legend "claim in process" in the manner regulated in Law 1581 of 2013, in case of claims by the Holder;
  17. Allow access to information only to persons who may have access to it;
  18. Register the databases in the National Registry of Databases.

Paragraph. In the event that the qualities of Responsible for the Treatment and Person in Charge of the Treatment concur in the same person, the fulfillment of the duties foreseen for each one will be required.

SEVENTH: SPECIAL TREATMENT OF CERTAIN PERSONAL DATA. DC DOTACIONES CORPORATIVAS will not be responsible or in charge of the Processing of data on sensitive information and minors.

SECTION III AUTHORISATION AND PROCEDURES

EIGHTH: AUTHORIZATION. Any processing of personal data in which DC DOTACIONES CORPORATIVAS acts as Manager or Responsible requires the free, prior, express and informed consent of the Owner thereof. DC DOTACIONES CORPORATIVAS has had the necessary mechanisms to obtain the authorization of the Holders, guaranteeing in any case that it is possible to verify the granting of said authorization.

In the event that DC DOTACIONES CORPORATIVAS, as Data Processor, has contractually agreed to execute the Treatment based on the policy of the counterparty, it must guarantee the principles contained in this manual.

NINTH: CONTENT AND FORM TO GRANT AUTHORIZATION. The authorization may be contained in a physical, electronic document or in any other format that allows to conclude unequivocally, that the Holder has expressly given his consent. The authorization must be able to be consulted later by the Holder and must contain:

  1. a) The name of the Holder;
  2. b) The type of identification and identification number of the Holder
  3. c) Contact details of the Data Controller (Mobile Number, Address and Email);
  4. d) The contact details of DC DOTACIONES CORPORATIVAS
  5. e) The identification of DC DOTACIONES CORPORATIVAS as Responsible or Responsible for the Treatment;
  6. f) The purpose of the Data Processing;
  7. g) The enunciation of the data on which the Treatment will be supplied;
  8. h) The rights that assist the Holder;
  9. i) The privacy notice;
  10. j) The mechanisms so that the Owner can know and exercise their rights, as well as the Personal Data Protection Policy of DC DOTACIONES CORPORATIVAS;
  11. k) A statement in which the Owner determines that he knows and understands the conditions under which the Treatment will be carried out, the rights that assist him and the mechanisms to exercise them;
  12. l) The signature of the Owner or any other physical or digital mechanism that allows to determine that the Holder authorizes the Processing of data.

Paragraph. The authorizations must be kept in a physical or digital file or database for the term determined by the Law. If there is a change in the purpose of the Treatment, DC DOTACIONES CORPORATIVAS must obtain a new authorization from the Holder.

TENTH: PRIVACY NOTICE. The authorization of DC DOTACIONES CORPORATIVAS must contain the following notice:

The processing of personal data will be carried out only for the purposes authorized by the Owner. The mechanisms that DC DOTACIONES CORPORATIVAS uses to carry out the Processing of Personal Data are safe and confidential, since we have the appropriate technological means to ensure that they are stored in such a way as to prevent unwanted access by third parties, and in that same order, we ensure the confidentiality of the same based on the Personal Data Processing Policy of DC DOTACIONES CORPORATIVAS which can be consulted on the page  www.dotacionescorporativas.com/datospersonales/. In case of doubts, requests, queries, claims and the like, you can contact DC DOTACIONES CORPORATIVAS through the mail contacto@dotacionescorporativas.com.

The authorization in addition to the above, will contain the company name DOTACIONES CORPORATIVAS, the trade name DC DOTACIONES CORPORATIVAS, the treatment to which the data will be submitted and the purpose thereof, the rights of the Holder and the mechanisms to know the policy of DC DOTACIONES CORPORATIVAS, as well as its updates. On the www.dotacionescorporativas.com/datospersonales/ website  , the privacy notice must be displayed along with the information mentioned in this paragraph, as determined in article 15 of Decree 1377 of 2013.

ELEVENTH: MEANS OF RESOLUTION OF QUERIES, CLAIMS AND REVOCATIONS. DC DOTACIONES CORPORATIVAS through its website www.dotacionescorporativas.com, will make available this Personal Data Protection Policy; the privacy notice, the forms for consultations, claims and revocations; and the instructions to fill them out. In addition, DC DOTACIONES CORPORATIVAS will enable contacto@dotacionescorporativas.com email  as a  communications channel between data holders and the company, as well as a contact form that will direct the requests completed on the website to the contacto@dotacionescorporativas.com mail  .

In case of doubts in this regard, the Owner may communicate by telephone to the 3104523659 numbers or write to the email contacto@dotacionescorporativas.com to receive more information.

TWELFTH: CONSULTATIONS. The Owner or his successors in title may consult free of charge the personal data of the Holder when DC DOTACIONES CORPORATIVAS Sobre as Responsible or Responsible for the Treatment. For this, the Owner or his successors in title must send a message to the email contacto@dotacionescorporativas.com, in which he will request his personal information. The message must contain as attachments:

  1. Copy of the holder's citizenship card;
  2. In case of being the successor in title, that is, his heirs, a copy of the civil registry in which the relationship or the link is proved.

The query will be answered to the email that sent the query within a maximum term of ten (10) business days from the date of receipt of the same. When it is not possible to attend the consultation within that term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which their consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

THIRTEENTH: CLAIMS AND DATA UPDATING. The Owner or his successors in title who consider that the information contained in a database should be corrected, updated, rectified or deleted, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, may file a claim with the Data Controller, which will be processed under the following rules:

  1. The Owner will send a message to the email contacto@dotacionescorporativas.com, in which he will present his request for update or claim. The message must contain as attachments:
  2. Copy of the holder's citizenship card
  3. In case of being the successor in title, a copy of the civil registry in which the relationship or the link is proven.
  4. If the claim is incomplete, the interested party will be required within five (5) days of receipt of the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn the claim.
  5. In the event that DC DOTACIONES CORPORATIVAS receives the claim without being competent to resolve it, it will transfer to the corresponding person within a maximum term of two (2) business days and will inform the interested party of the situation, as long as it has the information to contact the person who is addressed. In case of not having the information, you must inform the Owner that of that situation
  6. Once the complete claim is received, a legend that says "claim in process" and the reason for it will be included in the database, within a term not exceeding two (2) business days. This legend must be maintained until the claim is decided.
  7. The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend the claim within that term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

FOURTEENTH: REVOCATION OF THE AUTHORIZATION. The Holders of personal data may totally or partially revoke consent to the Processing of their personal data at any time, provided that it is not prevented by a legal or contractual provision. For this, the Holder or his successors in title must send a message to the email contacto@dotacionescorporativas.com in which he will request the revocation of the authorization. The message must contain as attachments:

  1. Copy of the holder's citizenship card

The request for revocation of the authorization will be answered to the email in the same terms of response as the queries.

SECTION IV: INFORMATION SECURITY

FIFTEENTH: SECURITY MEASURES. In development of the security principle established in Law 1581 of 2012, DC DOTACIONES CORPORATIVAS will adopt the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, or unauthorized or fraudulent access.

SIXTEENTH: IMPLEMENTATION OF SECURITY MEASURES. DC DOTACIONES CORPORATIVAS maintain mandatory security protocols for personnel with access to personal data and information systems. The procedure should consider at least the following aspects:

  1. Scope of the procedure with detailed specification of the protected data. Measures, norms, procedures, rules and standards aimed at guaranteeing the level of security required by Law 1581 of 2012;
  2. Functions and responsibilities of staff;
  3. Procedures for backing up and recovering data;
  4. Periodic checks to be carried out to verify compliance with the provisions of the security procedure.

The personal data on which DC DOTACIONES CORPORATIVAS performs the Treatment or is responsible rest in the Shopify application, in the www.dotacionescorporativas.com database  contained in the server owned by DC DOTACINES CORPORATIVAS.

SEVENTEENTH: SECURITY OF ACCESS AND HOSTING OF INFORMATION.

  1. The information is on servers or applications with exclusive data destination;
  2. The servers are located in a data center that meets technical standards; required to store sensitive data;
  3. Access to information is done through applications which are hosted on independent servers;

EIGHTEENTH: LOSS OF INFORMATION. The information of the servers is supported daily automatically and incrementally and monthly in full, guaranteeing double backup.

NINETEENTH: ADULTERATION AND FRAUDULENT ACCESS. Application entry can only be done by active officials who are validated through active directory policies, i.e. with user management, passwords and access to defined network segments

SECTION: V FINAL PROVISIONS

TWENTY: COMPETITION. The information analysis area will be responsible for:

  1. The adoption and implementation of the personal data protection policy;
  2. Resolve requests made by the Holders of personal data;
  3. Ensure compliance with security measures.

TWENTY-FIRST: CONTACT DETAILS. The holders of personal data may contact DC Dotaciones Corporativas when acting as Responsible in:

Address: Calle 30a n 72a 60, Medellín.

Telephones: +57 3053952046

Mail: contacto@dotacionescorporativas.com

Website: www.dotacionescorporativas.com