PERSONAL DATA PROTECTION POLICY
1. Reach
This Personal Data Protection Policy will apply to all Databases and/or Files that contain Personal Data that are subject to Processing by Central de Bobinados S.A., (hereinafter, “THE COMPANY”).
2. Identification of the Person Responsible for the Processing of Personal Data
Central de Bobinados S.A. Bucaramanga, 17th Street # 17-18 Bucaramanga Santander, Colombia.
3. Definitions
• Authorization: Prior, express and informed consent of the Owner to carry out the Processing of Personal Data.
• Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Owner for the Processing of their Personal Data, through which they are informed about the existence of the Information Processing Policies that will be applicable to them, the form of access them and the purposes of the Treatment that is intended to be given to personal data.
• Database: Organized set of Personal Data that is subject to Processing.
• Clients: Natural or legal person, public or private, with whom THE COMPANY has a commercial relationship. It includes shops, supermarkets, mini markets, among others.
• Consumers: Natural person who consumes the goods produced by THE COMPANY.
• Personal Data: Any information linked or that can be associated with one or several specific or determinable natural persons. Some examples of personal data are the following: name, citizenship card, address, email, telephone number, marital status, health data, fingerprint, salary, assets, financial statements, etc.
• Sensitive data: Information that affects the privacy of the Owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data, among others, the capture of a still image or in motion, fingerprints, photographs, iris, voice, facial or palm recognition, etc.
• Data Processor: Natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller. In events in which the Controller does not act as Data Base Manager, it will be expressly identified who will be the Manager.
• Responsible for the Treatment: Natural or legal person, public or private, who alone or in association with others, decides on the Database and/or the Processing of the data.
• Claim: Request from the data owner or from the persons authorized by the data owner or by the Law to correct, update or delete their personal data or to revoke the authorization in the cases established in the Law.
• Terms and Conditions: general framework in which the conditions are established for participants in promotional or related activities.
• Owner: Natural person whose Personal Data is the subject of Processing.
• Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is located within or outside the country.
• Transmission: Processing of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of the Controller.
• Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
4. Principles Applicable to the Processing of Personal Data
For the Treatment of Personal Data, THE COMPANY will apply the principles mentioned below, which constitute the rules to follow in the collection, handling, use, treatment, storage and exchange of personal data:
• Legality: The processing of personal data will be carried out in accordance with the applicable legal provisions (Statutory Law 1581 of 2012 and its regulatory decrees).
• Purpose: The personal data collected will be used for a specific and explicit purpose which must be informed to the Owner or permitted by Law. The Owner will be informed clearly, sufficiently and in advance about the purpose of the information provided.
• Freedom: The collection of Personal Data may only be exercised with the prior, express and informed authorization of the Owner.
• Veracity or Quality: The information subject to the Processing of Personal Data must be true, complete, exact, updated, verifiable and understandable.
• Transparency: In the Processing of Personal Data, the Owner's right to obtain, at any time and without restrictions, information about the existence of data that concerns him or her is guaranteed.
• Restricted access and circulation: The Processing of personal data may only be carried out by persons authorized by the Owner and/or by the persons provided for in the Law.
• Security: Personal Data subject to Processing will be handled adopting all necessary security measures to prevent loss, adulteration, unauthorized or fraudulent consultation, use or access.
• Confidentiality: All officials who work at THE COMPANY are obliged to keep confidential the personal information to which they have access during their work at THE COMPANY.
5. Treatment and Purposes to which the Personal Data processed by THE COMPANY will be submitted
THE COMPANY, acting as Responsible for the Processing of Personal Data, for the proper development of its commercial activities, as well as for the strengthening of its relationships with third parties, collects, stores, uses and deletes Personal Data corresponding to natural persons with whom it has or has had a relationship, such as, without the enumeration meaning any limitation, workers and their families, shareholders, clients, suppliers, for the following purposes:
5.1. General purposes for the processing of Personal Data
• Evaluate the quality of the service;
• Respond to queries, requests, complaints and claims made by the Owners and control bodies and transmit the Personal Data to the other authorities that, by virtue of the applicable law, must receive the Personal Data;
• To eventually contact, via email, or by any other means, natural persons with whom you have or have had a relationship, such as, without the enumeration being limited, workers and their families, shareholders, clients and suppliers, for aforementioned purposes.
• Transfer the information collected to different areas of THE COMPANY for the development of its operations (portfolio collection and administrative collections, accounting, among others);
• To attend to judicial or administrative requirements and compliance with judicial or legal mandates;
• Register your personal data in THE COMPANY's information systems and in its commercial and operational databases;
• Any other activity of a similar nature to those previously described that is necessary to develop the corporate purpose of THE COMPANY.
5.2. Regarding the personal data of our Clients:
• To fulfill the obligations contracted by THE COMPANY with its Clients at the time of acquiring our services;
• Send information about changes in the conditions of the services offered by THE COMPANY;
•To strengthen relationships with Clients, by sending relevant information and evaluating the quality of the service;
• For the determination of pending obligations, the consultation of financial information and credit history and the report to information centers of unfulfilled obligations, with respect to its debtors;
5.3. Regarding the personal data of our employees:
• Manage and operate, directly or through third parties, the personnel selection and hiring processes, including the evaluation and qualification of participants and the verification of work and personal references;
• Develop the activities of Human Resources management within THE COMPANY, such as payroll, affiliations to entities of the general social security system, well-being and safety and health activities at work, exercise of the employer's sanctioning power, among others. others;
• Make the necessary payments derived from the execution of the employment contract and/or its termination, and the other social benefits that may be applicable in accordance with the applicable law;
• Contract labor benefits with third parties, such as life insurance, medical expenses, among others;
• Notify authorized contacts in case of emergencies during work hours or during work;
• Coordinate the professional development of employees, employee access to the employer's IT resources and provide support for their use;
• Plan business activities;
5.4. Regarding Supplier Data:
• To invite them to participate in selection processes;
• For the evaluation of compliance with its obligations;
• To register in THE COMPANY's systems;
• To process your payments and verify outstanding balances;
5.5. Regarding the personal data of our shareholders:
• For the recognition, protection and exercise of the rights of the shareholders of THE COMPANY;
• For the payment of dividends;
• To eventually contact, via email, or by any other means, the shareholders for the aforementioned purposes;
6. Rights of the Owners of Personal Data
Natural persons whose Personal Data is processed by THE COMPANY have the following rights, which they can exercise at any time:
6.1 Know the Personal Data on which THE COMPANY is carrying out the Treatment. Likewise, the Owner may request at any time that their data be updated or rectified, for example, if they find that their data is partial, inaccurate, incomplete, fragmented, misleading, or those whose Processing is expressly prohibited or not. has been authorized.
6.2 Request proof of the authorization granted to THE COMPANY for the Processing of your Personal Data.
6.3 Be informed by THE COMPANY, upon request, regarding the use that it has given to your Personal Data.
6.4 Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of the Personal Data Protection Law.
6.5 Request THE COMPANY to delete your Personal Data and/or revoke the authorization granted for the Treatment thereof, by submitting a claim, in accordance with the procedures established in section 13 of this Policy. However, the request for deletion of the information and the revocation of the authorization will not proceed when the Owner of the information has a legal or contractual duty to remain in the Database and/or Files, nor while the relationship between the Owner and THE COMPANY, by virtue of which their data was collected.
6.6 Access free of charge to your Personal Data that has been processed. The rights of the Owners may be exercised by the following people:
• By the Owner;
• By their successors, who must prove such quality;
• By the representative and/or attorney of the Owner, prior accreditation of the representation or power of attorney;
• By stipulation in favor of another or for another.
7. Duties of THE COMPANY as Controller of Personal Data Processing
THE COMPANY is aware that Personal Data is the property of the people to whom it refers and only they can decide about it. In this sense, THE COMPANY will use the Personal Data collected only for the purposes for which it is duly authorized and respecting, in any case, the current regulations on the Protection of Personal Data. THE COMPANY will attend to the duties provided for the Data Controllers, contained in article 17 of Law 1581 of 2012 and the other regulations that regulate, modify or replace it.
8. Area Responsible for the Implementation and Observance of this Policy
The administrative area is in charge of the development, implementation, training and observance of this Policy. For this purpose, all officials who carry out the Processing of Personal Data in the different areas of THE COMPANY are obliged to report these Databases to the administrative area and to immediately transfer all requests, complaints or claims to it. that they receive from the Holders of Personal Data. The administrative area has also been designated by THE COMPANY as the area responsible for handling requests, queries, complaints and claims before which the Owner of the information may exercise their rights to know, update, rectify and delete the data and revoke the authorization. . This area is located at the address of THE COMPANY headquarters Bucaramanga, Colombia, and can be contacted through email: gerencia@centraldebobinados.com.
9. Authorization
THE COMPANY will request prior, express and informed authorization from the Owners of the Personal Data on which the Treatment is required. This expression of the Owner's will may occur through different mechanisms made available by THE COMPANY, such as:
• In writing, through email or communication, giving authorization for the Processing of Personal Data.
• Orally, through a telephone conversation.
• Through unequivocal conduct that allows us to conclude that you have granted your authorization, through your express acceptance of the Terms and Conditions of an activity within which the authorization of the participants is required for the Processing of their Personal Data.
IMPORTANT: In no case will THE COMPANY assimilate the Owner's silence to unequivocal conduct.
10. Special Provisions for the Processing of Personal Data.
10.1 Processing of Personal Data of a Sensitive Nature
The Processing of Personal Data of a sensitive nature is prohibited by law, unless there is express, prior and informed authorization from the Owner, among other exceptions enshrined in Article 6 of Law 1581 of 2012. In this case, in addition to comply with the requirements established for authorization, THE COMPANY will inform the Owner:
• that since it is sensitive data, it is not obliged to authorize its Treatment.
• which of the data that will be processed are sensitive and the purpose of the processing.
Additionally, THE COMPANY will treat sensitive data collected under security and confidentiality standards corresponding to its nature. To this end, THE COMPANY has implemented administrative, technical and legal measures contained in its Policies and Procedures Manual, which are mandatory for its employees and, as applicable, for its suppliers, related companies and business allies.
10.2 Processing of Personal Data of Children and Adolescents
According to the provisions of Article 7 of Law 1581 of 2012 and Article 12 of Decree 1377 of 2013, THE COMPANY will only carry out the Treatment corresponding to children and adolescents, as long as this Treatment responds to and respects the best interest of children and adolescents and ensure respect for their fundamental rights. Once the above requirements have been met, THE COMPANY must obtain the Authorization of the legal representative of the child or adolescent, prior to the minor's exercise of his or her right to be heard, an opinion that will be valued taking into account maturity, autonomy and ability to understand the matter.
11. Procedure for Attention and Response to Requests, Queries, Complaints and Claims from Personal Data Holders
The Holders of Personal Data processed by THE COMPANY have the right to access their Personal Data and the details of said Treatment, as well as to rectify and update them if they are inaccurate or to request their elimination when they consider that they turn out to be excessive or unnecessary for the purposes. that justified their obtaining or opposing their Treatment for specific purposes. The ways that have been implemented to guarantee the exercise of said rights through the presentation of the respective request are:
• Communication addressed to Central de Bobinados S.A. administrative area, Calle 17 No 17-18 Bucaramanga. Colombia.
• Request submitted to the email: gerencia@centraldebobinados.com
• Request submitted through the telephone number +57 (7) 671 2643 to the administrative area.
These channels may be used by holders of personal data, or third parties authorized by law to act on their behalf, in order to exercise the following rights:
11.1 Procedure for making requests and queries
I. The Owner may consult his/her personal data at any time. For this purpose, you may submit a request indicating the information you wish to know, through any of the mechanisms indicated above.
II. The Owner or his successors must prove his identity, that of his representative, the representation or stipulation in favor of another or for another. When the request is made by a person other than the Owner and it is not proven that the request is acting on behalf of the Owner, it will be considered not submitted.
III. The query and/or request must contain at least the name and contact address of the Owner or any other means to receive the response, as well as a clear and precise description of the personal data with respect to which the Owner seeks to exercise the right of consultation. and/or request.
IV. If the query and/or request made by the Data Owner is incomplete, THE COMPANY will require the interested party within five (5) days following receipt of the query and/or request to correct the deficiencies. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that they have abandoned their query.
V. Requests and/or queries will be attended to by THE COMPANY within a maximum period of ten (10) business days from the date of receipt thereof. When it is not possible to attend to the request or query within said period, the applicant will be informed of this fact, expressing the reasons for the delay and indicating the date on which their request or query will be attended to, which in no case may exceed five ( 5) business days following the expiration of the first term.
11.2 Procedure for making complaints and claims
In accordance with the provisions of Article 14 of Law 1581 of 2012, when the Owner or his successors consider that the information processed by THE COMPANY should be corrected, updated or deleted, or when it should be revoked due to the alleged non-compliance. of any of the duties contained in the Law, may submit a request to THE COMPANY, which will be processed under the following rules:
I. The Owner or his successors must prove his identity, that of his representative, the representation or stipulation in favor of another or for another. When the request is made by a person other than the Owner and it is not proven that the request is acting on behalf of the Owner, it will be considered not submitted.
II. The request for rectification, updating, deletion or revocation must be submitted through the means enabled by THE COMPANY indicated in this document and contain, at a minimum, the following information:
• The name and home address of the Owner or any other means of receiving the response.
• The documents that prove the identity of the applicant and, if applicable, that of their representative with the respective authorization.
• The clear and precise description of the personal data with respect to which the Owner seeks to exercise any of the rights and the specific request.
III. If the application is submitted incomplete, THE COMPANY must require the interested party to correct the deficiencies within five (5) days following its receipt. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that they have withdrawn their application.
IV. In the event that the person receiving the request is not competent to resolve it, they will forward it to the Legal area of ??Central de Bobinados S.A., within a maximum period of two (2) business days and will inform the interested party of the situation.
V. Once the request is received, a legend that says "claim in process" and the reason for it will be included in the Database, within a period of no more than two (2) business days. This legend must be maintained until it is decided.
VI. The maximum period to respond to this request will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend to it within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be attended to, which in no case may exceed eight (8) business days following the expiration of the first term.
12. Information Obtained passively
When the services contained within THE COMPANY's websites are used, the COMPANY may collect information passively through information management technologies, such as "cookies", through which information about the hardware is collected. and the computer software, IP address, browser type, operating system, domain name, access time and the addresses of the referring websites; Through the use of these tools, Personal Data is not directly collected from users. Information will also be collected about the pages that the person visits most frequently on these websites in order to understand their browsing habits. However, the user of THE COMPANY's websites has the possibility of configuring the operation of the "cookies", according to the options of their internet browser.
13. Security of Personal Data
THE COMPANY, in strict application of the Principle of Security in the Processing of Personal Data, will provide the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access. The obligation and responsibility of THE COMPANY is limited to having the appropriate means for this purpose. THE COMPANY does not guarantee the total security of your information nor is it responsible for any consequence derived from technical failures or improper entry by third parties to the Database or file in which the Personal Data subject to Processing by THE COMPANY resides. and their Managers. THE COMPANY will require the service providers it contracts to adopt and comply with the appropriate technical, human and administrative measures for the protection of Personal Data in relation to which said providers act as Processors.
14. Transfer, Transmission and Disclosure of Personal Data
THE COMPANY may disclose to its related companies worldwide, the Personal Data on which it carries out the Treatment, for its use and Treatment in accordance with this Personal Data Protection Policy. Likewise, THE COMPANY may deliver Personal Data to third parties not linked to THE COMPANY when:
• They are contractors in the execution of contracts for the development of THE COMPANY's activities;
• By transfer to any title of any line of business to which the information relates. In any case, when THE COMPANY wishes to send or transmit data to one or more Processors located within or outside the territory of the Republic of Colombia, it will establish contractual clauses or will celebrate a contract for the transmission of personal data in which, among others, it is agreed the next:
I. The scope and purposes of the treatment.
II. The activities that the Manager will carry out on behalf of THE COMPANY.
III. The obligations that the Manager must comply with regarding the Data Owner and THE COMPANY.
IV. The duty of the Manager to process the data in accordance with the authorized purpose for the same and observing the principles established in Colombian Law and this policy.
V. The obligation of the Manager to adequately protect personal data and databases as well as to maintain confidentiality regarding the processing of transmitted data.
VI. A description of the specific security measures that will be adopted by both THE COMPANY and the Data Processor at their destination. THE COMPANY will not request authorization when the international transfer of data is covered by any of the exceptions provided for in the Law and its Regulatory Decrees.
15. Applicable Legislation
This Personal Data Protection Policy, the Privacy Notice, and the Authorization Form Annex that is part of this Policy, are governed by the provisions of current legislation on the protection of Personal Data referred to in Article 15. of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013, Decree 1727 of 2009 and other regulations that modify, repeal or replace them.
16. Validity
This Personal Data Protection Policy is in force since December 7, 2016.
This Personal Data Protection Policy will apply to all Databases and/or Files that contain Personal Data that are subject to Processing by Central de Bobinados S.A., (hereinafter, “THE COMPANY”).
2. Identification of the Person Responsible for the Processing of Personal Data
Central de Bobinados S.A. Bucaramanga, 17th Street # 17-18 Bucaramanga Santander, Colombia.
3. Definitions
• Authorization: Prior, express and informed consent of the Owner to carry out the Processing of Personal Data.
• Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Owner for the Processing of their Personal Data, through which they are informed about the existence of the Information Processing Policies that will be applicable to them, the form of access them and the purposes of the Treatment that is intended to be given to personal data.
• Database: Organized set of Personal Data that is subject to Processing.
• Clients: Natural or legal person, public or private, with whom THE COMPANY has a commercial relationship. It includes shops, supermarkets, mini markets, among others.
• Consumers: Natural person who consumes the goods produced by THE COMPANY.
• Personal Data: Any information linked or that can be associated with one or several specific or determinable natural persons. Some examples of personal data are the following: name, citizenship card, address, email, telephone number, marital status, health data, fingerprint, salary, assets, financial statements, etc.
• Sensitive data: Information that affects the privacy of the Owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data, among others, the capture of a still image or in motion, fingerprints, photographs, iris, voice, facial or palm recognition, etc.
• Data Processor: Natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller. In events in which the Controller does not act as Data Base Manager, it will be expressly identified who will be the Manager.
• Responsible for the Treatment: Natural or legal person, public or private, who alone or in association with others, decides on the Database and/or the Processing of the data.
• Claim: Request from the data owner or from the persons authorized by the data owner or by the Law to correct, update or delete their personal data or to revoke the authorization in the cases established in the Law.
• Terms and Conditions: general framework in which the conditions are established for participants in promotional or related activities.
• Owner: Natural person whose Personal Data is the subject of Processing.
• Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is located within or outside the country.
• Transmission: Processing of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of the Controller.
• Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
4. Principles Applicable to the Processing of Personal Data
For the Treatment of Personal Data, THE COMPANY will apply the principles mentioned below, which constitute the rules to follow in the collection, handling, use, treatment, storage and exchange of personal data:
• Legality: The processing of personal data will be carried out in accordance with the applicable legal provisions (Statutory Law 1581 of 2012 and its regulatory decrees).
• Purpose: The personal data collected will be used for a specific and explicit purpose which must be informed to the Owner or permitted by Law. The Owner will be informed clearly, sufficiently and in advance about the purpose of the information provided.
• Freedom: The collection of Personal Data may only be exercised with the prior, express and informed authorization of the Owner.
• Veracity or Quality: The information subject to the Processing of Personal Data must be true, complete, exact, updated, verifiable and understandable.
• Transparency: In the Processing of Personal Data, the Owner's right to obtain, at any time and without restrictions, information about the existence of data that concerns him or her is guaranteed.
• Restricted access and circulation: The Processing of personal data may only be carried out by persons authorized by the Owner and/or by the persons provided for in the Law.
• Security: Personal Data subject to Processing will be handled adopting all necessary security measures to prevent loss, adulteration, unauthorized or fraudulent consultation, use or access.
• Confidentiality: All officials who work at THE COMPANY are obliged to keep confidential the personal information to which they have access during their work at THE COMPANY.
5. Treatment and Purposes to which the Personal Data processed by THE COMPANY will be submitted
THE COMPANY, acting as Responsible for the Processing of Personal Data, for the proper development of its commercial activities, as well as for the strengthening of its relationships with third parties, collects, stores, uses and deletes Personal Data corresponding to natural persons with whom it has or has had a relationship, such as, without the enumeration meaning any limitation, workers and their families, shareholders, clients, suppliers, for the following purposes:
5.1. General purposes for the processing of Personal Data
• Evaluate the quality of the service;
• Respond to queries, requests, complaints and claims made by the Owners and control bodies and transmit the Personal Data to the other authorities that, by virtue of the applicable law, must receive the Personal Data;
• To eventually contact, via email, or by any other means, natural persons with whom you have or have had a relationship, such as, without the enumeration being limited, workers and their families, shareholders, clients and suppliers, for aforementioned purposes.
• Transfer the information collected to different areas of THE COMPANY for the development of its operations (portfolio collection and administrative collections, accounting, among others);
• To attend to judicial or administrative requirements and compliance with judicial or legal mandates;
• Register your personal data in THE COMPANY's information systems and in its commercial and operational databases;
• Any other activity of a similar nature to those previously described that is necessary to develop the corporate purpose of THE COMPANY.
5.2. Regarding the personal data of our Clients:
• To fulfill the obligations contracted by THE COMPANY with its Clients at the time of acquiring our services;
• Send information about changes in the conditions of the services offered by THE COMPANY;
•To strengthen relationships with Clients, by sending relevant information and evaluating the quality of the service;
• For the determination of pending obligations, the consultation of financial information and credit history and the report to information centers of unfulfilled obligations, with respect to its debtors;
5.3. Regarding the personal data of our employees:
• Manage and operate, directly or through third parties, the personnel selection and hiring processes, including the evaluation and qualification of participants and the verification of work and personal references;
• Develop the activities of Human Resources management within THE COMPANY, such as payroll, affiliations to entities of the general social security system, well-being and safety and health activities at work, exercise of the employer's sanctioning power, among others. others;
• Make the necessary payments derived from the execution of the employment contract and/or its termination, and the other social benefits that may be applicable in accordance with the applicable law;
• Contract labor benefits with third parties, such as life insurance, medical expenses, among others;
• Notify authorized contacts in case of emergencies during work hours or during work;
• Coordinate the professional development of employees, employee access to the employer's IT resources and provide support for their use;
• Plan business activities;
5.4. Regarding Supplier Data:
• To invite them to participate in selection processes;
• For the evaluation of compliance with its obligations;
• To register in THE COMPANY's systems;
• To process your payments and verify outstanding balances;
5.5. Regarding the personal data of our shareholders:
• For the recognition, protection and exercise of the rights of the shareholders of THE COMPANY;
• For the payment of dividends;
• To eventually contact, via email, or by any other means, the shareholders for the aforementioned purposes;
6. Rights of the Owners of Personal Data
Natural persons whose Personal Data is processed by THE COMPANY have the following rights, which they can exercise at any time:
6.1 Know the Personal Data on which THE COMPANY is carrying out the Treatment. Likewise, the Owner may request at any time that their data be updated or rectified, for example, if they find that their data is partial, inaccurate, incomplete, fragmented, misleading, or those whose Processing is expressly prohibited or not. has been authorized.
6.2 Request proof of the authorization granted to THE COMPANY for the Processing of your Personal Data.
6.3 Be informed by THE COMPANY, upon request, regarding the use that it has given to your Personal Data.
6.4 Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of the Personal Data Protection Law.
6.5 Request THE COMPANY to delete your Personal Data and/or revoke the authorization granted for the Treatment thereof, by submitting a claim, in accordance with the procedures established in section 13 of this Policy. However, the request for deletion of the information and the revocation of the authorization will not proceed when the Owner of the information has a legal or contractual duty to remain in the Database and/or Files, nor while the relationship between the Owner and THE COMPANY, by virtue of which their data was collected.
6.6 Access free of charge to your Personal Data that has been processed. The rights of the Owners may be exercised by the following people:
• By the Owner;
• By their successors, who must prove such quality;
• By the representative and/or attorney of the Owner, prior accreditation of the representation or power of attorney;
• By stipulation in favor of another or for another.
7. Duties of THE COMPANY as Controller of Personal Data Processing
THE COMPANY is aware that Personal Data is the property of the people to whom it refers and only they can decide about it. In this sense, THE COMPANY will use the Personal Data collected only for the purposes for which it is duly authorized and respecting, in any case, the current regulations on the Protection of Personal Data. THE COMPANY will attend to the duties provided for the Data Controllers, contained in article 17 of Law 1581 of 2012 and the other regulations that regulate, modify or replace it.
8. Area Responsible for the Implementation and Observance of this Policy
The administrative area is in charge of the development, implementation, training and observance of this Policy. For this purpose, all officials who carry out the Processing of Personal Data in the different areas of THE COMPANY are obliged to report these Databases to the administrative area and to immediately transfer all requests, complaints or claims to it. that they receive from the Holders of Personal Data. The administrative area has also been designated by THE COMPANY as the area responsible for handling requests, queries, complaints and claims before which the Owner of the information may exercise their rights to know, update, rectify and delete the data and revoke the authorization. . This area is located at the address of THE COMPANY headquarters Bucaramanga, Colombia, and can be contacted through email: gerencia@centraldebobinados.com.
9. Authorization
THE COMPANY will request prior, express and informed authorization from the Owners of the Personal Data on which the Treatment is required. This expression of the Owner's will may occur through different mechanisms made available by THE COMPANY, such as:
• In writing, through email or communication, giving authorization for the Processing of Personal Data.
• Orally, through a telephone conversation.
• Through unequivocal conduct that allows us to conclude that you have granted your authorization, through your express acceptance of the Terms and Conditions of an activity within which the authorization of the participants is required for the Processing of their Personal Data.
IMPORTANT: In no case will THE COMPANY assimilate the Owner's silence to unequivocal conduct.
10. Special Provisions for the Processing of Personal Data.
10.1 Processing of Personal Data of a Sensitive Nature
The Processing of Personal Data of a sensitive nature is prohibited by law, unless there is express, prior and informed authorization from the Owner, among other exceptions enshrined in Article 6 of Law 1581 of 2012. In this case, in addition to comply with the requirements established for authorization, THE COMPANY will inform the Owner:
• that since it is sensitive data, it is not obliged to authorize its Treatment.
• which of the data that will be processed are sensitive and the purpose of the processing.
Additionally, THE COMPANY will treat sensitive data collected under security and confidentiality standards corresponding to its nature. To this end, THE COMPANY has implemented administrative, technical and legal measures contained in its Policies and Procedures Manual, which are mandatory for its employees and, as applicable, for its suppliers, related companies and business allies.
10.2 Processing of Personal Data of Children and Adolescents
According to the provisions of Article 7 of Law 1581 of 2012 and Article 12 of Decree 1377 of 2013, THE COMPANY will only carry out the Treatment corresponding to children and adolescents, as long as this Treatment responds to and respects the best interest of children and adolescents and ensure respect for their fundamental rights. Once the above requirements have been met, THE COMPANY must obtain the Authorization of the legal representative of the child or adolescent, prior to the minor's exercise of his or her right to be heard, an opinion that will be valued taking into account maturity, autonomy and ability to understand the matter.
11. Procedure for Attention and Response to Requests, Queries, Complaints and Claims from Personal Data Holders
The Holders of Personal Data processed by THE COMPANY have the right to access their Personal Data and the details of said Treatment, as well as to rectify and update them if they are inaccurate or to request their elimination when they consider that they turn out to be excessive or unnecessary for the purposes. that justified their obtaining or opposing their Treatment for specific purposes. The ways that have been implemented to guarantee the exercise of said rights through the presentation of the respective request are:
• Communication addressed to Central de Bobinados S.A. administrative area, Calle 17 No 17-18 Bucaramanga. Colombia.
• Request submitted to the email: gerencia@centraldebobinados.com
• Request submitted through the telephone number +57 (7) 671 2643 to the administrative area.
These channels may be used by holders of personal data, or third parties authorized by law to act on their behalf, in order to exercise the following rights:
11.1 Procedure for making requests and queries
I. The Owner may consult his/her personal data at any time. For this purpose, you may submit a request indicating the information you wish to know, through any of the mechanisms indicated above.
II. The Owner or his successors must prove his identity, that of his representative, the representation or stipulation in favor of another or for another. When the request is made by a person other than the Owner and it is not proven that the request is acting on behalf of the Owner, it will be considered not submitted.
III. The query and/or request must contain at least the name and contact address of the Owner or any other means to receive the response, as well as a clear and precise description of the personal data with respect to which the Owner seeks to exercise the right of consultation. and/or request.
IV. If the query and/or request made by the Data Owner is incomplete, THE COMPANY will require the interested party within five (5) days following receipt of the query and/or request to correct the deficiencies. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that they have abandoned their query.
V. Requests and/or queries will be attended to by THE COMPANY within a maximum period of ten (10) business days from the date of receipt thereof. When it is not possible to attend to the request or query within said period, the applicant will be informed of this fact, expressing the reasons for the delay and indicating the date on which their request or query will be attended to, which in no case may exceed five ( 5) business days following the expiration of the first term.
11.2 Procedure for making complaints and claims
In accordance with the provisions of Article 14 of Law 1581 of 2012, when the Owner or his successors consider that the information processed by THE COMPANY should be corrected, updated or deleted, or when it should be revoked due to the alleged non-compliance. of any of the duties contained in the Law, may submit a request to THE COMPANY, which will be processed under the following rules:
I. The Owner or his successors must prove his identity, that of his representative, the representation or stipulation in favor of another or for another. When the request is made by a person other than the Owner and it is not proven that the request is acting on behalf of the Owner, it will be considered not submitted.
II. The request for rectification, updating, deletion or revocation must be submitted through the means enabled by THE COMPANY indicated in this document and contain, at a minimum, the following information:
• The name and home address of the Owner or any other means of receiving the response.
• The documents that prove the identity of the applicant and, if applicable, that of their representative with the respective authorization.
• The clear and precise description of the personal data with respect to which the Owner seeks to exercise any of the rights and the specific request.
III. If the application is submitted incomplete, THE COMPANY must require the interested party to correct the deficiencies within five (5) days following its receipt. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that they have withdrawn their application.
IV. In the event that the person receiving the request is not competent to resolve it, they will forward it to the Legal area of ??Central de Bobinados S.A., within a maximum period of two (2) business days and will inform the interested party of the situation.
V. Once the request is received, a legend that says "claim in process" and the reason for it will be included in the Database, within a period of no more than two (2) business days. This legend must be maintained until it is decided.
VI. The maximum period to respond to this request will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend to it within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be attended to, which in no case may exceed eight (8) business days following the expiration of the first term.
12. Information Obtained passively
When the services contained within THE COMPANY's websites are used, the COMPANY may collect information passively through information management technologies, such as "cookies", through which information about the hardware is collected. and the computer software, IP address, browser type, operating system, domain name, access time and the addresses of the referring websites; Through the use of these tools, Personal Data is not directly collected from users. Information will also be collected about the pages that the person visits most frequently on these websites in order to understand their browsing habits. However, the user of THE COMPANY's websites has the possibility of configuring the operation of the "cookies", according to the options of their internet browser.
13. Security of Personal Data
THE COMPANY, in strict application of the Principle of Security in the Processing of Personal Data, will provide the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access. The obligation and responsibility of THE COMPANY is limited to having the appropriate means for this purpose. THE COMPANY does not guarantee the total security of your information nor is it responsible for any consequence derived from technical failures or improper entry by third parties to the Database or file in which the Personal Data subject to Processing by THE COMPANY resides. and their Managers. THE COMPANY will require the service providers it contracts to adopt and comply with the appropriate technical, human and administrative measures for the protection of Personal Data in relation to which said providers act as Processors.
14. Transfer, Transmission and Disclosure of Personal Data
THE COMPANY may disclose to its related companies worldwide, the Personal Data on which it carries out the Treatment, for its use and Treatment in accordance with this Personal Data Protection Policy. Likewise, THE COMPANY may deliver Personal Data to third parties not linked to THE COMPANY when:
• They are contractors in the execution of contracts for the development of THE COMPANY's activities;
• By transfer to any title of any line of business to which the information relates. In any case, when THE COMPANY wishes to send or transmit data to one or more Processors located within or outside the territory of the Republic of Colombia, it will establish contractual clauses or will celebrate a contract for the transmission of personal data in which, among others, it is agreed the next:
I. The scope and purposes of the treatment.
II. The activities that the Manager will carry out on behalf of THE COMPANY.
III. The obligations that the Manager must comply with regarding the Data Owner and THE COMPANY.
IV. The duty of the Manager to process the data in accordance with the authorized purpose for the same and observing the principles established in Colombian Law and this policy.
V. The obligation of the Manager to adequately protect personal data and databases as well as to maintain confidentiality regarding the processing of transmitted data.
VI. A description of the specific security measures that will be adopted by both THE COMPANY and the Data Processor at their destination. THE COMPANY will not request authorization when the international transfer of data is covered by any of the exceptions provided for in the Law and its Regulatory Decrees.
15. Applicable Legislation
This Personal Data Protection Policy, the Privacy Notice, and the Authorization Form Annex that is part of this Policy, are governed by the provisions of current legislation on the protection of Personal Data referred to in Article 15. of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013, Decree 1727 of 2009 and other regulations that modify, repeal or replace them.
16. Validity
This Personal Data Protection Policy is in force since December 7, 2016.