Personal Data Protection Policy
1.- INTRODUCTION
IntiCo USA CORP, is responsible for data processing. The protection of personal data is very important to us and, as a normal part of our activities, we collect and process data from our users, customers, suppliers and employees (the data subjects). This policy applies to all personal data processing that we carry out and describes and informs data subjects about the types of personal data we collect, the purposes and means of processing, as well as the rights of data subjects and the procedures for exercising those rights. By accepting this policy, the holders of personal data expressly authorize us to process them for the purposes and use informed and described herein.
2.- DEFINITIONS
The following definitions will be taken into account both for this policy and for the processing of personal data.
Client: Natural or legal person to whom one or more of the company can potentially provide, provides or provided professional services under a pre-existing business relationship. Natural persons with whom the company has a commercial or training relationship in the development of the company’s corporate purpose.
Suppliers: Natural or legal person that provides goods and/or services to one or more of the company under a pre-existing business relationship. Personnel: Natural person who renders or rendered personal services to any of the company under an employment contract.
Visitor: Any natural person who is on the premises of the offices of any of the corporation and who is not a current Employee.
Applicants: Natural persons who, due to work interest, present themselves for personnel selection processes called by the company or submit information in order to be able to advance the respective processes of recruitment of personnel of the Companies.
Holder: Natural person whose personal data is the object of Processing.
Data Processor: Whoever carries out the processing of personal data on behalf of any of the companies by virtue of a legal relationship that binds him/her to any of them and delimits the scope of his/her actions.
Data Controller: By its legal status, who decides on the processing of personal data.
3.- PERSONAL INFORMATION COLLECTED AND MEANS OF COLLECTION:
In order to carry out the collection of personal data and the corresponding consent of the Holder, the following will be considered:
3.1 Personal information may be obtained directly from the Holders or from different sources (merchants, database operators, financial institutions, among others). we may obtain information also during the processing of transactions made with electronic payment instruments by the relationships of the Holders with financial institutions. it is also possible that we have a direct relationship with natural persons (workers, suppliers, etc.), who give us this personal information in connection with that legal or contractual relationship.
3.2 The user and visitor of the website knows and accepts that we may collect certain information through the use of technologies and methodologies, such as cookies, tags, web beacons or other similar technologies that enable the tracking of the owners and other users when they browse the website. we may use this information to authenticate a user, to remember their preferences for the use of the website and to analyze the use of the website and its services. we may use this personal information in the aggregate or combine it with personal information we have collected from cardholders. cookies are small pieces of information that are stored on a computer by your web browser. web beacons or pixel tabs are small strings of code placed on a web page or in an email message for the purpose of transferring information. if a cardholder does not want their personal information collected through cookies, they can change the preferences in their own web browser, which is their own responsibility.
3.3 The following personal information may be requested and used:
– Information about the user’s use of the website including browsing patterns, length of stay, device model, operating system version, unique identifiers and mobile network data, IP address, among others.
– Information that the user provides at the time of registration on the website including first name, last name, email address, company and job title, among others.
– Information about the data the user enters in the application including contacts (such as first and last name, ID type and number, email address and phone number) and messages, among others.
– Credit or debit card number and information about your transactions with payment instruments, such as transaction amount, date and time, location or merchant where the transaction was made, the type of transaction, and purchase or payment history.
– Personal information of workers and suppliers related to their date and place of birth, nationality, marital status, gender, education levels, work experience, personal references, socioeconomic level and status, and financial information.
– Personal information of workers related to their health status, social security entities to which they are affiliated, disciplinary and judicial records.
– Personal information of workers related to their nuclear family and dependents, and their personal preferences in terms of activities and hobbies.
– Personal information of candidates for any position or job, including their names and surnames, type and number of identification, fixed and mobile contact telephone numbers, postal and e-mail addresses (personal and/or work), profession or trade, titles, academic profile (school, university, etc.), professional profile (jobs, background, etc.), membership in professional or academic associations, salaries and working hours, performance evaluations and/or any other data included in the applicant’s or candidate’s curriculum vitae. Users, customers, clients, employees, and suppliers expressly authorize us to confirm the personal information provided by contacting public entities, specialized companies or credit bureaus, their contacts or employer, as well as their personal, banking, or employment references, among others.
4.- USE AND PURPOSES OF THE PROCESSING OF PERSONAL INFORMATION
If the holder of the personal data provides us with his personal data, he authorizes us to use this information for the purposes indicated in accordance with the provisions of this Processing Policy, and we will not proceed to transfer or disclose it outside our databases unless (a) the holder authorizes us to do so, (b) it is necessary to allow our contractors, suppliers or agents to provide the services we have entrusted to them, (c) it is used by us or third parties to provide our products or services to him, (d) is given to entities that provide marketing services on our behalf or to other entities with which we have joint marketing agreements, (e) is in connection with a merger, consolidation, acquisition, divestiture or other restructuring process, (f) we implement a contract for the transfer of personal data under the terms of Decree 1377 of 2013, or (g) as required or permitted by law or for the purposes developed in this privacy policy. We collect and process data for the following purposes:
– To administer our messaging service.
– To personalize the website for the user.
– Enable access to services for the user.
– To send relevant service information such as notifications, alerts, etc.
– Send bills and invoices to the user.
– Collect payments from the user.
– Send marketing information to encourage the use of the tool.
– Provide information in relation to products, services and promotions, which includes the administration of the corresponding campaigns and the communication that must be made about them.
– Contact for purposes of compliance with financial obligations and portfolio collection.
– In general, to operate, evaluate and improve our commercial operations, develop new products and services, carry out marketing campaigns, commercial alliances and market research, as well as to carry out monitoring and research activities of the behavior of the commercial establishment in the system and in the market, linked to the duties of knowledge of the client and its market.
– To manage relationships with suppliers and employees, which may include updating data or carrying out regulatory controls.
– For business monitoring, statistical, econometric, research, segmentation and development of markets, products and added values for commercial establishments, financial institutions, customers and users.
– To manage the fulfillment of the terms established in the labor relationship such as: Affiliation and contributions to social security entities, creation of labor contract, generation of payments and labor benefits.
– To include within the activities of the training, development, welfare, occupational health and safety programs established by the company for its employees. To process the applications for employment that we receive from candidates, process them and define them within the stipulated time, according to the selection process or the call.
– For historical and statistical purposes, for which anonymization mechanisms will be used.
– To transfer or transmit it to third countries, as provided by law.
– For any other purpose that has been authorized by the owner. Except as described here, we do not sell or share the personal data we collect or process. When required to disclose any information to our agents or subcontractors, as processors, the agent or subcontractor will be required to use the information in accordance with this policy and must ensure the confidentiality of the information. In addition to disclosing information necessary for the above reasons, we may disclose your information when required to do so by law, by court order. The custody of the information will be for ten years from the last treatment. In any case, the information provided will remain stored for as long as necessary to enable us to comply with the purposes set forth herein and to comply with legal and / or contractual obligations in our charge especially in labor, accounting, fiscal and tax matters or for as long as necessary to meet the provisions applicable to the matter in question and the administrative, labor, accounting, tax, legal and historical aspects of the information, or in any event provided by law.
5.- CONFIDENTIALITY AND SECURITY OF PERSONAL INFORMATION
For us the security of information is very important, therefore it is essential to protect this information and the assets that contain it, from any loss of confidentiality, integrity or availability, both accidental and intentional, taking into account the current applicable regulations, all this through the implementation of appropriate measures related to people, processes, technology, infrastructure and related services; and through the strengthening of trust that characterizes the relationship with our customers, members and users. In that sense, we will take all reasonably necessary technical and organizational precautions to prevent the loss, alteration or misuse of your personal information.
5.- CONFIDENTIALITY AND SECURITY OF PERSONAL INFORMATION
For us the security of information is very important, therefore it is essential to protect this information and the assets that contain it, from any loss of confidentiality, integrity or availability, both accidental and intentional, taking into account the current applicable regulations, all this through the implementation of appropriate measures related to people, processes, technology, infrastructure and related services; and through the strengthening of trust that characterizes the relationship with our customers, members and users. In that sense, we will take all reasonably necessary technical and organizational precautions to prevent the loss, alteration or misuse of your personal information.
6.- TREATMENT OF SENSITIVE DATA AND DATA OF MINORS
In accordance with Law 1581 of 2012, sensitive data are those that affect the privacy of the owner of such data, or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin; political orientation; religious or philosophical beliefs; membership in trade unions, social or human rights organizations; those relating to health, sex life and biometric data. In the event that we collect and process your sensitive data, these will be treated carefully subject to the provisions of Law 1581 of 2012. Holders are informed that they will not be obliged in any event to authorize the processing of sensitive data, and therefore the provision of our services is not conditional on the delivery of this sensitive information. In general we do not collect personal information from children or adolescents. In the event that data is collected from children and adolescents, it must be duly authorized by their parents, representatives or by those who have parental authority over the minor. We will ensure the proper use of personal data of children and adolescents, ensuring that the processing of their data respects their best interests and fundamental rights and, as far as possible, taking into account their opinion, as holders of their personal data.
7.- HOLDER’S RIGHTS AND PROCEDURE FOR THE EXERCISE OF THE HOLDER’S RIGHTS
With the acceptance of this Processing Policy, the holder declares freely, expressly and previously to have been informed about the rights that the law grants him/her as holder of his/her personal data and which are set forth below:
– To know, update and rectify their personal data against the entity responsible for the processing or in charge of the processing of their personal data.
– To request proof of the authorization granted to the data controller, except when expressly exempted as a requirement for the processing.
– To be informed by the data controller or data processor, upon request, regarding the use given to the personal data.
– File complaints before the Superintendence of Industry and Commerce for infringements to the personal data protection regime.
– Revoke the authorization and/or request the deletion of personal data under the terms of Law 1581 of 2012.
– Access free of charge once a month to their personal data that have been processed, under the terms of current regulations. In the event that, on the occasion of contracts entered into with third parties, they have to process information, clauses may be added to these contracts that establish restrictions or requirements on the handling of this information. The procedures for the exercise of their rights shall be as follows: The area or unit responsible for the supervision of the personal data protection system is:
Customer Service
Email: soporte@intico.com.co
Phone: +57-1-5804954
(i) Consultations
The holders, authorized persons or assignees may consult their personal information contained in our databases, in which case we will provide them with the requested information, after verification of the legitimacy to submit such a request. The consultation will be answered in a maximum term of ten (10) working days from the date of receipt of the request. When it is not possible to answer the consultation within such term, the reasons for the delay will be informed, indicating the date on which the consultation will be answered, which in no case may exceed five (5) working days following the expiration of the first term.
(ii) Claims
If the owners, authorized persons or assignees consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties, they may file a claim with us, which will be processed under the following rules:
a) Your claim must be formulated by means of a request addressed to IntiCo Colombia, with your identification, the description of the facts that give rise to the claim, your address, and accompanying the documents you wish to assert. If the claim is incomplete, we will require you within five (5) business days of receipt of the claim to correct the deficiencies. After two (2) months from the date of the requirement, without you submitting the required information, we will understand that you have abandoned the claim. In the event that we are not competent to resolve your claim, we will transfer it to the appropriate person within a maximum of two (2) business days and we will inform you in a timely manner.
b) If appropriate, once we receive the complete claim, we will include in the database a legend that says “claim in process” and the reason for this, within a period not exceeding two (2) business days. This legend must be maintained until the claim is decided.
c) The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within that period, you will be informed of the reasons for the delay and the date on which your claim will be addressed, which in no case may exceed eight (8) working days following the expiration of the first term. In order to exercise their right to Habeas Data, holders of personal data may contact directly through the email address soporte@intico.com.co which will be processed in accordance with the law. You may also call +57-1-5804954 option 3.
At any time the holders may revoke their consent to the processing of their personal data. To do this it is necessary to send an email to the following email address soporte@intico.com.co which must contain the same requirements outlined for the exercise of the rights of the owners making an indication of the personal data to which you wish to revoke your consent. In the event that the legal requirements are met, within a period not exceeding fifteen (15) working days from the receipt of the request, you must send us an email to the following email address: soporte@intico.com.co, which must contain the same requirements indicated for the exercise of the rights of the owners.
8.- VALIDITY AND MODIFICATION OF THE TREATMENT POLICY
This Personal Data Protection Policy will be approved by the General Management or whoever takes its place, in accordance with the legal and juridical frameworks that endorse it, will be communicated and socialized through the website and the Intranet, which comes into force from the date of its publication. This policy was updated on the website and intranet on June 21, 2021 and is effective as of June 21, 2021.
1.- INTRODUCTION
IntiCo Colombia S.A.S. (NIT 900.609.904-3), is responsible for data processing. The protection of personal data is very important to us and as a normal part of our activities we collect and process data from our users, customers, suppliers and employees (the data subjects). This policy applies to all processing of personal data that we do and describes and informs data subjects of the types of personal data we collect, the purposes and means of the processing, as well as the rights of data subjects and the procedures for exercising them. By accepting this policy, the holders of the personal data expressly authorize us to process it for the purposes and uses informed and described herein.
2.- DEFINITIONS
The following definitions will be taken into account both for this policy and for the processing of personal data.
Client: Natural or legal person to whom one or more of the company can potentially provide, provides or provided professional services under a pre-existing business relationship. Natural persons with whom the company has a commercial or training relationship in the development of the company’s corporate purpose.
Suppliers: Natural or legal person that provides goods and/or services to one or more of the company under a pre-existing business relationship. Personnel: Natural person who renders or rendered personal services to any of the company under an employment contract.
Visitor: Any natural person who is on the premises of the offices of any of the corporation and who is not a current Employee.
Applicants: Natural persons who, due to work interest, present themselves for personnel selection processes called by the company or submit information in order to be able to advance the respective processes of recruitment of personnel of the Companies.
Holder: Natural person whose personal data is the object of Processing.
Data Processor: Whoever carries out the processing of personal data on behalf of any of the companies by virtue of a legal relationship that binds him/her to any of them and delimits the scope of his/her actions.
Data Controller: The person who, by virtue of his legal status, decides on the processing of personal data.
3.- PERSONAL INFORMATION COLLECTED AND MEANS OF COLLECTION:
In order to carry out the collection of personal data and the corresponding consent of the Holder, the following will be considered:
3.1 Personal information may be obtained directly from the Holders or from different sources (merchants, database operators, financial institutions, among others). we may obtain information also during the processing of transactions made with electronic payment instruments by the relationships of the Holders with financial institutions. it is also possible that we have a direct relationship with natural persons (workers, suppliers, etc.), who give us this personal information in connection with that legal or contractual relationship.
3.2 The user and visitor of the website knows and accepts that we may collect certain information through the use of technologies and methodologies, such as cookies, tags, web beacons or other similar technologies that enable the tracking of the owners and other users when they browse the website. we may use this information to authenticate a user, to remember their preferences for the use of the website and to analyze the use of the website and its services. we may use this personal information in the aggregate or combine it with personal information we have collected from cardholders. cookies are small pieces of information that are stored on a computer by your web browser. web beacons or pixel tabs are small strings of code placed on a web page or in an email message for the purpose of transferring information. if a cardholder does not want their personal information collected through cookies, they can change the preferences in their own web browser, which is their own responsibility.
3.3 The following personal information may be requested and used:
– Information about the user’s use of the website including browsing patterns, length of stay, device model, operating system version, unique identifiers and mobile network data, IP address, among others.
– Information that the user provides when registering on the website including first name, last name, email address, company and job title, among others.
– Information about the data the user enters in the application including contacts (such as first and last name, ID type and number, email address and phone number) and messages, among others.
– Credit or debit card number and information about your transactions with payment instruments, such as transaction amount, date and time, location or merchant where the transaction was made, the type of transaction, and purchase or payment history.
– Personal information of workers and suppliers related to their date and place of birth, nationality, marital status, gender, education levels, work experience, personal references, socioeconomic level and status, and financial information.
– Personal information of workers related to their health status, social security entities to which they are affiliated, disciplinary and judicial records.
– Personal information of workers related to their nuclear family and dependents, and their personal preferences in terms of activities and hobbies.
– Personal information of candidates for any position or job, including their names and surnames, type and number of identification, fixed and mobile contact telephone numbers, postal and e-mail addresses (personal and/or work), profession or trade, titles, academic profile (school, university, etc.), professional profile (jobs, background, etc.), membership in professional or academic associations, salaries and working hours, performance evaluations and/or any other data included in the applicant’s or candidate’s curriculum vitae. Users, clients, employees and suppliers expressly authorize us to confirm the personal information provided by contacting public entities, specialized companies or credit bureaus, their contacts or employer, as well as their personal, banking or employment references, among others.
4.- USE AND PURPOSES OF THE PROCESSING OF PERSONAL INFORMATION
If the holder of the personal data provides us with his personal data, he authorizes us to use this information for the purposes indicated in accordance with the provisions of this Processing Policy, and we will not proceed to transfer or disclose it outside our databases unless (a) the holder authorizes us to do so, (b) it is necessary to allow our contractors, suppliers or agents to provide the services we have entrusted to them, (c) it is used by us or third parties to provide our products or services to him, (d) is given to entities that provide marketing services on our behalf or to other entities with which we have joint marketing agreements, (e) is in connection with a merger, consolidation, acquisition, divestiture or other restructuring process, (f) we implement a contract for the transfer of personal data under the terms of Decree 1377 of 2013, or (g) as required or permitted by law or for the purposes developed in this privacy policy. We collect and process data for the following purposes:
– To administer our messaging service.
– To personalize the website for the user.
– Enable access to services for the user.
– To send relevant service information such as notifications, alerts, etc.
– Send bills and invoices to the user.
– Collect payments from the user.
– Send marketing information to encourage the use of the tool.
– Provide information in relation to products, services and promotions, which includes the administration of the corresponding campaigns and the communication that must be made about them.
– Contact for purposes of compliance with financial obligations and portfolio collection.
– In general, to operate, evaluate and improve our commercial operations, develop new products and services, carry out marketing campaigns, commercial alliances and market research, as well as to carry out monitoring and research activities of the behavior of the commercial establishment in the system and in the market, linked to the duties of knowledge of the client and its market.
– To manage relationships with suppliers and employees which may include updating data or carrying out regulatory controls.
– For business monitoring, statistical, econometric, research, segmentation and development of markets, products and added values for commercial establishments, financial institutions, customers and users.
– To manage the fulfillment of the terms established in the labor relationship such as: Affiliation and contributions to social security entities, creation of labor contract, generation of payments and labor benefits.
– To include within the activities of the training, development, welfare, occupational health and safety programs established by the company for its employees. To process the applications for employment that we receive from candidates, process them and define them within the stipulated time, according to the selection process or the call.
– For historical and statistical purposes, for which anonymization mechanisms will be used.
– To transfer or transmit it to third countries, as provided by law.
– For any other purpose that has been authorized by the owner. Except as described here, we do not sell or share the personal data we collect or process. When required to disclose any information to our agents or subcontractors, as processors, the agent or subcontractor will be required to use the information in accordance with this policy and must ensure the confidentiality of the information. In addition to disclosing the information necessary for the above reasons, we may disclose your information when required to do so by law, by court order. The custody of the information will be for ten years from the last treatment. In any case, the information provided will remain stored for as long as necessary to enable us to comply with the purposes set forth herein and to comply with legal and / or contractual obligations in our charge especially in labor, accounting, fiscal and tax matters or for as long as necessary to meet the provisions applicable to the matter in question and the administrative, labor, accounting, tax, legal and historical aspects of the information, or in any event provided by law.
5.- CONFIDENTIALITY AND SECURITY OF PERSONAL INFORMATION
For us the security of information is very important, therefore it is essential to protect this information and the assets that contain it, from any loss of confidentiality, integrity or availability, both accidental and intentional, taking into account the current applicable regulations, all this through the implementation of appropriate measures related to people, processes, technology, infrastructure and related services; and through the strengthening of trust that characterizes the relationship with our customers, members and users. In that sense, we will take all reasonably necessary technical and organizational precautions to prevent the loss, alteration or misuse of your personal information.
7.- HOLDER’S RIGHTS AND PROCEDURE FOR THE EXERCISE OF THE HOLDER’S RIGHTS
With the acceptance of this Processing Policy, the holder declares freely, expressly and previously to have been informed about the rights that the law grants him/her as holder of his/her personal data and which are set forth below:
– To know, update and rectify their personal data against the entity responsible for the processing or in charge of the processing of their personal data.
– To request proof of the authorization granted to the data controller, except when expressly exempted as a requirement for the processing.
– To be informed by the data controller or data processor, upon request, regarding the use given to the personal data.
– File complaints before the Superintendence of Industry and Commerce for infringements to the personal data protection regime.
– Revoke the authorization and/or request the deletion of personal data under the terms of Law 1581 of 2012.
– Access free of charge once a month to their personal data that have been processed, under the terms of current regulations. In the event that, on the occasion of contracts entered into with third parties, they have to process information, clauses may be added to these contracts that establish restrictions or requirements on the handling of this information. The procedures for the exercise of their rights shall be as follows: The area or unit responsible for the supervision of the personal data protection system is:
Customer Service
Email: soporte@intico.com.co
Phone: +57-1-5804954
(i) Consultations
The holders, authorized persons or assignees may consult their personal information contained in our databases, in which case we will provide them with the requested information, after verification of the legitimacy to submit such a request. The consultation will be answered in a maximum term of ten (10) working days from the date of receipt of the request. When it is not possible to answer the consultation within such term, the reasons for the delay will be informed, indicating the date on which the consultation will be answered, which in no case may exceed five (5) working days following the expiration of the first term.
(ii) Claims
If the owners, authorized persons or assignees consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties, they may file a claim with us, which will be processed under the following rules:
a) Your claim must be formulated by means of a request addressed to IntiCo Colombia, with your identification, the description of the facts that give rise to the claim, your address, and accompanying the documents you wish to assert. If the claim is incomplete, we will require you within five (5) business days of receipt of the claim to correct the deficiencies. After two (2) months from the date of the requirement, without you submitting the required information, we will understand that you have abandoned the claim. If we are not competent to resolve your claim, we will transfer it to the appropriate person within a maximum period of two (2) business days and will inform you in a timely manner.
b) If appropriate, once the complete claim is received, a legend will be included in the database that says “claim in process” and the reason for this, within a period not exceeding two (2) business days. This legend must be maintained until the claim is decided.
c) The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within that period, you will be informed of the reasons for the delay and the date on which your claim will be addressed, which in no case may exceed eight (8) working days following the expiration of the first term. In order to exercise their right to Habeas Data, the holders of personal data may contact directly through the email address soporte@intico.com.co which will be processed in accordance with the law. You may also call +57-1-5804954 option 3.
At any time the holders may revoke their consent to the processing of their personal data. To do this it is necessary to send an email to the following email address soporte@intico.com.co which must contain the same requirements outlined for the exercise of the rights of the owners making an indication of the personal data to which you wish to revoke your consent. In the event that the legal requirements are met, within a period not exceeding fifteen (15) working days from the receipt of the request, you must send us an email to the following email address: soporte@intico.com.co , which must contain the same requirements indicated for the exercise of the rights of the owners.
8.- VALIDITY AND MODIFICATION OF THE TREATMENT POLICY
This Personal Data Protection Policy will be approved by the General Management or whoever takes its place, in accordance with the legal and juridical frameworks that endorse it, will be communicated and socialized through the website and the Intranet, which comes into force from the date of its publication. This policy was updated on the website and intranet on June 21, 2021 and is effective as of June 21, 2021.
