- OBJECTIVE
To establish the criteria on the use, treatment, processing, exchange, transfer and transmission of personal data collected, treated and/or registered in our databases in the development of the corporate purpose of Houding S.A.S. and to establish the rights to know, update and rectify the information that has been collected.
- SCOPE
This policy shall apply to personal data recorded in any database of Houding S.A.S., regarding the collection, storage, use, circulation, deletion and all activities that constitute the processing of personal data.
- DEFINITIONS
Authorization: Prior, express and informed consent of the holder to carry out the processing of personal data.
Privacy Notice: Document generated by the responsible, which is made available to the holder, for the processing of their data through its website houding-sas.com.
Database: Organized set of personal data that is subject to processing, regardless of whether they are structured or not.
Personal data: Any information linked or that can be associated to one or more specific natural persons, personal data can be public, semi-private or private, according to the given condition.
Private data: Data that due to its intimate or reserved nature is only relevant to the owner, as in the case of biometric data and medical history, among others.
Public data: It is the data qualified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. Public data are, among others, the data contained in public documents, court rulings and those related to the civil status of individuals.
Semi-private data: Data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to the owner, but also to a certain sector or group of persons, or to society in general, such as data related to compliance with obligations recorded in credit risk centers.
Sensitive data: Data that affect the holder’s privacy or whose improper use may generate discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical convictions, as well as data relating to health and sex life.
Data processor: Natural or legal person, public or private, who by himself or in association with others, carries out the processing of personal data on behalf of the data controller.
Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of data.
Data subject: Natural person whose personal data is the object of the processing.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
- GENERAL
In compliance with the provisions of the Statutory Law 1581 of 2012 and its Regulatory Decree 1377 of 2013, Houding S.A.S. adopts this policy for the processing of personal data, which will be informed to all holders of the data collected or that in the future will be obtained in the exercise of the activities, contractual and commercial own corporate purpose with customers and suppliers and labor with employees and partners. In this way, Houding S.A.S. declares that it guarantees the rights of privacy, intimacy, good name, in the treatment of personal data, and consequently all its actions will be governed by the principles of legality, purpose, freedom, truthfulness or quality, transparency, access and restricted circulation, security and confidentiality. All persons who, in the development of different contractual, commercial or labor activities, among others, whether permanent or occasional, may provide Houding S.A.S. with any type of information or personal data, will be able to know, update and rectify it.
- LEGAL FRAMEWORK
- Political Constitution of Colombia of 1991, article 15
- Law 1266 of 2008: which establishes the general provisions of Habeas Data and regulates the handling of information contained in personal databases.
- Regulatory Decree 1727 of 2009: which determines the form in which the operators of financial, credit, commercial, service and third country information databases must submit the information of the owners of the information.
- Law 1581 of 2012: whereby general provisions are issued for the protection of personal data.
- Regulatory Decree 2952 of 2010: which regulates articles 12 and 13 of Law 1266 of 2008.
- Regulatory Decree 1377 of 2013: which partially regulates Law 1581 of 2012.
- Regulatory Decree 886 of 2014: which regulates Article 25 of Law 1581 of 2012, regarding the National Database Registry.
- Regulatory Decree 1074 of 2015: whereby the Sole Regulatory Decree of the Commerce, Industry and Tourism Sector is issued.
- Rulings of the Constitutional Court C- 1011 of 2008, and C-748 of 2011.
- PRINCIPLES FOR THE TREATMENT OF PERSONAL DATA
In order to guarantee the protection of personal data, Houding S.A.S. will apply the following principles in a harmonious and comprehensive manner, in light of which the processing, transfer and transmission of personal data must be carried out:
- Principles related to the collection of personal data
- Principle of freedom: Unless otherwise provided by law, the collection of data may only be exercised with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without the prior consent of the owner, or in the absence of a legal or judicial mandate that relieves the consent. The owner of the data must be informed in a clear, sufficient and prior manner about the purpose of the information provided and therefore, no data may be collected without the clear specification about the purpose of the same. Deceptive or fraudulent means may not be used to collect and process personal data.
- Principle of collection limitation: Only personal data that are strictly necessary for the fulfillment of the purposes of the processing must be collected, so that the recording and disclosure of data that are not closely related to the purpose of the processing is prohibited. Consequently, every reasonable effort must be made to limit the processing of personal data to the minimum necessary. In other words, the data must be: (i) adequate, (ii) relevant and (iii) in accordance with the purposes for which they were intended.
- Principles related to the use of personal data
- Principle of purpose: The processing of personal data collected must obey a legitimate purpose, which must be informed to the Data Subject.
- Principle of temporality: Personal data shall be kept only for the reasonable and necessary time to fulfill the purpose of the processing and the legal requirements or instructions of the supervisory and control authorities or other competent authorities. The data will be kept when it is necessary to comply with a legal or contractual obligation. Once the purpose or purposes have been fulfilled, the data will be deleted.
- Principle of non-discrimination: It is forbidden to carry out any act of discrimination based on the information collected in the databases or files.
- Principles related to information quality
- Principle of truthfulness or quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. Partial, incomplete, fractioned or misleading data will not be processed.
- Principles related to the protection, access and circulation of personal data
- Principle of transparency: The right of the Data Subject to obtain from Houding S.A.S., at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed in the Processing;
- Principle of restricted access and circulation: Processing is subject to the limits derived from the nature of the personal data, the provisions of this law and the Constitution. Personal data, except for public information, and as provided in the authorization granted by the owner of the data, may not be available on the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to the Owners or authorized third parties;
- Security Principle: The information subject to Processing by Houding S.A.S. shall be protected through the use of technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access;
- Principle of confidentiality: All persons involved in the processing of personal data are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing. FIRST PARAGRAPH: In the event that sensitive personal data is collected, the Data Subject may refuse to authorize its Processing.
- CONTENTS OF THE DATABASES
Houding S.A.S. databases store general information such as full name, identification number and type, gender and contact details (e-mail, physical address, landline number and cell phone number). In addition to these, and depending on the nature of the database, Houding S.A.S. may have specific data required for the treatment to which the data will be subjected. In the databases of employees and contractors are included, in addition to information on work and academic history, sensitive data required by the nature of the employment relationship (photograph, composition of the family group, biometric data). Sensitive information may be stored in the databases with prior authorization of the owner, in compliance with the provisions of Articles 5 and 7 of Law 1581 of 2012.
- PURPOSE
The purpose of the information collected by Houding S.A.S. is to allow the proper development of its corporate purpose as a consulting company. In addition, Houding S.A.S. keeps the information necessary to comply with legal obligations, mainly in accounting, corporate, and labor matters. Information about customers, suppliers, partners and employees, current or former, is kept in order to facilitate, promote, enable or maintain labor, civil and commercial relationships and to inform about new products and/or services.
- RIGHTS OF THE OWNER OF THE INFORMATION
- To know, update and rectify their personal data. This right may be exercised, among others, in the case of partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized.
- Request proof of the authorization granted to Houding S.A.S., except when expressly exempted as a requirement for the processing, in which case it would not be necessary.
- Be informed by Houding S.A.S., upon request, regarding the use that has been made of their personal data.
- To complain to the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other rules that modify, add or supplement it.
- To revoke the authorization and/or request the deletion of personal data when the processing does not respect the principles, rights and constitutional and legal guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that, in the processing, the responsible or in charge have incurred in conduct contrary to Law 1581 of 2012 and the Constitution.
- Access free of charge to him/her personal data that have been subject to processing.
To exercise your rights, you may request it by sending a written communication to the e-mail administracion@houding-sas.com.
- DUTIES OF HOUDING S.A.S. AS THE PARTY RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
- Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data.
- Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the Data Subject.
- Duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
- Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
- To guarantee that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.
- Update the information, communicating in a timely manner to the Data Processor, all developments with respect to the data previously provided and take other necessary measures to ensure that the information provided to this is kept up to date.
- Rectify the information when it is incorrect and communicate the relevant information to the Data Processor.
- To provide to the Data Processor, as the case may be, only data whose processing is previously authorized in accordance with the provisions of this law.
- To require the Data Processor, at all times, to respect the security and privacy conditions of the Data Subject’s information.
- To process the queries and claims formulated in the terms set forth in this law.
- Adopt an internal manual of policies and procedures to ensure proper compliance with this law and especially for the attention of queries and claims.
- Inform the Data Processor when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed.
- Inform at the request of the Data Subject about the use given to his/her data.
- Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Subject.
- Comply with the instructions and requirements given by the Superintendence of Industry and Commerce.
- PERSONS TO WHOM THE INFORMATION MAY BE PROVIDED
The information that meets the conditions set forth in the Law may be provided to the following persons:
- To the owners, their assignees (when those are absent) or their legal representatives.
- To public or administrative entities in the exercise of their legal functions or by court order.
- To third parties authorized by the owner or by law.
- AREA RESPONSIBLE FOR ATTENTION AND PROCEDURE FOR THE EXERCISE OF THE HOLDER’S RIGHTS
Houding S.A.S., as responsible for the processing of your data, is committed to respecting the confidentiality of your personal data and to guaranteeing you the exercise of your right to habeas data. For this purpose, Houding S.A.S. has assigned a person in charge of receiving, processing and resolving your claims, for matters related to your personal data collected.
The contact details are:
Name of the area in charge: Administrative Area
E-mail: administracion@houding-sas.com
- PROCEDURES FOR THE EXERCISE OF THE RIGHTS OF THE DATA SUBJECT OF THE INFORMATION
The Data Subject, regardless of the type of relationship they have with Houding S.A.S. may exercise their rights to know, update, rectify and delete information and/or revoke the authorization granted in accordance with the following procedures:
- Procedure to request proof of the authorization granted: The request shall be submitted to Houding S.A.S. through the contact details mentioned herein, indicating at least the full name of Data Subject and his/her identification number, place or physical or electronic address to which it will be answered. Once the request is received, a copy of the authorization will be sent within ten (10) working days from the day following the date of receipt of the request. When it is not possible to respond within said term, the interested party shall be informed of the reasons for the delay and the date on which it will be responded to; in no case may it exceed eight (8) working days following the expiration of the first term.
- Procedure for updating information: The Data Subject who is interested in updating the information provided and under Processing by Houding S.A.S. or the Data Processor may send the updated information through any of the channels established for this purpose such as the website, e-mail of the area in charge of the Processing of Personal Data.
- Procedure to rectify and delete information and/or revoke authorizations: When the holder of the information intends to rectify, suppress and/or revoke authorizations for the Processing of Personal Data, he/she shall submit a request in accordance with the following:
- The request must be addressed to Houding S.A.S., with the identification of the Data Subject, the description of the facts that give rise to the request, the address and accompanying the documents to be asserted.
- If the request is incomplete, the interested party will be required within five (5) days of receipt of the request to correct the faults. After two (2) months from the date of the requirement, if the applicant has not submitted the required information, it shall be understood that he/she has abandoned the request.
- In the event that the person receiving the request is not competent to resolve it, he/she shall transfer it to the corresponding person within a maximum term of two (2) working days and shall inform the interested party of the situation.
- Once the complete request has been received, a legend will be included in the database stating “claim in process” and the reason for it, within a term not exceeding two (2) business days. Said legend shall be maintained until the request is decided.
- The maximum term to attend the request shall be fifteen (15) business days from the day following the date of its receipt. When it is not possible to attend it within such term, the interested party will be informed of the reasons for the delay and the date on which the request will be attended, which in no case may exceed eight (8) business days following the expiration of the first term.
- MODIFICATION TO THE PERSONAL DATA PROCESSING POLICY OF HOUDING S.A.S.
Houding S.A.S. may, at its discretion, modify its personal data processing policy.
- INFORMATION SECURITY
In accordance with current legislation, Houding S.A.S., will take the necessary technical, human and administrative measures to prevent the adulteration, loss, consultation, use or unauthorized or fraudulent access to the information covered by this policy.
- VALIDITY
This policy complies with the provisions of Law 1581 of 2012, Decree 1377 of 2013 and Decree 1074 of 2015, and came into force as of June 30, 2022.
The validity of the database will be the reasonable and necessary time to fulfill the purposes of the treatment taking into account the provisions of Article 11 of Decree 1377 of 2013.