.SONAL DATA PROCESSING POLICY
This document establishes the Personal Data Processing Policies of the GROWELL COMMERCE SAS, acting as a private entity, in compliance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, and it describes the mechanisms through which the ENTITY guarantees an adequate management of the personal data collected in its databases, in order to allow the owners to exercise of the right of habeas data.
RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
It is a legal entity under private law, domiciled in Bogotá, with legal status with NIT 901.569.022-3, whose contact information is as follows:
Address: Calle 83 No. 20 – 32, Bogotá DC Colombia Email: [email protected]
GROWELL COMMERCE SAS will act as Responsible, for the collection, transmission, storage, collection, use, processing, updating, circulation, transfer, and, in general, any operation or set of operations in and on your Personal Data, understood as any linked information or that can be associated to you as the Owner.
1. PRIVACY NOTICE: Its purpose is to inform the owner about the scope and general conditions of the processing of your personal data, so that you are in ability to make informed decisions about the use of your personal information and, consequently, maintain control and disposition over
2. AUTHORIZATION: is the process by which someone is allowed to take a certain specific.
3. DATABASE: It is an organized collection of information or data structured, which is usually stored electronically in a system computerized.
4. PERSONAL DATA: It is all that information concerning a person identified or identifiable physical A person is considered identifiable when your identity can be determined directly or indirectly through any.
5. RIGHT OF HABEAS DATA: The right of habeas data is one that has all person to know, update and rectify the information that has been collected about it in files and data banks of a public or private.
6. HOLDER: Natural person whose personal data is subject to Treatment.
7. PROCESSING: Any operation or set of operations on data personal, such as the collection, storage, use, circulation or.
8. PRINCIPLE OF LEGALITY: The processing of personal data is an activity regulated that must be subject to what is established in the law and in the other provisions that develop it; – Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder.
9. PRINCIPLE OF FREEDOM: The Treatment can only be exercised with the prior, express and informed consent of the Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
CONTENT OF THE DATABASES
General information such as full name, identification number and type, gender and contact details (email, physical address, landline and mobile phone) are stored in the ENTITY’s databases. In addition to these, and depending on the nature of the database, the ENTITY may have specific data required for the treatment to which the data will be submitted. In addition to information on employment and academic history, sensitive data required by the nature of the employment relationship (photograph, group composition) is included in the employee and contractor databases. family, biometric data). Sensitive information may be stored in databases with the prior authorization of its owner, in compliance with the provisions of articles 5 and 7 of Law 1581 of 2012.
The information contained in the entity’s databases is subject to different forms of treatment, such as collection, exchange, update processing, reproduction, compilation, storage, use, systematization and organization, all
them partially or totally in compliance with the purposes established herein. The Information may be delivered, transmitted or transferred to public entities, partners businesses, contractors, affiliates, subsidiaries, solely for the purpose of complying with the purposes of the corresponding database. In any case, the delivery, transmission or The transfer will be made after signing the commitments that are necessary to safeguard the confidentiality of the information. personal information, including Sensitive information may be transferred, transmitted, delivered to third countries, regardless of the security level of the regulations that regulate the handling of personal information. In compliance with legal duties, the ENTITY may supply the personal information to judicial or administrative entities. The ENTITY will ensure the correct use of personal data of minors, guaranteeing compliance with the applicable legal requirements and that all treatment is previously authorized and is justified in the best interests of minors.
The purpose of the information collected by the ENTITY is to allow the proper development of its purpose as a union entity, as well as the mandates in its capacity as administrator of the National Coffee Fund, including the national coffee policy.
In addition, the ENTITY keeps the necessary information to comply with legal duties, mainly in accounting, corporate, and labor matters. The information about clients, suppliers, partners and employees, current or past, is kept in order to facilitate, promote, allow or maintain labor, civil and commercial relationships. Information on market actors in order to comply with the activities of its object, particularly those related to the development, planning and implementation of programs, projects, plans, policies, contracts or agreements necessary to promote coffee growing in Colombia.
RIGHTS OF THE HOLDERS
In accordance with the provisions of article 8 of Law 1581 of 2012, holders may:
1. Know, update and rectify your personal data before the ENTITY or the This right may be exercised, among others, against partial data, inaccurate, incomplete, fractionalized, misleading, or those whose Treatment is expressly prohibited or has not been authorized.
2. Request proof of the authorization granted to the ENTITY, except when expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of this.
3. Be informed by the ENTITY or the Manager, upon request, regarding the use that you have given your personal data.
4. Submit to the Superintendence of Industry and Commerce complaints for infractions to the provisions of this law and the other regulations that modify, add or.
5. Revoke the authorization and/or request the deletion of the data when in the Treatment the principles, rights and constitutional and legal guarantees are not The revocation and/or deletion will proceed when the Superintendence of Industry and Merchant has determined that the ENTITY or the Processor has incurred in behavior contrary to this law and the Constitution.
6. Free access to your personal data that has been subject to
OBLIGATIONS OF THE ENTITY
- Guarantee the Holder, at all times, the full and effective exercise of the right of habeas dates.
- Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the
- Duly inform the Holder about the purpose of the collection and the rights who assist you by virtue of the authorization.
- Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent.
Guarantee that the information provided to the Manager is true, complete, accurate, updated, verifiable and understandable.
- Update the information, promptly communicating to the Person in Charge of the Treatment, all the news regarding the data that has previously been provided and adopt the other necessary measures so that the information provided to it is kept up to.
- Rectify the information when it is incorrect and communicate what is pertinent to the Duty Provide the Processor, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of the present law.
- Require the Manager at all times to respect the security conditions and privacy of the Holder’s information.
- Process queries and claims formulated in the terms indicated in the present law.
- Adopt an internal manual of policies and procedures to ensure adequate compliance with this law and especially, for the attention of consultations and.
- Inform the Manager when certain information is under discussion by the Holder, once the claim has been filed and has not finished the respective.
- Inform at the request of the Owner about the use given to their data.
- Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Headlines.
- Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
PROCEDURES FOR SUBMISSION AND ANSWER TO INQUIRIES
The holders of personal data that appear in the databases of the ENTITY, or their successors in title, may consult the data that the information will provide in the terms provided for in the applicable legislation. Any request for consultation, correction, updating or deletion must be submitted in writing or by email, according to the information contained in this document. Inquiries will be answered within a term of ten (10) business days counted from the date of receipt of the respective request. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.
PROCEDURES FOR PRESENTATION AND RESPONSE TO QUESTIONS, COMPLAINTS AND CLAIMS
Claims must be made in writing or by email, according to the information contained in this document, and must contain, at least, the following information: identification of the Holder, description of the facts that give rise to the claim, address of the holder, documentation that you want to present as evidence. If the claim is incomplete, the interested party will be required within five (5) days following the receipt of the claim to correct the faults. Two (2) months after the date of the request, without the applicant submitting the required information, You will understand that you have withdrawn the claim. In the event that the person receiving the claim is not competent to resolve it, will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of the situation. Once the claim is received complete, a legend will be included in the database that says “claim in process” and the reason thereof, within a term not exceeding two (2) business days. This legend must be held until the claim is decided. The maximum term to attend the claim will be fifteen (15) business days from the day following the date of receipt.
When it is not possible to address the claim within said term, the interested the reasons for the delay and the date on which your claim will be dealt with, which in no case may exceed eight (8) business days following the expiration of the first finished.
The Policies for the Treatment of Personal Information of the ENTITY will be in force from the twenty-second (22) of February 2022. The ENTITY reserves the right to modify them, in the terms and with the limitations provided by law. the databases managed by the ENTITY will be maintained indefinitely, while it develops its purpose, and as long as it is necessary to ensure compliance with obligations of a legal, particularly labor and accounting, but the data may be deleted at any moment at the request of its owner, as long as this request does not contravene a legal obligation of the ENTITY or an obligation contained in a contract between the ENTITY and the Owner.