INFORMATION PROCESSING POLICY
.
.
Considerations
Article 15 of the Political Constitution of Colombia, establishes the right of any person to know, update and rectify the personal data that exist about them in the data bank or files of public or private entities. Likewise, it orders those who have personal data of third parties to respect the rights and guarantees provided in the Constitution when this type of information is collected, processed and circulated.
Law 1581 of October 17, 2012 and the sole decree 1074 of 2015 establish the minimum conditions to carry out the legitimate treatment of the personal data of clients, employees and any other natural person. Both literal K) of article 17 and f) of article 18 of said law; T & A CONSULTING SAS obliges those responsible and in charge of the processing of personal data to “adopt an internal manual of policies and procedures to guarantee adequate compliance with this law, and especially, to attend to queries and claims. "
Mandatory
T & A CONSULTING SAS is committed to respecting the rights of its clients, employees, suppliers, contractors, shareholders and third parties in general. For this reason, it adopts the following personal data treatment policy of mandatory application in all activities that involve the processing of personal data.
These policies are mandatory and written compliance by all employees of T & A CONSULTING SAS in Colombia, contractors and third parties acting on behalf of T & A CONSULTING SAS
All employees of T & A CONSULTING SAS must observe and respect these policies in the performance of their duties. In cases where there is no employment relationship, a contractual clause must be included for those who act on behalf of T & A CONSULTING SAS. They are obliged to comply with these policies.
Failure to comply with them will give rise to labor penalties or contractual liability, as the case may be. The foregoing without prejudice to the duty to respond financially for the damages caused to the owners of the data or to T & A CONSULTING SAS for the breach of these policies or the improper processing of personal data.
Concepts and Definitions of Importance.
For the interpretation of the policies and application of the rules contained in this Manual, the following definitions must be taken into account:
Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data.
Privacy Notice: Verbal or written communication generated by the Responsible Party, addressed to the owner for the processing of their personal data, by means of which they are informed about the existence of the information processing policies that will be applicable, the way to access to the same and the purposes of the Treatment that is intended to give the information.
Consultation: request from the owner of the data or the persons authorized by him or by T & A CONSULTING SAS to know the information that rests on it in databases or files.
Personal data: Any information linked or that may be associated with one or more specific or determinable natural persons. These data are classified as sensitive, public, private and semi-private.
Sensitive personal data: Information that affects the privacy of the person or whose improper use can generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, of human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data (fingerprints, among others).
Public personal data: It is the data classified as such according to the mandates of the Law or the Political Constitution and all those that are not semi-private or private. The data contained in public documents, public records, gazettes and official gazettes and duly executed judicial decisions that are not subject to reserve, are public, among others, those related to the civil status of the people, their profession or trade and their quality of merchant or public servant. The personal data existing in the commercial register of the Chambers of Commerce (article 26 of the C. Co) are public. These data can be obtained and offered without any reservation and regardless of whether they refer to general, private or personal information.
Semi-private personal data. The data that is not intimate, reserved, or public in nature and whose knowledge or disclosure may be of interest not only to the owner but to a certain sector or group of people or to society in general, such as, among others, the data referring to compliance is semi-private. and breach of financial obligations or data relating to relationships with social security entities.
Person in charge of the treatment: Person who carries out the data processing on behalf of the person responsible for the treatment.
Claim: Request from the owner of the data or the persons authorized by it or by law to correct, update or delete their personal data.
Responsible for the treatment: person who decides on, among others, the collection and purposes of the treatment. It may be, by way of example, the company that owns the database or information system that contains personal data.
Data owner: It is the natural person to whom the data refers.
Treatment: Any operation or set of operations on personal data such as, among others, the collection, storage, use, circulation or deletion of that kind of information.
Transmission: Processing of personal data that implies the communication of the same within (national transmission) or outside of Colombia (international transmission) and that is intended to carry out a treatment by the Manager on behalf of the Responsible.
Transfer: Sending of personal data made by the Responsible or the Person in Charge from Colombia to a Responsible who is inside (national transfer) or outside the country (international transfer).
Object:
The purpose of this document is to regulate the policies and procedures that will be applicable in the handling of personal data information by T & A CONSULTING SAS hereinafter THE COMPANY, according to the provisions contained in Law 1581 of 2012 and Decree 1377 of 2013; as well as the setting of the parameters that will guarantee the protection of the constitutional right that all people have to know, update, and rectify the information that has been collected about them in the databases of T & A CONSULTING SAS
T & A CONSULTING SAS will take all the necessary measures, at a physical, technical and legal level to guarantee that the information processed by THE COMPANY is safe from any attack or attempt to access it by unauthorized persons, as well as to ensure that the treatment given by THE COMPANY is adapted to the purpose established by the reason for its collection.
T & A CONSULTING SAS , will request the Holders of the information, authorization for the processing of personal data and will indicate the following:
The treatment to which they will be subjected and the purpose for which the personal data is collected.
The rights that assist you as the Owner.
The information and communication channels through which the Holders can exercise their rights before the Responsible and / or Person in Charge of Treatment.
The optional nature of the Holder to give or not an answer to questions that relate to sensitive data or the data of girls, boys and adolescents.
Area of application.
In accordance with Law 1581 of 2012 and decree 1074 of 2015, this privacy and personal data protection policy will have as its scope, all the data of natural persons that are registered in the databases managed by LA COMPANY, or whose treatment has been entrusted to it.
Responsible for the Treatment:
T & A CONSULTING SAS , is the legal person that decides on the treatment of the information contained in its databases.
Company Name: T & A CONSULTING SAS
Main Office: Carrera 28No. 13A - 24 Office 507
PBX: (57-1) 300-1971
Email: contact@tya-consulting.com
Treatment to which the data will be submitted and its purpose:
Treatment is any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
The information collected by T & A CONSULTING SAS ., In the provision of its services and in general in the development of its corporate purpose, is used mainly to identify, maintain a record and control of the suppliers, customers, shareholders and employees of the company.
T & A CONSULTING SAS may also:
Know the information of the owner in credit information centers such as CIFIN, DATACRÉDITO or in operators of financial, credit, commercial information banks and from third countries in accordance with Law 1266 of 2008.
Access and consult the information of the owner of the data that resides or is contained in databases or files or files of any public or private entity, whether national or international.
General information processing:
Process.
Confirm.
Comply.
Provide products and / or services purchased directly or with the participation of third parties.
Promote and advertise our activities, products and services.
Make transactions.
Make reports with the different administrative authorities of national control and surveillance, police or judicial authorities, financial entities and / or insurance companies.
Internal administrative and / or commercial purposes such as: market research, audits, accounting reports, statistical analysis or billing.
Harvest.
Storage.
Recording.
Use.
Circulation.
Prosecution.
Suppression.
Transmission and / or transfer to third countries of the data provided, for the execution of activities related to the products and services purchased.
Accounting records
Correspondence
Identification of fraud and prevention of money laundering and other criminal activities.
Shareholder Information:
Make the payment of dividends.
Compliance with judicial decisions and administrative and legal provisions.
Control of shareholding.
Contacts.
Compliance with judicial decisions and administrative and legal, fiscal and regulatory provisions.
Provider information:
For commercial purposes.
Accounting.
Compliance with judicial decisions and administrative and legal, fiscal and regulatory provisions.
Compliance with contractual obligations, for which the information may be transferred to third parties, such as financial entities, notaries, OFAC and terrorism lists, lawyers, etc.
To carry out the processes in which the suppliers are linked.
Any other use that the provider authorizes in writing for the use of your information.
Transmission of information and personal data in audit processes.
Customer information:
For commercial purposes.
Publicity and marketing.
Accounting.
Compliance with contractual obligations, for which the information may be transferred to third parties, such as financial entities, notaries, OFAC and terrorism lists, lawyers, etc.
Compliance with judicial decisions and administrative and legal, fiscal and regulatory provisions.
Transmission of information and personal data in audit processes.
Billing.
Information on employees, retired workers, pensioners and candidates to fill vacancies:
For purposes relevant to the employment relationship (EPS, ARL, Pension and Severance Funds, Family Compensation Funds, etc.).
In the case of employees with the signing of the employment contract, express authorization is understood to treat the information.
In case of judicial and legal requirements.
Accounting and payroll.
Recruit and select the personnel who will fill the vacancies.
Process, confirm and comply with the labor, legal and extra-legal obligations derived from the employment contract.
Make transactions.
Payment of extralegal benefits.
Audits
Statistical analysis.
Training and education.
Share personal data with banks, companies that offer benefits to our active workers, among others.
T & A CONSULTING SAS , recognizes the importance of security, privacy and confidentiality of the personal data provided by people, for which it is committed to its protection and proper handling, in accordance with the legal regime for the protection of personal data and in particular to as provided in this notice.
Validity:
The aforementioned databases will be valid for the duration of the commercial or employment relationship, as the case may be; plus 10 additional years in which the information will be kept in a historical file of the people who have been linked to THE COMPANY.
Rights of the Holder:
The owner is a natural person whose personal data is collected, stored or used by the Data Controller. The owner will have the following rights.
Know, update and rectify your personal data in front of the Responsible, when the data is partial, inaccurate, incomplete, fractioned, and misleading. In any case, the Owner undertakes to provide accurate information.
Be informed prior request directed by the person in charge of the treatment regarding the use that has been given to your personal data.
Present before the Superintendency of Industry and Commerce, complaints for infractions to the provisions of Law 1581 of 2012 and its regulatory Decrees and other regulations that modify, add or complement it.
Revoke the authorization and / or request the deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees, as long as the Holder does not have a legal or contractual duty to remain in the database.
Free access to your personal data that have been subject to Treatment by the Responsible.
Procedure for inquiries, data update and claims:
Queries: The Holders or their successors in title may consult the personal information of the Holder that resides in the T & A CONSULTING SAS database
The query must be made by written means, either by written communication to Carrera 28 No. 13A - 24 Office 507, in the city of Bogotá or sent to the email contact@tya-consulting.com
The query will be answered within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.
Claims: The Holder or his successors in title who consider that the information contained in the T & A CONSULTING SAS database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in this document or in the law, they may file a claim.
The claim will be made through a request addressed to Benoit Thomas Tabard , at the following address: Carrera 28 No. 13A - 24 Office 310, in the city of Bogotá or sent to the email contact@tya-consulting.com , which must inform: Name and identification of the Holder, the description of the facts that give rise to the claim, the address, email, and accompanying the documents that you want to enforce.
If the claim is incomplete, the interested party will be required within five (5) days after receiving the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
Once the complete claim is received, a legend that says "claim in process" and the reason for it will be included in the database, within a term not exceeding two (2) business days. Said legend must be kept until the claim is decided.
The maximum term to attend the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.
Requirement of processibility. The Holder or successor in title may only file a complaint with the Superintendency of Industry and Commerce once the consultation or claim process has been exhausted before T & A CONSULTING SAS
Data collected before the issuance of Decree 1377 of 2013:
For the data collected before the issuance of decree 1377 of 2013, T & A CONSULTING SAS ., Has at the disposal of the owners, in their offices, the information treatment policies and the way to exercise their rights, which are published on the information board of the company.
Likewise, these policies will be made known to each of the holders of the information, to the corresponding email, registered in our databases, which will be done through our channel
If, within thirty (30) days after sending the corresponding email, containing the Treatment Policies for Personal Data, the Holder has not contacted the person in charge to request the correction, deletion, authorization of their personal data , T & A CONSULTING SAS , will continue to carry out the treatment contained in its databases for the purposes indicated in the privacy notice.
Modifications to the privacy policies:
T & A CONSULTING SAS , reserves the right to make modifications or updates to this Privacy Policy at any time, in order to attend to new legislation, internal policies or new requirements for the provision or offering of its services.
These modifications will be available to the public at the offices of T & A CONSULTING SAS ., Carrera 28 No. 13A- 24 Office 310, telephone 3001971, E-mail: contact@tya-consulting.com www.tya-consulting.com
,Acceptance:
The holders of the information accept the processing of their personal data in accordance with the terms of this Privacy Notice, at the time of providing their data.
11. Validity:
This General Privacy Policy is effective from the date of its publication.