POLICY FOR THE TREATMENT AND PROTECTION OF PERSONAL DATA TRUCCO'S FASHION S.A.S. WEBSITE.
TRUCCO'S FASHION S.A.S. domiciled in the city of Medellin, with address in Carrera 56 No 46-49 Local 902, Medellin, Antioquia, e-mail firstname.lastname@example.org and contact telephone number (+57-4) 5120440, and identified with the Nit 811.038.011-8; based on the provisions of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012 and other rules that develop, complement, modify, replace or add, through this document and in its quality as responsible for the information, discloses the Policy of Treatment and Protection of Personal Data of TRUCCO'S FASHION S.A.S. and its website.
This document aims to establish the principles, terms and conditions for the processing of personal data, an activity that includes the collection, storage, processing, updating, use, circulation, transmission, transfer and deletion of the information provided to TRUCCO'S FASHION S.A.S. development of its social object. In addition, the Personal Data Processing and Protection Policy establishes the rights of The Information Holders and the procedures to make them effective.
In accordance with Article 15 of the Colombian Political Constitution, individuals have the right to know, update and rectify the information that has been collected about them in databases or files of both public and private entities. In 2008, Law 1266, a Special and Sectoral Law regulating the so-called "financial data" was issued under which everyone has the right to know, update and rectify the information collected about it in data banks, particularly in relation to financial and credit, commercial, service and third-country information. Subsequently, Statutory Law 1581 of 2012 was issued, which was the subject of prior pronouncement by the Constitutional Court by judgment C-748 of 2011, which specified the nature and scope of that rule. This Law regulates in a general way the protection of personal data. Taking into account the regulatory framework described, financial, credit, commercial, service and third-country information will be treated in accordance with Law 1266 of 2008 and the rules supplementing, developing, modifying and/or replacing it. As provided in section j) of Article 3 of that law, the information regulated by it is information relating to the birth, performance and termination of monetary obligations, regardless of the nature of the contract giving rise to them. Other information not included within the scope of Law 1266 of 2008 will be treated in accordance with Law 1581 of 2012 and the rules that complement, develop, modify and/or replace it.
This policy will apply to all holders of the information they provide and authorize the processing of their data to TRUCCO'S FASHION S.A.S. either expressly or through unequivocal action.
In all processing of personal data carried out by TRUCCO'S FASHION S.A.S. , persons, managers and/or third parties to whom personal data is transferred must comply with principles and rules set out in the law and this policy, in order to guarantee the right of habeas data of the holders and to comply with the obligations of law. The principles that must be taken into account when dealing with information are as follows:
A. Legality in data processing: TRUCCO'S FASHION S.A.S. shall be subject to the provisions of the law and the provisions that regulate it.
B. Purpose: Any activity of processing personal data that is carried out will obey the purposes mentioned in this policy or in the authorization granted by the owner of the personal data, or in the specific documents where each type or process of processing of personal data is regulated. The purpose of the processing of personal data must be informed to the owner of the personal data at the time of obtaining his authorization. Personal data may not be processed outside the purposes informed and consented by the data subjects. The purpose for which personal data was collected is due to a legitimate purpose in accordance with the constitution and the law.
C. Freedom: The processing of personal data is carried out with the express and informed authorization of the Owner by the owner or taking into account the reasons that relieve the consent of the owner and that are enshrined in the law.
D. Veracity or quality of the data: The personal data subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. TRUCCO'S FASHION S.A.S. shall not treat personal data that is partial, fractionated and which treatment may lead to an error that may harm the owner of the information being processed. In these cases, TRUCCO'S FASHION S.A.S. will request the owner the necessary correction and update whre its necessary, so that situation does not continue to arise, in case of not being able to updated the information, TRUCCO'S FASHION S.A.S. shall refrain from processing this data.
E. Transparency: Upon request of the holder, a solution must be given to the request raised by the owner on the information that resides in the database. The response to this request will be carried out by the privacy officer directly. The unit in charge of processing the information will accompany the response process whenever is necessary.
F. Access and restricted movement: Personal data may only be processed by personnel who are authorized to do so, or who within their duties are responsible for carrying out such activities and have been authorized. Personal data may not be given to those who are not authorized or have not been enabled to carry out the processing.
G. Temporaryity: As a general rule, the owner's information will not be used beyond the reasonable period of time required by the purpose that was informed to the owner of the personal data. paragraph. In cases where there is special legislation on the subject, the information shall be retained as a term indicated by the special law.
H. Restricted access: except for expressly authorized data: Personal data may not be made available for access via the Internet or other means of mass communication, unless technical and security measures are put in place to control access and restrict it only to authorized persons.
I. Security: TRUCCO'S FASHION S.A.S. must always carry out the processing of the information providing for the technical, human and administrative measures that are necessary to maintain the confidentiality of the data and to prevent it from being adulterated, modified, consulted, used, accessed, deleted, or disclosed to unauthorized persons in a fraudulent manner, or that personal data for is lost. This treatment policy should be consulted and compliance herewith shall be ensured for any new project involving the processing of personal data.
J. Confidentiality and subsequent processing: Any personal data other than public data must be treated by those responsible as confidential, even if the contractual relationship or the link between the owner of the personal data and TRUCCO'S FASHION S.A.S. has ended. Upon termination of said relation, such personal data must continue to be processed in accordance with this policy and with the law.
K. Individuality: TRUCCO'S FASHION S.A.S. will keep separate databases in which it has the quality of manager or that could become responsible, from the databases in which it acts as responsible. TRUCCO'S FASHION S.A.S. will give harmonic application, taking into account the nature of the data and the above principles.
For the following information processing policy, account shall be taken of the parameters set out in Law 1581 of 2012 and Single Decree 1074 of 2015, which dictate the general provisions for data protection and take into account the definitions provided by them, seeking to provide more complete protection of the personal data that the database has : "Article 3rd. definitions. The following definitions shall apply for the purposes of this Law:
A. Authorization: prior, express and informed consent of the holder to carry out the processing of personal data;
B. Database: organized set of personal data which is the object of treatment;
C. Personal Data: any information linked or that may be associated with one or more specific or determinable natural persons;
D. Person in charge of the treatment: natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the person responsible for the treatment;
E. Person responsible for the treatment: public or private or legal person that - by itself or in association with others - decides on the database and/or the processing of the data;
F. Owner: natural person whose personal data is subject to treatment;
G. Treatment: any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
H. Privacy Notice: Verbal or written communication generated by the Responsible Party, addressed to the Owner for the treatment of their personal data informing as to the existence of the information treatment policies that will be applicable, the way to access them and the purposes of the treatment that is intended to give to personal data.
I. Public data: Any data that is not semi-private, private or sensitive. Public data, includes data related to the marital status of persons, their profession or trade and their status as a merchant or public servant, are considered. By their nature, public data may be contained in public records, public documents, gazettes and official gazettes and duly executed judicial decisionsnot subject to reservation.
J. Sensitive Data: Sensitive data means data that affect the Privacy of the holder or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties , as well as data related to health, sex life, and biometric data.
K. Transfer: The transfer of data takes place when the Data Controller and/or Data Processor, located in Colombia sends the information or personal data to a recipient, who is in turn responsible for the Processing and is located inside or outside the country.
L. Transmission: Processing of personal data involving the communication of these within or outside the territory of the Republic of Colombia when it is intended to carry out a treatment by the person in charge on behalf of the responsible.
PROCESSING OF PERSONAL DATA
The processing of information includes the collection, storage, processing, updating, use, circulation, transfer and deletion of personal data provided to TRUCCO'S FASHION S.A.S., in accordance with the provisions of Law 1266 of 2008, Law 1581 of 2012 and the other rules that modify, replace, develop and/or complement them. For the processing of information, TRUCCO'S FASHION S.A.S. may:
(i) Manage information collected in one or more databases according to the form and organization it deems appropriate; (ii) Verify, corroborate, validate, investigate or compare the information provided by the Holders, with any information that is legitimately available; (iii) Consult and evaluate any information about the holders that is stored in the databases of any legitimately constituted credit, financial, judicial or security risk center legitimately constituted, of state or private, national or foreign nature; (iv) Carry out the activities corresponding to the purposes indicated in the previous section of this Personal Data Processing Policy and all those related to them; (v) Share the studies you carry out on the basis of the information collected with business partners and with whom you establish a commercial and/or legal relationship for the development of your social object. TRUCCO'S FASHION S.A.S. is committed to the proper management of the information provided to it by its customers, suppliers, employees and other persons who have a relationship with TRUCCO'S FASHION S.A.S. For this purpose, it must ensure that the confidentiality of the information reserved is kept. For the fulfillment of contractual obligations and the service levels offered, TRUCCO'S FASHION S.A.S. will not transmit data to third parties, who will be hosted on their own servers. The transfer of information is carried out on the basis of confidentiality agreements through which the reservation of the information is protected and the proper compliance with this Personal Data Treatment Policy and the respective data processing policies of each of these entities participating in this process, which may be verified directly on their corresponding websites or in the means enabled for their consultation. Prior to the processing of personal data, TRUCCO'S FASHION S.A.S. will request the corresponding authorization from the Data Subjects in accordance with the provisions of this Personal Data Processing Policy, using for this purpose the authorization model or, if not, the use of acceptance tables of which a record associated with the data provided will be kept. TRUCCO'S FASHION S.A.S. is obliged to provide personal data of the Information Holders to judicial or administrative entities and control entities, upon request by same. Similarly, the personal data of the holders may be known due to external audit processes and by tax auditors, who have a legal obligation to maintain their confidentiality. The information collected by TRUCCO'S FASHION S.A.S. shall ne kept for the time required to fulfill the purpose for which it was requested or for as long as the applicable special regulations indicate it.
COLLECTION OF PERSONAL DATA
TRUCCO'S FASHION S.A.S. collects the personal data of the holders of the information as required for the development of their social object and gives them the necessary treatment to fulfill contractual commitments with their employees, customers, suppliers, with the purposes indicated in this Personal Data Treatment Policy. For the collection of personal data, TRUCCO'S FASHION S.A.S. will request the authorization of the holders of the information in accordance with the authorization model. The person in charge of the treatment shall must clearly and expressly inform the holder of the following at the time of requesting the authorization from the owner: a) The treatment to be given to the holder's personal data and the relevant purposes. b) The optional nature of the answer to the questions asked, whenever said questions relate to sensitive data or data appertaining to girls, boys and adolescents. c) The rights that assist you as Owner. d) The identification, physical or electronic address and telephone number of the person responsible for the treatment. The person in charge of the treatment must keep proof of the authorization and the information provided to obtain it. You must also provide a copy of the authorization to the owner when is requested. In order to keep the information in its updated databases, TRUCCO'S FASHION S.A.S. may consult, supplement and/or update the personal data through databases managed by different operators with due compliance with the applicable regulations.
PURPOSE OF THE PROCESSING OF PERSONAL DATA
The personal data of the holders of the Information will be collected, stored, processed, used, circulated, transferred, transmitted, shared and/or deleted, in accordance with the contractual link established, in the following database and for the purpose indicated for it:
This database stores all customer or future customer information, and resellers.
This information is collected through the virtual channels provided by TRUCCO'S FASHION S.A.S. on our website and is treated in accordance with the following purpose:
A. Manage all the information necessary to comply with the obligations with the holders of the information, both for resellers and customers.
B. Issuing the relevant invoices or equivalent documents and making the respective charges whenever its necessary , both for customers and resellers.
C. Complying with the internal processes of the company regarding the administration of clients and resellers.
D. Complying with contracts signed with clients.
E. Filing/ updating systems, protection and custody of information and databases on the website.
F. Processes within the company for development or operational and/or system administration purposes.
G. The transmission of data to third parties with with whom contracts have been concluded for this purpose, for commercial, adminitrative, marketing and/or operatinal purposes, including but not limited to the issuance of licenses, personalized certificates and certifications to third parties, in accordance with the legal provisions in force.
H. Maintaining and processing - by computer or other means, any information related to database registration.
I. Collecting, sharing and distributing information of customers and potencial customers wih third parties to offer information about products, promotions, discounts, changes and modifications in the products and services offered.
J. Conducting studies on customer habits, customers and potential customers, to offer personalized information on current and future products.
K. This information may be used, analyzed, crossed, processed and transmitted, stored, sold, etc. with advertisers, collaborators, sponsors, suppliers and strategic and commercial partners of TRUCCO'S FASHION S.A.S.
L. Any other purposes as determined by those responsible in the processes of obtaining personal data for its treatment, which are communicated to the owners at the time of collection of personal data, in order to comply with legal and regulatory obligations, as well as of company policies.
DATA FROM CHILDREN AND ADOLESCENTS
Website is designed to be used by people of legal age, in case this website is going to be used by a minor this must be accompanied at all times by its legal representative and it will be the person who gives the authorization of the processing of their personal data, for the purposes indicated above.
In accordance with the provisions of Statutory Law 1581 of 2012 and Regulatory Decree 1377 of 2013 compiled in Unique Decree 1074 of 2015, TRUCCO'S FASHION S.A.S. ensures that the Processing of the personal data of children and adolescents will be carried out with respect to their fundamental rights, for which they must have the prior, express and informed authorization of the parent or the legal representative of the child or adolescent.
Answers to questions asked about sensitive personal data are optional.
TRUCCO'S FASHION S.A.S. has technological and procedures tools that allow the secure administration of the information collected and the operation of the controls to verify compliance with this Personal Data Processing and Protection Policy. TRUCCO'S FASHION S.A.S. has contingency plans aimed at maintaining the continuity of the operation and allowing it to manage situations that may put the information collected at risk. In this sense, it is relevant to note that TRUCCO'S FASHION S.A.S. has reasonable security to prevent unauthorized access to its information systems, thus, third parties will not be able to access the information supplied, collected and stored by TRUCCO'S FASHION S.A.S. without due permission. Only authorized persons may access the information in accordance with the provisions of this Personal Data Processing and Protection Policy.
The virtual databases managed by TRUCCO'S FASHION S.A.S. are stored a server supplied by the storage service provider X- PROFESIONAL HOSTING -X where only authorized personnel and those with their own data treatment and protection policies have access. The information can only be consulted by persons who have security keys assigned, which are delivered exclusively to authorized persons in the responsible areas. However, the foregoing, TRUCCO'S FASHION S.A.S. will not be liable for computer attacks and, in general, for any action that aims to violate the security measures established for the protection of personal data, by us or by third parties with the respective contractual relationship is in place.
TRUCCO'S FASHION S.A.S. designate a privacy officer, who will be responsible for receiving and responding to requests, complaints, claims and inquiries, that the holders of the information have about the treatment of their information. The privacy officer's functions include, but are not limied to, the following, which may increase in favor of the protection of the rights of the holders of the information: A. Receive requests from holders of personal data, process and respond to those under the law or these policies, such as: requests for updating personal data; requests to know personal data; requests for the deletion of personal data when the owner freely requests the deletion or when the owner submits a copy of the decision of the Superintendency of Industry and Commerce in accordance with the provisions of the law, requests for information on the use given to his personal data, requests for updating of personal data, requests for proof of authorization granted, when it has proceeded in accordance to the law. B. Respond to the holders of personal data on requests that do not proceed in accordance with the law. C. To serve as a link between regulatory organizations regarding the issue related to privacy, confidentiality and information security, in this case the Superintendency of Industry and Commerce. D. Conduct periodic assessments of compliance with privacy, confidentiality and security policies. E. Comply with the legal obligations dictated in the rules on the processing of personal data, in particular what is enshrined in Law 1581 of 2012 and its regulatory decrees. F. Guide staff on the subject of processing information and privacy. G. Control and verify access to personal data handled by TRUCCO'S FASHION S.A.S.
RIGHTS OF THE OWNERS
The Data Subject has the following rights:
a) Know, update and rectify your personal data in front of the treatment manafers. This right may be exercised, among others, against partial, inaccurate, incomplete, fractional misleading data, or those whose treatment is expressly prohibited or has not been authorized;
b) Request proof of the authorization granted to TRUCCO'S FASHION S.A.S., except when expressly exempted as a requirement for processing in accordance with the provisions of applicable law;
c) Be informed by the person responsible for the treatment, upon request, regarding the use that has been given to your personal data;
d) Present the complaints for infractions to the applicable regulations before the Superintendency of Industry and Commerce;
e) Revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the treatment. Revocation and/or deletion shall proceed when the Superintendency of Industry and Commerce has determined that in the treatment the responsible has committed conduct contrary to current regulations. The request for the deletion of the information and the revocation of the authorization shall not proceed when the Holder has a legal or contractual duty to remain in the database. The treatment authorizations granted for purposes other than the actual execution of the contract or the legal or commercial relationship that it has with TRUCCO'S FASHION S.A.S. may be revoked at any time;
f) Free Access to your personal data that has been processed. The information holder may consult their personal data free of charge: (i) at least once every calendar month and (ii) whenever there are substantial changes to the Information Treatment Policies that motivate new consultations, being understood as substantial when the change relates to the purpose of the treatment;
(g) The others provided for in Law 1266 of 2008 and in Law 1581 of 2012 and the regulations that amend, supersede, develop and/or complement them.
PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF INFORMATION HOLDERS
The procedures and rules for the exercise of rights in favor of Information Holders are described below: Channels and hours For the exercise of the rights to be known, update, rectify and delete information, as well as to revoke the authorization, the holders of the information can make their requests through the following mechanisms which may be physical as an office procedure at Carrera 56 No. 46-49 local 902 Medellin, Antioquia; electronic through the email email@example.com mail or by telephone in the helpline (+57-4) 512-0440.
Authorized Persons: The rights of the Holders of the Information may be exercised by the following persons, accreditation of the corresponding quality:
a) By the Holder, who must present their identity document.
b) Their successors, who must present the identity document, civil registration of death record of the Holder, document attesting to the quality in which he acts and the number of the Identity Document of the Holder.
c) By the representative and/or attorney of the Holder, who must present valid identity document, a document proving the quality in which he acts (power of attorney) and the number of the Identity Document of the Holder.
Applicants must attach documents proving their status to act against TRUCCO'S FASHION S.A.S..
Inquiries will be attended within a maximum term of ten (10) business days from the date of establishment. When it is not possible to attend a query within that term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which his consultation will be attended, which in no case may exceed five (5) working days following the expiration of the first term.
Processing Petitions or Claims:
The Owner or his/her successors who consider that the information contained in the databases administered by TRUCCO'S FASHION S.A.S. should be subject to correction, update or deletion, or whenever they notice the alleged breach of any of the duties contained in the applicable law, may submit a petition or claim before the Data Controller which will be processed under the following rules:
a) The claim will be made by request addressed to the Data Controller, with the identification of the Owner, the description of the facts that give rise to the claim, the address, and accompanied by supporting documentation. If the claim is incomplete, the interested party will be required to complete it within five (5) days after receiving the claim. After Two (2) months from the date of the request without a response from the complainant with the requisite supplementary information, it will be understood that the claim has been withdrawn. In the event that the person receiving the claim is not competent to resolve it, he/she shall transfer it to corresponding person within a maximum of two (2) business days and will inform the interested party of the situation.
b) Once the complete claim has been received, a legend that says "claim in process" and the reason for the claim will be included in the database, within a period of no more than two (2) business days. Such legend must be kept until the claim is decided.
c) The maximum term to respond the claim shall be fifteen (15) business days from the day following the date of receipt. Where it is not possible to respond to the claim within that term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term. The maximum term to respond to a request or claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to respond to the request within said term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which his request will be met, which in no case may exceed eight (8) business days following the expiration of the first term.
Complaints to the Superintendency of Industry and Commerce:
The holder, successor or attorney-in-fact must first exhaust the consultation or claim process, before contacting the Superintendency of Industry and Commerce.
VALIDITY AND MODIFICATIONS OF THE PERSONAL DATA PROCESSING POLICY
This version of the Personal Data Treatment Policy will be published on the website.
TRUCCO'S FASHION S.A.S. has disseminated this policy to its officials, collaborators, suppliers and others who have any responsibility in the processing of personal data. TRUCCO'S FASHION S.A.S. reserves the right to modify this Personal Data Treatment Policy at any time. Any change will be informed and published in a timely manner on the page www.truccos.com.co/es/ TRUCCO'S FASHION S.A.S. is committed to carrying out timely dissemination and training campaigns for the proper understanding and application of this Personal Data Treatment Policy. This is the first version which shall come into effect from November 04, 2020.