POLICY FOR THE TREATMENT AND PROTECTION OF PERSONAL DATA TRUCCO'S FASHION S.A.S. WEBSITE.
TRUCCO'S FASHION S.A.S. domiciled in the city of Medellin, with address in Carrera 56 No 46-49 Local 902, Medellin, Antioquia, e-mail address firstname.lastname@example.org and contact telephone number 4-5120440, and identified with the Nit 811.038.011-8; based on the provisions of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012 and other rules that develop, complement, modify, replace or add, through this document and in its quality as responsible for the information, discloses the Policy of Treatment and Protection of Personal Data of TRUCCO'S FASHION S.A.S. and its website.
This document aims to establish the principles, terms and conditions for the processing of personal data, an activity that includes the collection, storage, processing, updating, use, circulation, transmission, transfer and deletion of the information provided to TRUCCO'S FASHION S.A.S. development of its social object. In addition, the Personal Data Processing and Protection Policy establishes the rights of The Information Holders and the procedures to make them effective.
In accordance with Article 15 of the Colombian Political Constitution, individuals have the right to know, update and rectify the information that has been collected about them in databases or files of both public and private entities. In 2008, Law 1266, a Special and Sectoral Law regulating the so-called "financial data" was issued under which everyone has the right to know, update and rectify the information collected about it in data banks, particularly in relation to financial and credit, commercial, service and third-country information. Subsequently, Statutory Law 1581 of 2012 was issued, which was the subject of prior pronouncement by the Constitutional Court by judgment C-748 of 2011, which specified the nature and scope of that rule. This Law regulates in a general way the protection of personal data. Taking into account the regulatory framework described, financial, credit, commercial, service and third-country information will be treated in accordance with Law 1266 of 2008 and the rules supplementing, developing, modifying and/or replacing it. As provided for in Article 3(j) of that law, the information regulated by it is information relating to the birth, performance and termination of monetary obligations, regardless of the nature of the contract giving rise to them. Other information not within the scope of Law 1266 of 2008 will be treated in accordance with Law 1581 of 2012 and the rules that complement, develop, modify and/or replace it.
This policy will apply to all holders of the information they provide and authorize the processing of their data to TRUCCO'S FASHION S.A.S. either expressly or through unequivocal action.
In all processing of personal data carried out by TRUCCO'S FASHION S.A.S. , persons who are delegue, processors and/or third parties to whom personal data is transferred must comply with the principles and rules set out in the Law and this Policy, in order to guarantee the right to the right to be left to the holders and to comply with the obligations of law. Principles to consider when treating:
A. Legality in data processing: TRUCCO'S FASHION S.A.S. shall be subject to the provisions of the law and the provisions governing it.
B. Purpose: Any activity of processing personal data that is carried out will obey the purposes mentioned in this policy or in the authorization granted by the owner of the personal data, or in the specific documents where each type or process of processing of personal data is regulated. The purpose of the processing of personal data must be informed to the owner of the personal data at the time of obtaining his authorization. Personal data may not be processed outside the purposes informed and consented by the data subjects. The purpose for which personal data was collected is due to a legitimate purpose in accordance with the constitution and the law.
C. Freedom: The processing of personal data is carried out with the express and informed authorization of the Owner by the owner or taking into account the reasons that relieve the consent of the owner and that are enshrined in the law.
D. Veracity or quality of the data: The personal data subject to processing must be truthful, complete, accurate, up-to-date, verifiable and understandable. TRUCCO'S FASHION S.A.S. it does not process personal data that are partially, fractionally split and that its processing may induce an error that may harm the owner of the processing of the information, when these cases are presented, TRUCCO'S FASHION S.A.S. will ask the owner for the necessary correction and update so that this situation does not continue to occur, in case the information cannot be updated will refrain from processing this data.
E. Transparency: Upon request of the holder, the request raised by the holder on the information that rests in the database should be eded. The response to this request will be made by the privacy officer directly. The information processing unit will accompany the response process where necessary.
F. Access and restricted movement: Personal data may only be processed by personnel who are authorized to do so, or who within their duties are responsible for carrying out such activities and have been authorized. Personal data may not be given to those who are not authorized or have not been enabled to carry out the processing.
G. Temporaryity: As a general rule, the owner's information will not be used beyond the reasonable period of time required by the purpose that was informed to the owner of the personal data. paragraph. In cases where there is special legislation on the subject, the information shall be retained as a term indicated by the special law.
H. Restricted access: except for expressly authorized data: Personal data may not be made available for access via the Internet or other means of mass communication, unless technical and security measures are put in place to control access and restrict it only to authorized persons.
I. Security: TRUCCO'S FASHION S.A.S. must always carry out the processing of the information providing for the technical, human and administrative measures that are necessary to maintain the confidentiality of the data and to prevent it from being adulterated, modified, consulted, used, accessed, deleted, or known to unauthorized persons or authorized and unauthorized persons fraudulently, or that personal data is lost. For any new project involving the processing of personal data, this processing policy should be consulted and ensure compliance with this rule.
J. Confidentiality and subsequent processing: Any personal data other than public data must be treated by those responsible as confidential, even if the contractual relationship or the link between the owner of the personal data and TRUCCO'S FASHION S.A.S. has ended. At the termination of such link, such personal data must continue to be processed in accordance with this policy and with the law.
K. Individuality: TRUCCO'S FASHION S.A.S. will keep separate databases in which it has the quality of manager or that could become responsible, from the databases in which it acts as responsible. TRUCCO'S FASHION S.A.S. will give harmonic application, taking into account the nature of the data and the above principles.
For the following information processing policy, account shall be taken of the parameters set out in Law 1581 of 2012 and Single Decree 1074 of 2015, which dictate the general provisions for data protection and take into account the definitions provided by them, seeking to provide more complete protection of the personal data that the database has : "Article 3rd. definitions. For the purposes of this Law:
A. Authorization: prior, express and informed consent of the holder to carry out the processing of personal data;
B. Database: organized set of personal data to be processed;
C. Personal Data: any information that is linked to or that may be associated with one or more natural persons determined or determinable;
D. Processor: natural or legal person, public or private, who by himself or in association with others, performs the processing of personal data on assistance of the controller;
E. Data Controller: natural or legal person, public or private, who by himself or in association with others, decides on the basis of data and/or the processing of the data;
F. Holder: natural person whose personal data are processed;
G. Processing: any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
H. Privacy Notice: Verbal or written communication generated by the Responsible, addressed to the Owner for the Processing of his/her personal data, by which he/she is informed about the existence of the information processing policies that will be applicable to him, the way to access them and the purposes of the Processing that is intended to give to personal data.
I. Public data: This is data that is not semi-private, private or sensitive. Public data, including data relating to the marital status of persons, their profession or trade and their status as a trader or public servant, are considered. By their nature, public data may be contained, interless, in public records, public documents, gazettes and official bulletins and duly executed court rulings that are not subject to reservation.
J. Sensitive Data: Sensitive data means data that affect the Privacy of the Owner or whose misuse may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties , as well as data on health, sex life, and biometric data.
K. Transfer: The transfer of data takes place when the Data Controller and/or Data Processor, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Processing and is located inside or outside the country.
L. Transmission: Processing of personal data involving the communication of these within or outside the territory of the Republic of Colombia when it is intended to carry out a Processing by the controller on without the Responsibility.
PROCESSING OF PERSONAL DATA
The processing of information includes the collection, storage, processing, updating, use, circulation, transfer and deletion of personal data provided to TRUCCO'S FASHION S.A.S., in accordance with the provisions of Law 1266 of 2008, Law 1581 of 2012 and the other rules that modify, replace, develop and / or complement them. For the processing of TRUCCO'S FASHION S.A.S. information you can:
(i) Manage information collected in one or more databases as it deems appropriate; (ii) Verify, corroborate, verify, validate, investigate or compare the information provided by the Holders, with any information that is legitimately available; (iii) Consult and evaluate any information stored on Holders in the databases of any legitimately constituted credit, financial, judicial or security risk plant, state or private, national or foreign; (iv) Carry out the activities corresponding to the purposes indicated in the previous section of this Personal Data Processing Policy and all those related to them; (v) Share the studies you carry out on the basis of the information collected with business partners and with which you establish a commercial and/or legal relationship for the development of your social object. TRUCCO'S FASHION S.A.S.is committed to the proper management of the information provided to it by its customers, suppliers, employees and other persons who have a relationship with it. For this purpose, it must ensure that the confidentiality of the information reserved is kept. For the fulfillment of contractual obligations and the service levels offered, TRUCCO'S FASHION S.A.S. will not transmit data to third parties, who will be hosted on their own servers. The transfer of information is carried out on the basis of confidentiality agreements through which the reservation of the information is protected and the proper compliance with this Personal Data Processing Policy and the respective data processing policies of each of these entities participating in this process, which may be verified directly on their corresponding websites or in the means enabled for their consultation. Prior to the processing of personal data, TRUCCO'S FASHION S.A.S. will request the corresponding authorization from the Data Subjects in accordance with the provisions of this Personal Data Processing Policy, using for this purpose the authorization model or, if not, the use of acceptance boxes of which a record associated with the data provided will be keep. TRUCCO'S FASHION S.A.S. is obliged to provide personal data of the Information Holders to judicial or administrative entities and control entities, upon request by them. Likewise, the personal data of the holders may be known due to external audit processes and by tax reviewers, who have a legal obligation to maintain their confidentiality. The information collected by TRUCCO'S FASHION S.A.S. is retained for the time required to fulfill the purpose for which it was requested or for as long as the applicable special regulations indicate it.
COLLECTION OF PERSONAL DATA
TRUCCO'S FASHION S.A.S. , collects the personal data of the Data Subjects that are required for the development of their social object and gives them the necessary treatment to fulfill contractual commitments with their employees, customers, suppliers, for the purposes indicated in this Personal Data Processing Policy. For the collection of personal data, TRUCCO'S FASHION S.A.S.will request the authorization of the holders of the information in accordance with the authorization model. The controller, when requesting the authorization from the holder, must inform him in a clear and express manner the following: a) The Processing to which his personal data will be subject and the purpose of the same. b) The optional nature of the answer to the questions asked to it, where they are based on sensitive data or on the data of girls, boys and adolescents. c) The rights that assist you as Owner. d) The identification, physical or electronic address and telephone number of the controller. The controller must keep proof of the authorisation and the information provided for obtaining it. You must also provide a copy of the authorization to the holder when you request it. In order to keep up to date the information that rests in its databases, TRUCCO'S FASHION S.A.S., may consult, supplement and / or update the personal data, through databases managed by different operators with due compliance with the applicable regulations.
PURPOSE OF THE PROCESSING OF PERSONAL DATA
The personal data of the holders of the Information will be collected, stored, processed, used, circulated, transferred, transmitted, shared and/or deleted, in accordance with the contractual link established, in the following database and for the purpose indicated for it:
This database stores all customer or future customer information, and marketers.
This information that is collected through the virtual channels provided by TRUCCO'S FASHION S.A.S., on the website, is treated in accordance with the following purpose:
A. Manage all the information necessary to fulfill the obligations with the holders of the information, both marketers and customers.
B. Issue the respective invoices or equivalent documents and make the respective collections in the necessary cases, both for customers and marketers.
C. Comply with the company's internal processes in terms of customer and marketer management.
D. Fulfill the contracts you enter into with customers.
E. The process of file, updating systems, protecting and guarding information and databases of the website.
F. Processes within the company, for development or operational and/or system administration purposes.
G. The transmission of data to third parties with whom contracts have been concluded for this purpose, for commercial, administrative, marketing and/or operational purposes, including, but not limited to, the issuance of licenses, personalized certificates and certifications to third parties, in accordance with the legal provisions in force.
H. Maintain and process by computer or other means, any information related to database registration.
I. Collect, share and distribute customer and lead information with third parties to provide information about products, promotions, discounts, changes and modifications to the products and services offered.
J. RHighlight consumer habit studies, from customers and potential customers, to provide personalized information about current and future products.
K. This information may be used, analyzed, crossed, treated and transmitted, storage, sale etc. with advertisers, collaborators, sponsors, suppliers and strategic and commercial partners of TRUCCO'S FASHION S.A. S.
L. The other purposes determined by the responsible in the process of obtaining personal data for processing, which are communicated to the holders at the time of the collection of personal data, in order to comply with the legal and regulatory obligations, as well as the policies of the company.
DATA FROM CHILDREN AND ADOLESCENTS
Website is designed to be used by persons of legal age, in case it is to be used by a minor this must be accompanied at all times by its legal representative and it will be the person who gives the authorization of the processing of their personal data, for the purposes indicated above.
In accordance with the provisions of Statutory Law 1581 of 2012 and Regulatory Decree 1377 of 2013 compiled in Single Decree 1074 of 2015, TRUCCO'S FASHION S.A.S.ensures that the Processing of the personal data of children and adolescents will be carried out with respect to their fundamental rights, so you must have the prior, express and informed authorization of the parent or the legal representative of the child, child or adolescent.
Answers to questions asked about sensitive personal data are optional.
TRUCCO'S FASHION S.A.S. it has technological procedures and tools that allow the secure administration of the information collected and the operation of the controls to verify compliance with this Personal Data Processing and Protection Policy. It also has contingency plans aimed at maintaining the continuity of the operation and that allow you to manage situations that may jeopardize the information collected. In this sense it is relevant to note that TRUCCO'S FASHION S.A.S.has reasonable security to prevent unauthorized access to its information systems, so that without due permission, third parties will not be able to access the information provided, collected and stored by TRUCCO'S FASHION S.A.S.. Only authorized persons may access the information in accordance with the provisions of this Personal Data Processing and Protection Policy.
The virtual databases managed by TRUCCO'S FASHION S.A.S.are stored a server supplied by the storage service provider X- PROFESIONAL HOSTING -X where only authorized personnel and those with their own data processing and protection policies have access. The information can only be consulted by persons who have security keys assigned, which are delivered exclusively to authorized persons in the responsible areas. However, the above, TRUCCO'S FASHION S.A.S. will not be liable for computer attacks and, in general, for any action that aims to violate the security measures established for the protection of personal data, on our part or by third parties with which the respective contractual relationship is in place.
TRUCCO'S FASHION S.A.S. designate a privacy officer, who will be responsible for receiving and responding to requests, complaints, complaints and inquiries, that the holders of the information have about the processing of their information. Among the functions of the privacy officer are the following, without this being a tax list of its functions, which may increase in order to protect the rights of the holders of the information. A. Receive requests from holders of personal data, process and respond to those based on the law or these policies, such as: requests for updating personal data; requests to know personal data; requests for the deletion of personal data when the freely owner requests the deletion or when the holder submits a copy of the decision of the Superintendency of Industry and Commerce in accordance with the provisions of the law, requests for information on the use given to his personal data, requests for updating of personal data, requests for proof of authorization granted, when she has proceeded in accordance with the law. B. Respond to holders of personal data on requests that do not proceed in accordance with the law. C. To serve as a link between regulatory organizations in the face of the issue related to privacy, confidentiality and information security, in this case the Superintendency of Industry and Commerce. D. Conduct periodic assessments of compliance with privacy, confidentiality and security policies. E. Comply with the legal obligations dictated in the rules on the processing of personal data, in particular what is enshrined in Law 1581 of 2012 and its regulatory decrees. F. Guidance to staff in the topic of processing information and privacy of this. G. Control and verify access to personal data handled by TRUCCO'S FASHION S.A.S.
RIGHTS OF THE OWNERS
The Data Subject has the following rights:
a) Know, update and rectify your personal data against the Data Controllers. This right may be exercised, among others, against partial, inaccurate, incomplete, fractional data, which are induced by mistake, or those whose processing is expressly prohibited or has not been authorized;
b) Request proof of the authorization granted to TRUCCO'S FASHION S.A.S., except where expressly exempted as a requirement for processing in accordance with applicable law;
c) Be informed by the Controller, upon request, regarding the use you have given them to your personal data;
d) File complaints with the Superintendency of Industry and Commerce for the violation of applicable regulations;
e) Revoke the authorization and/or request the deletion of the data when the processing does not respect the constitutional and legal principles, rights and guarantees. Revocation and/or deletion shall proceed where the Superintendency of Industry and Commerce has determined that in the processing the Controller has committed conduct contrary to current regulations. The request for the deletion of the information and the revocation of the authorization shall not proceed when the Holder has a legal or contractual duty to remain in the database. The processing authorizations granted for purposes other than the proper execution of the contract or the legal or commercial relationship you have with TRUCCO'S FASHION S.A.S.may be revoked at any time;
f) Access your personal data that has been processed free of charge. The Data Subject may consult his/her personal data free of charge: (i) at least once each calendar month and (ii) whenever there are substantial changes to the Information Processing Policies that motivate further consultations, being understood as substantial when the change relates to the purpose of the processing;
(g) The others provided for in Law 1266 of 2008 and Law 1581 of 2012 and the rules amending, replacing, developing and/or supplementing them.
PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF INFORMATION HOLDERS
The following are the procedures and rules for the exercise of rights in favor of Information Holders. Channels and Schedules For the exercise of the rights to be known, update, rectify and delete information, as well as to revoke the authorization, The Holders of the Information can make their requests through the following mechanisms which may be physical as a windowwork to the address Carrera 56 No. 46-49 local 902 Medellin, Antioquia; electronic through the email@example.com mail or by telephone in the line of attention 4-5120440.
Authorized Persons: The rights of the Holders of the Information may be exercised by the following persons, accreditation of the corresponding quality:
a) By the Holder, who must present the ID.
b) For their successors, who must present the identity card, civil death record of the Holder, document attesting to the quality in which he acts and the number of the Identity Document of the Holder.
c) By the representative and/or proxy of the Holder, who must present valid identity card, document proving the quality in which he acts (power) and the number of the Identity Document of the Holder.
Applicants must attach documents proving their status to act against TRUCCO'S FASHION S.A.S..
Inquiries will be attended within a maximum term of ten (10) business days from the date of establishment. Where it is not possible to attend a consultation within that term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which his consultation will be attended, which in no case may exceed five (5) working days following the expiration of the first term.
Processing Petitions or Claims:
The Owner or its successors who consider that the information contained in the databases administered by TRUCCO'S FASHION S.A.S. must be corrected, updated or suppressed, or when they notice the alleged breach of any of the duties contained in the applicable law, may file a petition or complaint with the Data Controller which will be processed under the following rules:
a) The claim will be made by request addressed to the Data Controller, with the identification of the Owner, the description of the facts that give rise to the claim, the address, and accompanying the documents to be enforced. If the claim is incomplete, the data subject will be required within five (5) days of receipt of the claim to re-issue the failures. Two (2) months after the date of the request, without the applicant presenting the required information, it shall be understood that he has given up the claim. In the event that the person receiving the claim is not competent to resolve it, he/she shall transfer the person concerned within a maximum of two (2) working days and inform the data subject of the situation.
b) Upon receipt of the complete claim, a legend that says "pending claim" and the reason for the claim will be included in the database within two (2) business days. Such legend must be maintained until the claim is decided.
c) The maximum term to meet the claim shall be fifteen (15) business days from the day following the date of receipt. Where it is not possible to address the claim within that term, the interested party will be informed of the reasons for the delay and the date on which his claim will be addressed, which in no case may exceed eight (8) working days following the expiration of the first term. The maximum term to respond to a request or claim will be fifteen (15) business days from the day following the date of receipt. Where it is not possible to respond to the request within said term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which his request will be met, which in no case may exceed eight (8) working days following the expiration of the first term.
Complaints to the Superintendency of Industry and Commerce:
The holder, successor or proxy must first exhaust the consultation or complaint process, before contacting the Superintendency of Industry and Commerce.
VIGENCIA AND MODIFICATIONS OF THE PERSONAL DATA PROCESSING POLICY This version of the Personal Data Processing Policy will be published on the website.
TRUCCO'S FASHION S.A.S. , disseminated this policy to its officials, collaborators, suppliers and others who have any responsibility for the processing of personal data. TRUCCO'S FASHION S.A.S.reserves the right to modify this Personal Data Processing Policy at any time. Any changes will be informed and published in a timely manner on the page www.truccos.com.co/es/ TRUCCO'S FASHION S.A.S., is committed to the timely realization of dissemination and training campaigns for the proper understanding and application of this Personal Data Processing Policy. This is the first version which begins to govern from November 04, 2020.