DATA PROCESSING POLICIES DATA BASE WEB PAGE.
The company TRUCCO'S FASHION S.A.S. domiciled in the city of Medellín, with address in Carrera 56 No 46-49 Local 902, Medellín, Antioquia, electronic address www.truccosjeans.com and contact telephone number 4-5120440, and identified with Nit 811.038.011-8, henceforth the company, with a view to protecting and ensuring the holders of personal data a proper treatment of their personal information and complying with the stipulations set forth in Law 1581 of 2012, Decree 1377 of 2013 and Decree 1074 of 2015 , proceeds to issue the following information processing policy. The main purpose of this policy is to inform the holders of personal data, the rights that assist them, the procedures and mechanisms provided by the company to make these rights effective and to make them aware of the scope and purpose of the treatment to which they will be submitted the personal data.
TREATMENT AND PURPOSES The registered database is managed by the section in charge within the company for the management of the website and the purpose for which the information was collected is to establish an effective communication with the owners of the website. information interested in being distributors of the garments owned by the company and in which the owners require information from the sales consultants related to the process of marketing and wholesaling. Likewise, those responsible, managers or third parties who have access to personal data by virtue of law or contract or who may have it, will maintain the treatment within the following purposes:
Manage all the information necessary for compliance with the obligations with the holders of the information. Comply with the internal processes of the company in terms of administration of the website. Comply with the contracts that can be concluded with the users. The process of filing, updating systems, protection and custody of information and databases of the website.
Processes within the company, for development or operational purposes and / or systems administration. The transmission of data to third parties with whom contracts have been entered into for this purpose, for commercial, administrative, marketing and / or operational purposes, including, but not limited to the issuance of cards, personalized certificates and certifications to third parties, in accordance with the legal provisions in force. Maintain and process by computer or other means, any type of information related to the registration of the database.
The other purposes determined by those responsible in processes for obtaining personal data for processing, which are communicated to the owners at the time of the collection of personal data, in order to comply with legal and regulatory obligations, as well as of company policies.
For the following information treatment policy, the parameters established in Law 1581 of 2012 will be taken into account in which the general provisions for data protection are dictated and the definitions provided by it will be taken into account, seeking to grant a more complete protection of the personal data that the database has:
"Article 3 °. Definitions. For the purposes of this law, it is understood as:
Authorization: prior, express and informed consent of the owner to carry out the processing of personal data; Database: organized set of personal data that is subject to treatment; Personal Data: any information linked to or associated with one or several natural persons determined or determinable; Responsible for the Treatment: natural or legal person, public or private, that by itself or in association with others, perform the processing of personal data on behalf of the controller; Responsible for the Treatment: natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data; Owner: natural person whose personal data are subject to treatment; Treatment: any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion "
The company, in the development of its commercial activities will collect, use, store, transmit and perform various operations on the personal data of the owners. In all processing of personal data made by the company, those responsible, in charge and / or third parties to whom personal data are transferred must comply with the principles and rules established in the Law and in this Policy, in order to guarantee the right to ho habeas data from the owners and comply with the obligations of law that the company has. The principles that must be taken into account when carrying out a treatment:
Legality in data processing: The company will be subject to the provisions of the law and the provisions that regulate it.
Purpose: Any activity of personal data processing carried out by the company will comply with the purposes mentioned in this policy or in the authorization granted by the owner of the personal data, or in the specific documents where each type or process of data processing is regulated. personal The purpose of the treatment of a personal data must be informed to the owner of the personal data at the time of obtaining authorization. Personal data can not be processed outside of the purposes informed and consented to by the data owners. The purpose with which the personal data was collected obeys a legitimate purpose according to the constitution and the law.
Freedom: The processing of personal data that the company performs is done with prior authorization by the owner or taking into account the causes that reveal the consent of the owner and that are enshrined in the law.
Veracity or quality of the data: The personal data submitted to treatment must be true, complete, accurate, updated, verifiable and understandable. The company does not treat personal data that are partially, fractioned and that their treatment may lead to an error that may harm the owner of the information treatment, when these cases are presented, the company will request the holder the correction and necessary update so that this situation does not continue to occur, in case of not being able to update the information, the company will refrain from processing this data.
Transparency: Upon request of the owner, the company must provide a solution to the request raised by the owner on the information stored in the database. The response to this request will be carried out by the privacy officer directly. The agency in charge of processing the information will accompany the response process when necessary.
Restricted access and circulation: Personal data can only be processed by company personnel who have authorization to do so, or who, within their duties, are in charge of carrying out such activities and have been authorized by the company. Personal data can not be given to those who do not have authorization or have not been authorized by the company to carry out the treatment.
Temporary: The company as a rule will not use the information of the owner beyond the reasonable term required by the purpose that was informed to the owner of the personal data.
Paragraph. In the cases that there is special legislation on the subject, the information will be kept the term that the special law indicates.
Restricted access: except for the expressly authorized data: The company can not make personal data available for access through the Internet or other mass media, unless technical and security measures are established to control access and restrict it only to authorized people. Security: The company must always carry out the processing of the information providing the technical, human and administrative measures that are necessary to maintain the confidentiality of the data and to prevent it from being adulterated, modified, consulted, used, accessed, eliminated, or known by unauthorized persons or by authorized and unauthorized persons in a fraudulent manner, or that personal data is lost. Any new project that involves the processing of personal data, should be consulted this treatment policy, to ensure compliance with this rule.
Confidentiality and subsequent treatment: Any personal data that is not public data should be treated by the responsible as confidential, even when the contractual relationship or the link between the owner of the personal data and the company has ended. Upon termination of such link, such personal data must continue to be treated in accordance with this policy and the law.
Individuality: The company will maintain separately the databases in which it has the quality of manager or that could become one, of the databases in which it acts as a responsible person.
RIGHTS OF THE PERSONAL DATA HOLDER.
According to the law, the holders of personal data have the following rights:
Know, update and rectify your personal data in front of the company or those responsible for their treatment. This right may also be exercised in the face of partial, inaccurate, incomplete, and fractional data that induce error, or those whose treatment is expressly prohibited or has not been authorized.
Request proof of the authorization granted to the company, except in cases where the law indicates that authorization is not needed for the treatment of said information.
Submit applications to the company or the person in charge of the treatment regarding the use that has been given to your personal data, and to that they give you such information.
Submit complaints to the Superintendency of Industry and Commerce for infractions of the Law.
Revoke freely your authorization and / or request the deletion of your personal data from the databases of the company or when the Superintendence of Industry and Commerce has determined through a final administrative act that in the treatment the company or the processor has incurred in conduct contrary to the law or when there is no legal or contractual obligation to keep the personal data in the database of the person responsible.
Request access and access for free to your personal data that have been subject to treatment in accordance with article 21 of Decree 1377 of 2013.
Know the modifications to the terms of this policy in a previous and efficient way to the implementation of the new modifications or, failing that, of the new information treatment policy.
Have easy access to the text of this policy and its modifications.
Access in an easy and simple way to the personal data that are under the control of the company to effectively exercise the rights that the law grants to the holders.
Know the agency or person authorized by the company against whom you can submit complaints, queries, claims and any other request about your personal data.
The holders may exercise their rights of law and perform the procedures established in this policy, by presenting their citizenship card or original identification document. In case of having personal data of minors, they may exercise their rights personally, or through their parents or adults who have custody, who must prove it through the relevant documentation. Likewise, the rights of the owner may be exercised by the successors in title, the representative and / or agent of the holder with the corresponding accreditation and those who have made a stipulation in favor of another or for another.
The company has appointed JUAN DAVID CASTAÑO GAVIRIA as the privacy officer, who will now be responsible for receiving and answering the petitions, complaints, complaints and queries that the owners of the information have about the treatment of their information. Among the functions that the privacy officer has are the following without being a list of its functions, which may increase in favor of the protection of the rights of the owners of the information.
Receive the requests of the holders of personal data, process and respond to those that are based on the law or these policies, such as: requests to update personal data; requests to know personal data; requests for deletion of personal data when the owner freely requests the deletion or when the owner submits a copy of the decision of the Superintendence of Industry and Commerce in accordance with the provisions of the law, requests for information on the use given to their data personal, requests to update personal data, requests for proof of the authorization granted, when she has proceeded according to law.
Respond to the holders of personal data about those requests that do not proceed in accordance with the law.
Serve as a link between regulatory organizations in relation to privacy, confidentiality and information security, in this case the Superintendency of Industry and Commerce.
Conduct periodic evaluations of compliance with privacy, confidentiality and security policies.
Comply with the legal obligations that are dictated in the rules on the treatment of personal data, especially what is enshrined in Law 1581 of 2016 and its regulatory decrees.
Guide the company's personnel on the subject of information treatment and privacy of the same.
Control and verify access to personal data within the company.
The contact details of the privacy officer are the following:
Physical Address: Carrera 56 No. 46 49 local 902 Medellín, Antioquia.
Electronic address: firstname.lastname@example.org
Position of the contact person: Marketing Assistant.
PROCEDURES TO EXERCISE THE RIGHTS OF THE PERSONAL DATA HOLDERS:
The company will have mechanisms pThat the owner, his successors in title, his representatives and / or attorneys-in-fact, those who have been stipulated in favor of another or for another, and / or the representatives of incumbent minors, make inquiries regarding the personal data of the holder that rest in the databases of the company. These mechanisms may be physical, such as window processing at the address
Carrera 56 No. 46-49 local 902 Medellín, Antioquia;
electronic mail through the mail email@example.com or by telephone in the service line 4-5120440, where they will be in charge of receiving the requests, complaints and claims.
Whatever the means, the company will keep proof of the query and its response.
If the applicant has the capacity to formulate the consultation, in accordance with the accreditation criteria established in Law 1581 of 2012 and Decree 1377 of 2013, the company will collect all the information about the owner that is contained in the individual record of that person or that is linked to the identification of the owner within the databases of the company and will make it known to the applicant.
The Responsible for attending the query will respond to the applicant as long as he has the right to do so because he is the owner of the personal data, his successor, agent, representative, has been stipulated by another or for another, or is the legal responsible in the case of minors. This response will be sent within ten (10) business days from the date on which the request was received by the company.
In the event that the request can not be attended to ten (10) business days, the applicant will be contacted to inform him of the reasons why the status of his application is pending. For this purpose, the same means or one similar to that used by the owner to communicate his request will be used. Case in which the term to answer will be extended five (05) days more.
The final response to all requests will not take more than fifteen (15) business days from the date on which the initial request was received by the company.
The company has mechanisms so that the owner, his successors in title, representative and / or agents, those who stipulated by another or for another, and / or the representatives of incumbent minors, make claims regarding the personal data processed by the company which must be subject to correction, updating or deletion, or the alleged breach of the duties of law of the company. These mechanisms may be physical as a window process at Carrera 56 No. 46 49 local 902 Medellín, Antioquia; electronic through the mail firstname.lastname@example.org or by telephone in the service line 4-5120440, responsible for receiving the requests, complaints and claims on the phones.
The claim must be presented by the owner, his successors or representatives or accredited in accordance with Law 1581 and Decree 1377, as follows:
You must go to JUAN DAVID CASTAÑO GAVIRIA by electronic mail to the email address email@example.com; physically to the address Carrera 56 No. 46 49 local 902 Medellín, Antioquia; or by telephone on the service line 4-5120440.
It must contain the name and identification document of the owner.
It must contain a description of the facts that give rise to the claim and the objective pursued (update, correction or deletion, or compliance with duties).
You must indicate the address and contact information and identification of the claimant.
It must be accompanied by all the documentation that the claimant wants to enforce.
The company before attending the claim will verify the identity of the owner of the personal data, its representative and / or attorney, or the accreditation that there was a stipulation by another or another. For this purpose, it can demand the citizenship card or the original identification document of the holder, and the special or general powers or documents that are required as the case may be.
If the claim or additional documentation is incomplete, the company will require the claimant only once within five (5) days after the receipt of the claim to correct the faults. If the claimant does not submit the required documentation and information within two (2) months following the date of the initial claim, it will be understood that the claim has been abandoned.
If for any reason the person receiving the claim within the company is not competent to resolve it, it will transfer it to the privacy officer within two (2) business days after receiving the claim, and will inform the claimant of said referral. .
Once the claim with the complete documentation has been received, a legend that says "claim in process" and the reason thereof will be included in the database of the company where the data of the holder subject to the complaint rests. to two (2) business days. This legend must be maintained until the claim is decided.
The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to meet the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first finished.
This Policy applies from the six (06) day of October 2016. The personal data that are stored, used or transmitted will remain in our database, based on the criterion of temporality and necessity, during the time necessary for The purposes mentioned in this policy, for which they were collected.