NEDIAR SAS, welcoming and complying with the provisions of Law 1581 of 2012 and the Regulatory Decree 1377 of 2013 and the provisions of Article 15 of our Constitution, adopts and applies this Policy for the processing of personal data. NEDIAR SAS, states that it guarantees the privacy, rights to privacy, and the good name of individuals, during the process of processing personal data, in all activities, which will have the principles of confidentiality, security, legality, access, freedom and transparency.
You agree not to disclose the information that is typed or transferred to our company, in accordance with the rules of Law 527 regulating Electronic Commerce in Colombia and Law 1581 of 2012 on the use of confidential data. With the present Policy of Treatment and Protection of Personal Data, is supplemented leaving without effect agreements and policies issued previously.
NEDIAR SAS, in order to comply with the data protection policies and obligations of Law 1581 of 2012, its Regulatory Decrees and other rules that complement, add, enrich or modify it, takes into account the following for the handling of information and personal data:
Personal information is one of the most important assets, therefore, the treatment of this information is carried out with utmost care and in compliance with the provisions of the law, guaranteeing people the full exercise and respect for their right of Habeas Data.
The information contained in the database has been obtained in the development of the activity of NEDIAR SAS, its collection has been done and will always be done in accordance with the criteria and legal regulations.
SCOPE OF THE DATA PROTECTION POLICY:
The Personal Data Protection Policy of NEDIAR SAS shall apply to all Databases and/or files containing Personal Data, which for NEDIAR SAS is subject to Processing as responsible and/or in charge of the processing of Personal Data.
The Processing of Personal Data shall be made under the terms, conditions and scope of the authorization of the Data Subject and/or in application of the special rules when there is any legal exception to do so. Any type of request, resulting from the exercise of the duties and rights enshrined in the policy, may be addressed to Cra 59 No. 24 61 of the city of Medellin, Colombia, with contact telephone (072) 5898059 and / or email firstname.lastname@example.org or email@example.com, to verify this information for Nediar.
RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
NEDIAR SAS, with headquarters at Cra 59 No. 24 61 in the city of Medellin, Colombia, with contact telephone (072) 5898059 and email electrónico:firstname.lastname@example.org, will be responsible for the processing of personal data and databases.
PURPOSE OF THE COLLECTION AND PROCESSING OF PERSONAL DATA:
The purpose of the Personal Data Protection Policy seeks to:
Implement the procedures for the collection and processing of personal data to the provisions of the law.
Generate an organized scheme to safeguard the private, semi-private, public and sensitive data of its owners.
The purpose of NEDIAR SAS with respect to the collection and processing of Personal Data with respect to:
Seeks to bring to its Users and Subscribers information and value-added benefits, which it considers useful for the exercise of product marketing.
Therefore, the User accepts that NEDIAR SAS contacts him/her through different channels such as landline, cell phone, text messages to his/her cell phone, email and social networks, to offer him/her information and benefits, providing him/her with information, benefits and offers.
This purpose specifically includes salary payments and obligations as employer of affiliations and contributions to social security and compensation funds, both of employees and their families and control of labor developments such as permits, disabilities, access control and employee working hours.
Permanent contact for request of quotations and management of commercial relations that arise, with the purpose of acquiring their products or services as inputs for the operation according to the corporate name of NEDIAR SAS.
NEDIAR SAS taking into account that all the sale of NEDIAR SAS products is via internet or direct and its delivery according to agreement by means of carriers previously agreed by the interested parties. The information provided by visitors by way of access control is recorded by the company of safety and health at work at the entrance of the facilities and following the biosafety protocols, who will review their entry form, seeking to obtain control against possible security incidents and identification of persons entering the plant or offices and facilities of NEDIAR SAS in general.
Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of personal data.
Privacy Notice: Verbal or written communication generated by the responsible party addressed to the Data Subject for the processing of his/her personal data, by means of which he/she is informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the processing that is intended to be given to the personal data.
Data Base: Organized set of personal data that is subject to Processing.
Personal data: Any information linked or that may be associated to one or several determined or determinable natural persons.
Private data: Data that, due to its intimate or reserved nature, is only relevant to the owner.
Sensitive data: Sensitive data is understood as that which affects the privacy of the Data Subject or whose improper use may generate discrimination, such as that which reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data.
Data Processor: Natural or legal person, public or private, who by himself or in association with others, performs the Processing of personal data on behalf of the Data Controller.
Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data.
Data Subject: Natural person whose personal data is the object of Processing.
Processing: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion of such data.
Terms and Conditions: general framework in which the conditions for the participants of promotional or related activities are established.
SCOPE OF APPLICATION:
The Personal Data treatment policies must be known and applied by all collaborators, employees, ares, customers and suppliers of NEDIAR SAS when applicable.
NEDIAR SAS DATABASE:
The policies and procedures apply to the Database handled by NEDIAR SAS and will be registered in accordance with the provisions of the law.
CONSULTATION OF THE POLICY:
The Personal Data Protection Policy must be announced, presented and available on the official website of NEDIAR SAS www.nediar.com, presenting easy consultation and access by the general public.
RIGHTS OF THE HOLDERS OF PERSONAL DATA:
The holders of personal data are the natural persons whose personal data are subject to Processing by NEDIAR SAS.
In accordance with the provisions of the current regulations applicable to data protection, the following are the rights of the owners of personal data, which can be exercised at any time:
Access, know, update and rectify the personal data on which NEDIAR SAS is performing the Treatment. Similarly, the holder may request at any time, that their data be updated or corrected when they find that their data is partial, incorrect, inaccurate, incomplete, incomplete, fractioned, misleading, or those whose treatment has not been authorized or is expressly prohibited.
Be informed by NEDIAR SAS, regarding the use that has been made of their personal data.
To revoke the authorization and/or request the deletion of the data when the treatment does not respect the principles, rights, and constitutional and legal guarantees.
Request proof of the authorization granted to NEDIAR SAS for the processing of data, by any valid means, except in cases where authorization is not required.
File before the Superintendence of Industry and Commerce, complaints for violations of the provisions of Law 1581 of 2012 and other rules that modify, add or complement it, after consultation or request to NEDIAR SAS.
Access and consult free of charge to their personal data subject to processing.
UPDATE, CORRECT, RECTIFY OR DELETE THE HOLDER’S DATA:
The holder of the personal data may request to NEDIAR SAS by means of the corporate mail here email@example.com of requests, that his/her processed personal data be updated, corrected, rectified or deleted, if so desired or if he/she considers that there is non-compliance with any of the duties in the General Regime for the Protection of Personal Data or in this Policy.
In order to carry out the update, correction, rectification or deletion, the Data Subject must process the request addressed to the data controller or data processor indicating:
- Full name and identification of the data subject.
- Detailed description of the facts giving rise to the request.
- Location data of the owner such as address, department, city and contact telephone number.
- Description of the procedure you wish to perform (update, correction, rectification or deletion).
- And if you consider necessary to attach documents that support the request (this point is optional).
Once the request is received from the Holder of the personal data through firstname.lastname@example.org of requests, with the points correctly filled out to process it in a manner to the person responsible or in charge of the treatment, keeping the case open in a term not exceeding five (5) working days (this data is for the consideration of commercials who are the ones who attend the request) from the date of receipt, time in which an answer and solution to the request must be given. Likewise, two (2) business days will be given to the person in charge of providing a solution (competent); if the person who receives the request is not entitled to answer it, he/she will have fifteen (15) business days from the date of receipt of the request to answer it.
If the Data Subject does not comply with the items correctly filled in to process the request addressed to the data controller or data processor, the Data Subject (interested party) will be requested to correct the requirements within the following five (5) days from the date of receipt. After fifteen (15) days from the date on which the data subject is requested to comply with the established requirements, and no response is received or the data subject insists on the wrong procedure, it will be considered as a withdrawal of the request.
If NEDIAR SAS has not been able to respond to the request within the term indicated, the Holder (interested party) will be informed, listing and detailing the reasons why it was not possible to respond to the request and notifying the date on which it will be resolved.
REVOKE THE AUTHORIZATION TO PROCESS PERSONAL DATA :
At any time the holder of the Personal Data may revoke the authorization for the processing of his Personal Data provided to NEDIAR SAS; to do so, he must manage the request addressed to the data controller or to the person in charge of the processing, detailing the purpose of his request.
The Personal Data Holder, in order to manage the revocation before NEDIAR SAS, must carry out the same steps and requirements set forth in the procedure for updating, correction, rectification or deletion of personal data.
CONSULTATIONS ON THE PROCESSING OF DATA BY ITS OWNERS:
The Holders may consult their personal information held by NEDIAR SAS, who in turn will be willing to provide all information that is linked to the identification of the Holder.
With respect to the attention of requests for consultation of Personal Data, NEDIAR SAS guarantees:
Enable electronic means of communication or others it deems relevant.
Use the requests received that is part of the customer service (SAC), through which the service is provided, generate the contacted and requests are processed.
Offer and notify the forms, systems and other contact methods.
To attend in a maximum term of fifteen (15) working days the cases of attention of the requests, which will be counted from the date of request. If it is not possible to attend it within the defined time, the interested party will be informed before its expiration, notifying the reasons for the delay and the new date on which a solution will be given. This new term shall not exceed five (5) additional working days to the initial term.
NEDIAR SAS does not publish offers in its communication channels for any position within the company, for this purpose it uses companies dedicated to finding talent, who have their tools and terms and conditions of use, which regulate the policies regarding the treatment of information entered by applicants to initiate the selection process, and manage their portals for the procurement of personnel. NEDIAR SAS, at the moment of requiring the filling of a vacancy or opening a new position, processes it through these companies, guaranteeing that the profile sought is filtered, pre-selected and presented by the companies specialized in the subject, and that the handling of personal data is the necessary and required.
NEDIAR SAS is not a company dedicated to search, locate, channel and contact potential candidates for a vacancy, therefore and if for any reason a candidate sends us his resume electronically or physically by any means of contact, NEDIAR SAS makes available to the candidate or interested party, at any time the possibility of revoking the authorization for the processing of personal data provided to NEDIAR SAS on a completely voluntary basis, managing the request addressed to the data controller or the person in charge of the same and detailing the purpose of your request.
If a candidate or interested party sends his/her resume directly to NEDIAR SAS by any means of contact, and it has not been added as a preselection in any process, the resume will be immediately removed from all NEDIAR SAS records, ensuring the protection of his/her personal data and preventing it from being used for activities or selection processes in which the candidate does not express his/her interest in participating.
The self-candidate of the Personal Data must manage the revocation before NEDIAR SAS, carrying out the same steps and requirements enshrined in the procedure for updating, correction, rectification or deletion of personal data.
CATEGORY OF DATA:
NEDIAR SAS in development of the principle of private autonomy, and in accordance with the data processed, and according to current legislation, has developed the following classification of data:
Personal Data: Set of information susceptible of being related to one or more natural persons.
Public data: Public data is all data contained in public documents, relating to the civil status of individuals, their profession or trade and their status as merchants or public servants. Public data are, for example, those contained in the citizenship card, in public records, in judicial sentences duly executed and not subject to reserve. Therefore, data that is not semi-private, private or sensitive is also public data.
Semi-private data: Data whose knowledge or disclosure is of interest to its owner and to a certain group of persons or social sector. For example, commercial or professional activity.
Private data: Data whose knowledge or disclosure, due to its intimate and reserved nature, is of interest only to its owner.
Reserved data: Data that is confidential in nature or has a high commercial value in itself.
Sensitive data: Data that affects the privacy of its owner or whose improper use may lead to discrimination. For example, those related to sexual orientation, political orientation, ethnic or racial origin, religious or philosophical convictions, participation in trade union, human rights or social groups, among others.
TREATMENT OF SENSITIVE PERSONAL DATA:
In accordance with the Personal Data Protection Law, data of a sensitive nature are considered to be those that affect privacy or whose improper use may generate discrimination.
The Processing of Personal Data of a sensitive nature is prohibited by law, except with the express, prior and informed authorization of the Data Subject, among other exceptions enshrined in Article 6 of Law 1581 of 2012. Data of a sensitive nature are those related to:
- Racial or ethnic origin.
- Political orientation.
- Religious / philosophical convictions.
- Membership in trade unions, social organizations, human rights organizations or political parties.
- Sexual life.
- Biometric data (such as fingerprint, signature and photo).
- No activity may be conditioned on the holder providing sensitive personal data.
REGULATORY AND LEGAL FRAMEWORK:
NEDIAR SAS Personal Data protection policies are governed by the following regulations internally and externally:
LAW 527 OF 1999:
Defines and regulates the access and use of data messages, electronic commerce and digital signatures, and establishes the certification entities and other provisions.
It also introduces the concept of functional equivalent, electronic signature as mechanisms of authenticity, availability and confidentiality of information.
LAW 1266 OF 2008:
Whereby the general provisions of Habeas Data are issued and the handling of information contained in personal databases is regulated, especially financial, credit, commercial, services and from third countries and other provisions are issued.
LAW 1273 OF 2009:
Law by means of which the legal property of information and personal data is created and protected. Likewise, criminal conducts such as computer damage, violation of personal data, abusive access to a computer system, interception of computer data, theft by computer means, among others, are typified.
LAW 1581 OF 2012:
Whereby general provisions are issued for the protection of personal data. General provisions for the protection of personal data.
DECREE 1377 OF 2013:
With which Law 1581 of 2012 is regulated, on aspects related to the authorization of the Holder of information for the Processing of their personal data, the Processing policies of the Controllers and Processors, the exercise of the rights of the Holders of information, the transfers of personal data and the responsibility demonstrated in front of the Processing of personal data.
DECREE 368 OF 2014:
Whereby the operations through financing systems provided for in Article 45 of Law 1480 of 2011 are regulated.
DECREE 886 OF 2014:
By which Article 25 of Law 1581 of 2012 is regulated, regarding the National Registry of Personal Data Bases, which is in charge of the Superintendence of Industry and Commerce, and where those who act as Responsible for the treatment of personal data, must register their Databases following the instructions of this decree.
FUNCTIONS OF THE PERSON RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA:
Within the functions of the person responsible for the processing of personal data, is the appointment of a person within the company that fulfills the following functions:
Ensure the development, implementation and promotion of a system to manage the risks of personal data processing.
Communicate and promote a culture of data protection within the organization.
Integrate and link all areas of NEDIAR SAS to ensure a transversal implementation of the Personal Data Protection Policies.
Verify and audit that the Actualícese Databases are registered in the National Registry of Databases, and update the report according to the instructions of the Superintendence of Industry and Commerce.
Schedule and ensure ongoing company training on personal data protection.
Analyze and diagnose the responsibilities of the positions within NEDIAR SAS, to lead the training program in the protection of personal data.
Ensure that, within the employee performance analysis process, the training and use of personal data protection is at a high level.
Conduct training and pass on the responsibility to new employees who, due to the conditions of their work, have access to the Databases.
Organize and follow up the implementation of internal audit plans to verify compliance with the policies for the treatment of personal data.
Obtain when required, the declarations of conformity of the Superintendence of Industry and Commerce.
CONFIDENTIALITY AND SECURITY OF THE DATABASE:
NEDIAR SAS will apply the best practices for the security, discretion, protection, storage and confidentiality of the Personal Data of the holders.
NEDIAR SAS will verify, where appropriate, the applicability of legal exceptions to deliver personal data to the authorities and in relevant cases.
GUARANTEES OF ACCESS TO THE HOLDER TO THE PERSONAL DATA:
NEDIAR SAS guarantees the right of access to the holder of the data, with prior accreditation of his identity, legitimacy and at no cost, to his personal data through different means, mainly electronic that allow the direct access of the holder to them. Such access must be offered without any limit and the holder must be allowed the possibility of knowing and updating them online.
UPDATING OF DATABASES:
Update the information as data is obtained, in accordance with the provisions of Law 1581 of 2012.
PROOF OF THE HOLDER’S AUTHORIZATION:
Keep the proof of the authorization granted by the holders of personal data for processing, using digital mechanisms and security rules necessary to maintain the record of the form and date. NEDIAR SAS establishes electronic repositories to safeguard the information.
REGISTRATION IN THE DATABASE REGISTRY OF THE SUPERINTENDENCE OF INDUSTRY AND COMMERCE:
NEDIAR SAS shall comply with the obligations imposed by the regulations in relation to the registration and reports to be delivered to the competent authorities. For the purposes of the registration of the Database, a procedure will be carried out taking into account the following parameters:
- Number of databases with personal information.
- Number of owners for each database.
- Detailed information of the channels or means that are foreseen to attend the owners.
- Type of personal data contained in each database, to be processed, such as: identification, location, socioeconomic, sensitive or other data.
- Physical location of the databases.
- In this regard, it will be asked whether the database is stored in its own means, for example, filing cabinets or servers (depending on whether it is a physical file or an electronic database), internal or external to the physical facilities of the data controller.
- When the processing of personal data is carried out through a data processor(s), the identification and location data of such data processor(s) shall be requested.
- Security measures and/or controls implemented in the database to minimize the risks of inappropriate use of the personal data processed.
- Information on whether there is authorization from the owners of the data contained in the databases.
- How the data is obtained (directly from the owner or through third parties).
Social networks such as Facebook and Twitter, constitute complementary platforms for the dissemination of information (communication), which are of great interconnection of users’ digital media and are not under the responsibility of NEDIAR SAS for being outside the company.
All information that users provide on social networks in which NEDIAR SAS participates, as a user does not constitute or form part of the Personal Data subject to the protection of this Policy, being the full responsibility of the company providing that platform.
PROCESSING OF COMMERCIAL DATA:
NEDIAR SAS will process the commercial data and financial information it deems necessary for the fulfillment of its corporate purpose and for any conclusion of contracts with third parties. The data of these will be treated with privacy, rights to privacy, the good name of persons, within the process of processing personal data, and during all activities that will have the principles of confidentiality, security, legality, access, freedom and transparency.
For this purpose, the signing of the Confidentiality Agreement for the delivery of Data with all suppliers is regulated.
DATA PROCESSING OF DIRECT EMPLOYEES OF THE COMPANY:
All data provided by NEDIAR SAS employees will be stored, compiled, used, shared, consulted, transmitted, exchanged and transferred, in order to comply with the obligations arising from the employment relationship and the exercise of rights as an employer.
All information relating to employees or former employees of NEDIAR SAS, will be retained in order that the Company can fulfill its obligations as an employer and exercise the rights that in that same condition correspond to it, according to Colombian labor law.
At the time of entry to NEDIAR SAS of new employees with labor contract, it is a requirement that at the time of the beginning of their assigned work, they state that they know, accept and apply the Personal Data Protection Policies.
To terminate the process of linking a new employee in NEDIAR SAS, it is necessary to guarantee from the employee the signature and acceptance of this policy.
NEDIAR SAS informs its employees and visitors about the existence of security mechanisms, by means of notification in video surveillance notices in visible places.
NEDIAR SAS has a video surveillance system through fixed cameras, installed in strategic locations inside its offices and facilities, which is established in the rights of data processing for employees and individuals. The information collected will only be used for security purposes of employees, natural persons, goods and assets contained therein. Such information may be used as evidence at any time it is required, before any authority, official or private organization that requests it.
The files obtained from the video surveillance are stored in a system that has security conditions with all the necessary rigor for such purpose and only the administrative area staff has access, in whose linkage the confidentiality agreement was signed.
VALIDITY OF THE POLICY:
This policy is effective as of the date of its publication and leaves without effect any other institutional provisions that are contrary to it. Any information not contemplated in this policy shall be regulated in accordance with the General Regime for the Protection of Personal Data in force in Colombia.
The updating of the Personal Data Protection Policy will depend on the instructions and guidelines of the General Management of NEDIAR SAS, as well as the regulatory extensions of the surveillance and control entity, the Superintendence of Industry and Commerce.
If you have any additional questions, please write to us at email@example.com and we will respond as soon as possible.