Privacy Policy

1.POLICY

1.1 1.1 GENERAL INFORMATION

This policy is defined in accordance with the entry into force of the Statutory Law 1581 of 2012 which aims to dictate the general provisions for the protection of personal data and develop the constitutional right of all persons to know, update and rectify the information that has been collected about them in databases or files as well as the right to information; therefore RODRIGO SAMPER & CIA, taking into account its status as responsible for the processing of personal data that assists it, formulates this policy in order to give effective compliance to such regulations and especially to pay attention to queries and complaints concerning the processing of personal data collected and handled by RODRIGO SAMPER & CIA. The right to HABEAS DATA is the right of every person to know, update and rectify the information that has been collected about him/her in files and data banks of public or private nature and guarantees all citizens the power of decision and control over their personal information. Therefore, RODRIGO SAMPER & CIA, invokes such provisions taking into account that, for the development of its corporate purpose, it is continuously collecting and carrying out various treatments to databases of clients, shareholders, suppliers, business partners and employees.

By virtue of the above, within the legal and corporate duty of RODRIGO SAMPER & CIA to protect the right to privacy of individuals, as well as the right to know, update or request information about them that is stored in databases, RODRIGO SAMPER & CIA has designed this manual for the management of personal information and databases, which describes and explains the treatment of personal information, to which it has access through our website, email address, printed information, text messages, voice messages, Apps, phone calls, face to face, physical or electronic media interactions, whether current or created in the future, as well as through third parties that engage in our business or legal relationships with all our clients, employees, suppliers, shareholders, strategic allies and other related parties.

This manual will be updated as regulations applicable to the matter are set and new provisions enter into force.

1.2 1.2 OBJECTIVE
To guarantee the confidentiality of information and security of its treatment to all clients, suppliers, employees and third parties from whom RODRIGO SAMPER & CIA has legally obtained information and personal data in accordance with the guidelines established by the law that regulates the right to Habeas Data. Likewise, through the issuance of this policy, we comply with the provisions of the Statutory Law 1581 of 2013, the Decree 1377 of 2013, and the Decree 886 of 2014.

1.3 1.3 SCOPE
This manual applies to all holders of personal information registered in any of the databases of RODRIGO SAMPER & CIA that may make them susceptible to treatment by public or private entities.

1.4 1.4 LEGAL FRAMEWORK

  • Political Constitution of Colombia, Artícle 15.
  • Law 1581 of 2012
  • Decree 1377 of 2013
  • Decree 886 of 2014

1.5 1.5 TERMS AND DEFINITIONS

  • Authorization: Prior, express and informed consent of the Data Holder for the company to carry out the processing of personal data.
  • Data holder: Natural person whose data is processed by the company
  • Database: Organized set of personal data.
  • Personal data: Any information linked to a person. Any piece of information associated with one or several determined or determinable individuals or that can be linked to a natural or legal person. Personal data can be public, semi-private or private.
  • Processing: The carrying out of any operation or set of operations on personal data, which may include its collection, storage, use, circulation or deletion.
  • Data Processor: A natural or legal person, public or private, who alone or in association with others, carries out any processing of personal data on behalf of the Data Processing Manager.
  • Data Processing Manager: Natural or legal person, public or private, who alone or in association with others, makes decisions about the database and/or the treatment of the data.
  • Public Data: Data considered as such according to the mandates of the law or the Political Constitution. This is, among others, the data contained in public documents, judicial sentences dule executed that are not subject to reservation, and everything related to the civil status of individuals.
  • Semi-Private Data: Data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owners but also to a certain sector or group of people, or to society in general, such as financial and credit data of commercial activity.
    Private data: Data that, due to its intimate or reserved nature, is only relevant for the holder.
  • Sensitive Data: Data related to racial or ethnic origin, membership in trade unions, social or human rights organizations, political orientation, religious convictions, sexual life, biometric or health data. This information may not be provided by the data holder.
  • Notice of Privacy: Printed or electronic document generated by the Data Processing Manager that is made available to the data holder with information regarding the existence of the data processing policies that will be applicable, the way to access them, and the characteristics of the intended processing of the personal data.

2. 2. AUTHORIZATION

2.1 RIGHTS THAT ALL HOLDERS OF PERSONAL DATA HAVE VIS-À-VIS THE COMPANY
All processes involving the treatment or processing by the Company of personal data of clients, suppliers, employees, and in general any third party with whom RODRIGO SAMPER & CIA has commercial and labor relations, must take into account and provide prior and express information to the Data Holders, by any means through which a record of compliance may be kept, about their rights, set out below:

  • The right to know, update, rectify, consult their personal data at any time from RODRIGO SAMPER & CIA, regarding data considered to be partial, inaccurate, incomplete, fragmented, and those that may lead to error.

  • The right to be informed by RODRIGO SAMPER & CIA, upon request of the Data Holder, about the use given to the data.

  • The right to file before the Superintendence of Industry and Commerce the complaints considered pertinent to assert their right to Habeas Data against the company.

  • The right to revoke the authorization and/or request the removal of any data when they consider that RODRIGO SAMPER & CIA has not respected their rights and constitutional guarantees.

  • The right to free of charge access to the personal data that they may voluntarily decide to share with RODRIGO SAMPER & CIA, for which the company leading the accounting and commercial process is responsible for securely and reliably preserving and archiving each of the personal data holders’ duly granted authorization forms.

  • The right to request at any time a proof of the authorization granted to RODRIGO SAMPER & CIA.

     

2.1 2.2 CASES IN WHICH RODRIGO SAMPER & CIA DOES NOT REQUIRE AUTHORIZATION FOR THE PROCESSING OF THE DATA HELD BY THE COMPANY

  • When the information is requested from the company by a public or administrative entity acting in the exercise of its legal functions or by court order.
  • When the data are of a public nature because they are not protected by the regulation’s scope of application.
  • Events of duly proven medical or sanitary urgency.
  • In those events in which it is authorized by law to comply with historical, statistical and scientific purposes.

In the case of data related to the civil registry of persons, since this information is not considered private data.

2.2 2.3 PERSONS OR ENTITIES TO WHOM RODRIGO SAMPER & CIA MAY DISCLOSE INFORMATION WITHOUT THE AUTHORIZATION OF THE DATA HOLDERS

  • To data holders, their heirs, or representatives, at any time and by any means when thus requested to RODRIGO SAMPER & CIA.
  • To the judicial or administrative entities that, in the exercise of functions, may file a requirement for the company to provide the information.
  • To third parties that may be authorized by a law of the Republic of Colombia.
  • To third parties to whom the Data Holder may give express authorization to disclose the information and whose authorization is delivered to RODRIGO SAMPER & CIA.

2.3 2.4 DUTIES OF RODRIGO SAMPER & CIA TOWARDS THE DATA HOLDERS
RODRIGO SAMPER & CIA recognizes that personal data are the property of the data holders and that only such persons may make decisions in their regard. In this sense, the company will use them exclusively for those purposes for which it may be empowered under the terms of the law, and in light of the above, it hereby reports the duties assumed by RODRIGO SAMPER & CIA in its capacity of responsible for the processing:

  • The company shall seek the means through which to obtain the data holder’s express authorization to carry out any type of processing.
  • The company shall clearly and expressly inform its clients, employees, suppliers, and third parties in general from whom it obtains databases, about the treatment to which the data will be subjected and the purpose of said treatment. To this end, the company will design the strategy through which, for each event, mechanism, or data request that is performed, it will inform the parties about the respective treatment in question. Some of these means may be, among others, the completion of hard copy forms, or through the website of RODRIGO SAMPER & CIA.
  • In all cases, the company must inform data holders about the optional nature of responding and providing the respective requested information.
  • In all cases in which data is collected, all data holders must be informed of their rights regarding their data.
  • The company must provide the identification number, physical or electronic address, and telephone number of the person or process that will be responsible for the treatment, among which the website, emails, telephone lines and offices of RODRIGO SAMPER & CIA will be included.
  • The company shall at all times guarantee to the data holder the full and effective exercise of the right to Habeas Data and the right to petition, that is, the possibility to know the information that exists or lies in the database, to request the updating or correction of data, and to submit inquiries, all of which shall be done through the consultations and claims mechanisms provided for in this manual.
  • The company shall keep the records of personal data duly and securely stored in order to avoid their deterioration, loss, alteration, unauthorized or fraudulent use, and it shall update and rectify the data periodically and in a timely fashion whenever the data holders report new information or make requests.


2.4 2.5 PURPOSES OF THE CAPTURE, USE, AND PROCESSING OF PERSONAL DATA
In the performance of the activities comprising the company’s purposes and its relationships with third parties, namely clients, shareholders, suppliers, business partners, employees, creditors, strategic allies, among others, RODRIGO SAMPER & CIA constantly collects data to carry out various purposes and uses among which the following may be included:

  • Administrative, commercial, promotional, informative, marketing and sales purposes.
  • To offer all kinds of commercial services; as well as to carry out promotional, marketing and advertising campaigns.
  • To attain a closer acquaintance with all its clients, suppliers, employees, and third parties.

In connection with the foregoing, RODRIGO SAMPER & CIA may perform the following actions:

  • Obtain, store, compile, exchange, update, collect, process, reproduce and/or dispose of the data, or partial or total information of those data holders who grant due authorization in the terms required by the law and in the formats deemed convenient for each case.
  • Classify, organize, separate the information provided by the data holder.
  • Conduct research, compare, verify, and validate the duly obtained data with credit risk centers with which it has commercial relations.
  • Extend the information obtained under the terms of the law of habeas data, to the companies with which it contracts the services of capture, storage, and management of its databases after obtaining the due authorizations for such purpose.
  • Transfer the data, or partial or total information, to its subsidiaries, businesses, companies and/or affiliated entities, and strategic allies.


2.5 2.6 THE AUTHORIZATION
In order to carry out the aforementioned purposes, RODRIGO SAMPER & CIA requires a freely granted, express and duly informed prior authorization from the data holders, and to this end it has provided suitable mechanisms to ensure that it is possible to verify that said authorization has been granted for each case. The authorization may be recorded in print or digital media, and its consultation will be also guaranteed through technological tools and the development of computer security systems.

The authorization is a statement that provides the data holder the following information:

  • The person or unit responsible for or in charge of collecting the information
  • Data collected
  • Purposes of the treatment
  • Procedure for the exercise of the right to access, correct, update or delete data
  • Information on collection of sensitive data

3. 3. DATA COLLECTED PRIOR TO THE ISSUANCE OF DECREE 1377 OF 2013
For the purpose of complying with the provisions of Article 9 of Law 1581 of 2012, those responsible for the processing of personal data shall establish mechanisms to obtain the authorization of the data holders or whoever is legitimized under the terms of the Law. These mechanisms may be predetermined through technical means that facilitate the holder’s automated display.

The authorization will be granted in writing, physically or digitally, and will be available to anyone who wants to access said authorization on the website of RODRIGO SAMPER & CIA. In no case whatsoever may the silence on the part of the data holder be considered an attitude of approval.

4. 4. PROTECTION OF PERSONAL DATA OF MINORS AND ADOLESCENTS
In accordance with the provisions set by the Statutory Law 1581 of 2012 and the Regulatory Decree 1377 of 2013, RODRIGO SAMPER & CIA assures that the processing of personal data of children and adolescents will be carried out with due respect to their rights, which is why, for the commercial and marketing activities carried out by RODRIGO SAMPER & CIA, the company must have the prior, express and informed authorization of the parent or legal representative of the child or adolescent.

5. 5. INFORMATION TECHNOLOGY (IT) SECURITY POLICIES
For RODRIGO SAMPER & CIA it is fundamental and a priority to adopt the technical, legal, human and administrative measures that may be needed to ensure the security of personal data, protect its confidentiality and integrity, and prevent unauthorized and/or fraudulent use or access. Likewise, the company has implemented internal security protocols of mandatory compliance for all personnel with access to personal data and information systems.

The internal security policies under which the data holder’s information is kept to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access, are the following:

  1. There are two types of networks in the offices; one used for local access by means of which authorized personnel can access the file server, and another one for wireless access, by which visitors can only access the Internet.
  2. We have set a domain where users can only access the information from the office computers (these have a username and password assigned according to their department). We have an entire security suite that protects and monitors both activities of the local network and Internet browsing, which has a firewall that is configured to block attacks that may affect the integrity of our clients’ information.
  3. Daily scheduled incremental backups are performed in the cloud, as well as in the file server; two weekly backups are performed every of 3 days.
  4. The computers’ USB ports are controlled by means of an application that generates passwords for each of the PCs for a limited time.

RODRIGO SAMPER & CIA guarantees that the company complies with the protection of the personal data provided by the data holders by virtue of the provisions set by law regulations regarding the right to HABEAS DATA; whereby it states:

  • The right of Habeas Data is the right of every person to know, update and rectify, free of charge, the information that has been collected about him/her in files and data banks of public or private nature.
  • Data holders may access their data at any time, modify, correct, update, revoke and request proof of the authorization granted, if so deemed, through the means established for this purpose, in written physical or digital form, or through the company’s office in the city of Bogota.
  • Data holders have the discretion to provide or not those data, freely make them available, and to raise requests regarding the use that has been given to their data.
  • For the full and effective exercise of this right by all its data holders, RODRIGO SAMPER & CIA has provided the following means through which they may submit their requests and/or complaints or claims: info@rodrigosamper.com and/or phones lines in Bogota D.C.: Land line: (601) 2182702; cell phone: (60) 311 513 9902.

6. PROCEDURE REGARDING INQUIRIES AND REQUESTS MADE BY DATA HOLDERS
All personal data holders have the right to make inquiries and submit requests to the company in regard to the handling and treatment given to their information.

ACTIVITY: DATA HOLDER´S AUTHORIZATION
Person responsible: Diana Fernandez

The Authorization Form shall be sent by e-mail or delivered in hard copy to all clients, employees, suppliers, shareholders, strategic allies, and related parties in general, before initiating any type of commercial and/or labor relationship.

Said Authorization must be filled out and signed by the data holder and delivered physically or electronically to the person in charge of accounting, who will deliver it to the person in charge of filing said document in the corresponding folder.
The Authorization Form will also be available in RODRIGO SAMPER & CIA’s web page: www.rodrigosamper.com.

In addition to the authorization, the forms will have a warning note informing the person concerned about the processing of their personal data: Client Registration R-P3-004, Supplier Registration R-P4-003 and Resume R-P7-009.

ACTIVITY: CLAIM OR PETITION FILING
Person responsible: Ricardo Ayala Torres

Any petition, complaint or claim (PCC) that is submitted to RODRIGO SAMPER & CIA by any data holder in regard to the handling and treatment given to his/her information will be resolved in accordance with the law that regulates the right to Habeas Data and will be processed in the following manner:

The petition or claim shall be made in writing, physically or digitally, addressed to RODRIGO SAMPER & CIA, with the data holder’s identification number, the description of the facts that gave rise to the claim, the address or medium through which he/she wishes to receive the response, and if applicable, accompanying supporting documents that may be asserted. In the event that the letter is incomplete, RODRIGO SAMPER & CIA will request the data holder to correct and complete it within five (5) days of receipt of the claim. After two months as of the date of the requirement, it the petitioner has not submitted the required information, it will be understood that the claim or request has been dismissed.

Once the complete petition or claim is received, RODRIGO SAMPER & CIA will include this information into the Claims and Petitions Registry within a term no longer than two (2) working days, under the status of “Claim in process”.
The petitioner will receive a response from RODRIGO SAMPER & CIA within ten (10) working days as of the date on which it acquired actual knowledge of the request.

If response to the petition is not possible within said term, the interested party will be informed of the reasons for the delay and of the date on which the request will be addressed, which in no case may exceed five (5) working days after expiration of the first term.

ACTIVITY: CONSULTATIONS
Person responsible: Ricardo Ayala Torres

The Personal Information Management Policies of RODRIGO SAMPER & CIA, and the basic rights that data holders have in this respect, may be consulted in the website www.rodrigosamper.com.

Any consultation that data holders may wish to make in regard to their information or personal data, or when they consider necessary to file a petition, claim or request for information, or consider that their rights have been violated by the use and handling of their information; may do so through the following email: info@rodrigosamper.com.

Or by directly sending a hard copy document to the offices of RODRIGO SAMPER & CIA.

ACTIVITY: DATA PROCESSING MANAGER
Person responsible: Legal Representative

RODRIGO SAMPER & CIA is responsible for the treatment of data. Through this manual, it provides the company’s identification data:

Company name: RODRIGO SAMPER & CIA – NIT:860.505.945 – 3
Main address: Calle 88 No. 22A – 08 Bogotá D.C.
Land line: (601) 2182702
Cell phone: (60)311 5139902

Person or area responsible for addressing requests, inquiries and claims: the unit responsible for receiving and channeling all requests and concerns is the Financial Department. E-mail: info@rodrigosamper.com.

ACTIVITY: DATA PROCESSOR
Person responsible: Ricardo Ayala Torres

RODRIGO SAMPER & CIA is responsible for the treatment of data. Through this manual, it provides the company’s identification data:

Company name: RODRIGO SAMPER & CIA – NIT:860.505.945 – 3
Main address: Calle 88 No. 22A – 08 Bogotá D.C.
Land line: (601) 2182702
Cell phone: (60)311 5139902

Person or area responsible for addressing requests, inquiries and claims: the unit responsible for receiving and channeling all requests and concerns is the Financial Department. E-mail: info@rodrigosamper.com.


Loading...