Personal data protection policy

1. SCOPE

This Personal Data Protection Policy will apply to all Databases and/or Files that contain Personal Data that are subject to Processing by Onparle SAS identified with NIT 901057632-9, considered responsible and/or in charge of the processing of Personal Data, (hereinafter THE COMPANY).

3. DEFINITIONS

  • Content: prior, express and informed consent of the Owner to carry out the Processing of Personal Data.

  • Use Policy: verbal or written communication generated by the Controller, addressed to the Owner for the Processing of their Personal Data, through which they are informed about the existence of the Information Processing Policies that will be applicable to them, the way to access them. and the purposes of the Treatment that is intended to be given to personal data.

  • Databases: organized set of Personal Data that is subject to Processing.

  • Personal Data: cAny information linked or that can be associated with one or more specific or determinable natural persons.

  • Treatment Manager: natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller. In events in which the Controller does not act as Data Base Manager, it will be expressly identified who will be the Manager.

  • Data controller: natural or legal person, public or private, who alone or in association with others, decides on the Database and/or the Processing of the data.

  • Terms and conditions: general framework in which the conditions are established for participants in promotional or related activities.

  • Sensitive Personal Data: natural person whose Personal Data is the subject of Processing.

  • Treatment: any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.

  • Transfer: the transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is located inside or outside the country.

  • Transfer: processing of Personal Data that involves the communication thereof within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of the Controller.

4. TREATMENT

THE COMPANY, acting as Responsible for the Processing of Personal Data, for the proper development of its commercial activities, as well as for the strengthening of its relationships with third parties, collects, stores, uses, circulates and deletes Personal Data corresponding to natural persons with who has or has had a relationship, such as, without the enumeration meaning limitation, workers and their families, shareholders, consumers, clients, distributors, suppliers, creditors and debtors.

5. PURPOSE

Personal Data is processed by THE COMPANY for the following purposes:

5.1. To send information to your workers, students and family members;

5.2. For the recognition, protection and exercise of the rights of the shareholders of THE COMPANY;

5.4. To strengthen relationships with its consumers and clients, by sending relevant information, taking orders and addressing Requests, Complaints and Claims (PQR's) by the customer service area, evaluating the quality of its customer service and invitation to events organized or sponsored by THE COMPANY, among others;

5.5. To consolidate a timely and quality supply with its Suppliers, through the invitation to participate in selection processes, the evaluation of compliance with their obligations and the invitation to events organized or sponsored by THE COMPANY, among others;

5.6. For verification of balances of your creditors;

5.7. For the determination of pending obligations, the consultation of financial information and credit history and the report to information centers of unfulfilled obligations, with respect to its debtors;

5.8. To improve, promote and develop its services and those of its related companies worldwide;

5.9. For marketing, statistical, research activities and other commercial purposes that do not contravene current legislation in Colombia;

5.10. For the attention of judicial or administrative requirements and compliance with judicial or legal mandates;

5.11. To eventually contact, via email, or by any other means, natural persons with whom you have or have had a relationship, such as, without the list being limited, workers and their families, shareholders, consumers, clients, distributors, suppliers. , creditors and debtors, for the aforementioned purposes.

RIGHTS OF THE HOLDERS OF PERSONAL DATA

Natural persons whose Personal Data is processed by THE COMPANY have the following rights, which they can exercise at any time:

6.1. Know the Personal Data on which THE COMPANY is carrying out the Treatment. Likewise, the Owner may request at any time that their data be updated or rectified, for example, if they find that their data is partial, inaccurate, incomplete, fragmented, misleading, or those whose Processing is expressly prohibited or not. has been authorized.

6.2. Request proof of the authorization granted to THE COMPANY for the Processing of your Personal Data.

6.3. Be informed by THE COMPANY, upon request, regarding the use that it has given to your Personal Data.

6.4. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of the Personal Data Protection Law.

6.5. Request THE COMPANY to delete your Personal Data and/or revoke the authorization granted for the Treatment thereof, by submitting a claim, in accordance with the procedures established in section 11 of this Policy. However, the request for deletion of the information and the revocation of the authorization will not proceed when the Owner of the information has a legal or contractual duty to remain in the Database and/or Files, nor while the relationship between the Owner and THE COMPANY, by virtue of which their data was collected.

6.6. Free access to your Personal Data subject to Processing.

7. AREA RESPONSIBLE FOR THE IMPLEMENTATION AND ENFORCEMENT OF THIS POLICY

Onparle. is in charge of the work of development, implementation, training and observance of this Policy. For this purpose, all officials who carry out the Processing of Personal Data in the different areas of THE COMPANY are obliged to report these Databases to the legal representative and immediately transfer all requests, complaints or claims to the latter. that they receive from the Holders of Personal Data.

8. AUTHORIZATION

THE COMPANY must request prior, express and informed authorization from the Owners of the Personal Data on which the Treatment is required.

8.1. Prior authorization means that consent must be granted by the Owner, no later than at the time of collection of the Personal Data.

8.2. Express authorization means that the Owner's consent must be explicit and specific; open and non-specific authorizations are not valid. The Owner is required to express his/her willingness to authorize THE COMPANY to process his/her Personal Data.

This manifestation of the Owner's will may occur through different mechanisms made available by THE COMPANY, such as:

  • In writing, for example, by filling out an authorization form such as the one indicated in Annex 1.

  • Orally, for example, in a telephone conversation or video conference.

  • Through unequivocal conduct that allows us to conclude that you have granted your authorization, for example, through your express acceptance of the Terms and Conditions of an activity within which the authorization of the participants is required for the Processing of their Personal Data.

IMPORTANT: In no case will THE COMPANY assimilate the Owner's silence to unequivocal conduct.

Whatever the mechanism used by THE COMPANY, it is necessary that the authorization be preserved so that it can be consulted later.

8.3. Informed Authorization means that when requesting consent from the Owner, they must be clearly informed:

  • The Personal Data that will be collected.

  • The identification and contact information of the Controller and the Data Processor.

  • The specific purposes of the Treatment that is intended to be carried out, that is: how and for what purpose the collection, use, circulation of Personal Data will be carried out.

  • What are the rights you have as the Owner of Personal Data; For this purpose, see section 6 of this Policy.

  • The optional nature of the response to the questions asked, when they relate to sensitive data or the data of children and adolescents.

9. SPECIAL PROVISIONS FOR THE PROCESSING OF PERSONAL DATA OF A SENSITIVE NATURE.

In accordance with the Personal Data Protection Law, data of a sensitive nature is considered data that affects privacy or whose improper use can generate discrimination, such as data related to:

  • Racial or ethnic origin.

  • Political orientation.

  • Religious/philosophical convictions.

  • Membership in unions, social organizations, human rights organizations or political parties.

  • Health.

  • Sex life.

  • Biometric data (such as fingerprint, signature and photo).

The Processing of Personal Data of a sensitive nature is prohibited by law, unless there is express, prior and informed authorization from the Owner, among other exceptions enshrined in Article 6 of Law 1581 of 2012.

In this case, in addition to complying with the requirements established for authorization, THE COMPANY must:

  • Inform the Owner that since it is sensitive data, he is not obliged to authorize its Treatment.

  • Inform the Owner which of the data that will be processed is sensitive and the purpose of the Treatment.

IMPORTANT: No activity may be conditioned on the Owner providing sensitive Personal Data.

10. SPECIAL PROVISIONS FOR THE PROCESSING OF PERSONAL DATA OF CHILDREN AND ADOLESCENTS

According to the provisions of Article 7 of Law 1581 of 2012 and Article 12 of Decree 1377 of 2013, THE COMPANY will only carry out the Treatment, that is, the collection, storage, use, circulation and/or deletion of Personal Data corresponding to children and adolescents, as long as this Treatment responds to and respects the best interests of children and adolescents and ensures respect for their fundamental rights.

Once the above requirements have been met, THE COMPANY must obtain the Authorization of the legal representative of the child or adolescent, prior to the minor's exercise of his or her right to be heard, an opinion that will be valued taking into account maturity, autonomy and ability to understand the matter.

11. PROCEDURE FOR ATTENTION AND RESPONSE TO REQUESTS, QUERIES, COMPLAINTS AND CLAIMS FROM PERSONAL DATA HOLDERS

The Holders of the Personal Data that are being collected, stored, used, put into circulation by THE COMPANY, may exercise at any time their rights to know, update, rectify and delete information and revoke the authorization.

For this purpose, the following procedure will be followed, in accordance with the Personal Data Protection Law:

11.1.ATTENTION AND RESPONSE TO REQUESTS AND QUERIES:

What does the procedure consist of?

The Owner or his successors may request THE COMPANY, through the means indicated below:

  • Information about the Personal Data of the Owner that is subject to Processing.

  • Request proof of the authorization granted to THE COMPANY for the Processing of your Personal Data.

  • Information regarding the use that has been given by THE COMPANY to your personal data.

Means enabled for the presentation of requests and queries:

THE COMPANY has established the following means for receiving and responding to requests and queries, all of which allow proof of them to be preserved:

  • Direct mail to: Av Alberto Mendoza 89-64 Casa 26, Manizales, Caldas

  • Cell phones: +57 318 317 4287 / WHATSAPP +57 310 242 7646.

  • Request submitted to email: contacto@onparle.net

Attention and response from THE COMPANY:

Requests and queries will be responded to within a maximum period of ten (10) business days from the date of receipt thereof. When it is not possible to attend to the request or query within said term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which their request or query will be attended to, which in no case may exceed five (5). business days following the expiration of the first term.

11.2.ATTENTION AND RESPONSE TO COMPLAINTS AND CLAIMS:

What does the procedure consist of?

The Owner or his successors may request THE COMPANY, through a complaint or claim submitted through the channels indicated below:

  • The correction or updating of the information.

  • The deletion of your Personal Data or the revocation of the authorization granted for the Treatment thereof.

  • That the alleged non-compliance with any of the duties contained in the Personal Data Protection Law be corrected or corrected.

The request must contain a description of the facts that give rise to the complaint or claim, the address and contact information of the applicant, and must be accompanied by the documents that you wish to assert.

Means enabled for the presentation of complaints and claims:

THE COMPANY has established the following means for the reception and attention of complaints and claims, all of which allow proof of their presentation to be preserved:

  • Direct mail to: AV Alberto Mendoza #89-64 PASEO DEL BOSQUE CASA 26, Manizales, Caldas, Colombia

  • Cell phones: +57 310 242 7646 / WHATSAPP +57 310 242 7646.

  • Request submitted to email: contacto@onparle.net

Attention and response from THE COMPANY:

If the complaint or claim is presented incomplete, THE COMPANY must require the interested party within five (5) days following receipt of the complaint or claim to correct the deficiencies. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that he or she has withdrawn from the complaint or claim.

In the event that the person who receives the complaint or claim is not competent to resolve it, they will forward it to the Legal Division of Onparle SAS, within a maximum period of two (2) business days and will inform the interested party of the situation.

Once the complete complaint or claim is received, a legend that says “claim in process” and the reason for it will be included in the Database within a period of no more than two (2) business days. Said legend must be maintained until the complaint or claim is decided.

The maximum term to address the complaint or claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address the complaint or claim within said term, the interested party will be informed of the reasons for the delay and the date on which the complaint or claim will be addressed, which in no case may exceed eight (8) days. business days following the expiration of the first term.

12. INFORMATION OBTAINED PASSIVELY

When you access or use the services contained within THE COMPANY's websites, the COMPANY may collect information passively through information management technologies, such as "cookies", through which information about the company is collected. of the computer hardware and software, IP address, browser type, operating system, domain name, access time and the addresses of the referring websites; Through the use of these tools, Personal Data is not directly collected from users. Information will also be collected about the pages that the person visits most frequently on these websites in order to understand their browsing habits. However, the user of THE COMPANY's websites has the possibility of configuring the operation of the "cookies", according to the options of their internet browser.

13. SECURITY OF PERSONAL DATA

THE COMPANY, in strict application of the Principle of Security in the Processing of Personal Data, will provide the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access. The obligation and responsibility of THE COMPANY is limited to having the appropriate means for this purpose. THE COMPANY does not guarantee the total security of your information nor is it responsible for any consequence derived from technical failures or improper entry by third parties into the Database or File in which the Personal Data subject to Processing by THE COMPANY resides. and their Managers. THE COMPANY will require the service providers it contracts to adopt and comply with the appropriate technical, human and administrative measures for the protection of Personal Data in relation to which said providers act as Processors.

14. TRANSFER, TRANSMISSION AND DISCLOSURE OF PERSONAL DATA

THE COMPANY may disclose to its related companies worldwide, the Personal Data on which it carries out the Treatment, for its use and Treatment in accordance with this Personal Data Protection Policy.

Likewise, THE COMPANY may deliver Personal Data to third parties not linked to THE COMPANY when: a. These are contractors in the execution of contracts for the development of THE COMPANY's activities; b. By transfer to any title of any line of business to which the information relates.

In any case, in the contracts for the transmission of Personal Data, which are signed between THE COMPANY and the Persons in Charge of the Processing of Personal Data, it will be required that the information be treated in accordance with this Personal Data Protection Policy and the following will be included. obligations on the head of the respective Manager:

  • Treatment, on behalf of THE COMPANY, of Personal Data in accordance with the principles that protect them.

  • Safeguard the security of databases containing Personal Data.

  • Maintain confidentiality regarding the Processing of Personal Data.

15. APPLICABLE LEGISLATION

This Personal Data Protection Policy, the Privacy Notice and the Authorization Form that is part of this Policy as Annex 1, are governed by the provisions of current legislation on the protection of Personal Data referred to in Article 15. of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013, Decree 1727 of 2009 and other regulations that modify, repeal or replace them.

16. Comments

When visitors leave comments on the web, we collect the data that is displayed in the comments form, as well as the visitor's IP address and the browser's user agent chain to help detect spam.

An anonymous string created from your email address (also called hash) can be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After the approval of your comment, the image of your profile is visible to the public in the context of your comment.

17. Media

Suggested text: If you upload images to the web, you should avoid uploading images with location data (GPS EXIF) included. Web visitors can download and extract any location data from web images.

18. Cookies

If you leave a comment on our site you can choose to save your name, email address and web in cookies. This is for your convenience, so you do not have to re-fill your data when you leave another comment. These cookies will last one year.

If you have an account and you connect to this site, we will install a temporary cookie to determine if your browser accepts cookies. This cookie does not contain personal data and is deleted when the browser is closed.

When you log in, we will also install several cookies to save your access information and your screen display options. Access cookies last for two days, and screen options cookies last for one year. If you select "Remember me", your access will last for two weeks. If you log out of your account, the access cookies will be deleted.

19. Embedded content from other websites

Articles on this site may include embedded content (for example, videos, images, articles, etc.). The embedded content of other websites behaves in exactly the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are connected to that website.

20. Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

21. How long do we keep your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is done so that we can recognize and approve successive comments automatically, instead of keeping them in a moderation queue.

Of the users who register on our website (if any), we also store the personal information they provide in their user profile. All users can view, edit or delete their personal information at any time (with the exception that they can not change their username). Web administrators can also view and edit that information.

22. What rights do you have over your data

If you have an account or have left comments on this website, you can request to receive an export file of the personal data we have about you, including any data that you have provided. You can also request that we delete any personal information we have about you. This does not include any data that we are required to keep for administrative, legal or security purposes.

23. Where your data is sent

Visitor comments may be reviewed by an automatic spam detection service.

24. VALIDITY

This Personal Data Protection Policy was updated on 2024-02-17.