FOR YOUR INFORMATION
PERSONAL DATA TREATMENT POLICY
This Personal Data Treatment Policy aims to regulate the collection, storage, use, circulation and suppression of Personal Data in ARQUITECTURA D1_D1, providing tools that guarantee the authenticity, confidentiality and integrity of the information in order to comply with Law 1581 of 2012, Decree 1377 of 2013 and other regulations that repeal, modify or complement them.
1. Scope
This Policy will apply to all Databases and/or Files that contain confidential information of natural or legal persons with whom ARQUITECTURA D1_D1 relates, such as customers, suppliers, employees or other parties interested in the core activity of the organization.
2. Terms
The following terms allow more clarity for understanding this document:
-
Files: Set of documents kept by the company containing personal information regulated by law.
-
Authorization: Prior, express, and informed consent on the part of the Data Subject to carry out personal information processing.
-
Privacy Notice: Verbal or written communication generated by the data controller and addressed to the Data Subject for processing his or her personal data, to inform the Data Subject regarding the existence of data processing policies that will be applicable to him, the manner for accessing them, and the purposes of the processing that will be done of the personal data.
-
Database: An organized collection of personal information that will be processed.
-
Client: Natural or legal person, public or private, with whom ARQUITECTURA D1_D1 has a business relationship.
-
Personal Data: Any information relating to or that can be associated with one or several natural persons identified or identifiable.
-
Sensitive Data: Sensitive data refers to data that has an impact on the privacy of the Data Subject and that, when used inappropriately, can generate discrimination. This includes data that reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, or human rights organizations, or that promotes the interests of any political party, or that guarantee the rights and guarantees for opposition political parties, as well as data connected with health, sexual activity, and biometric data.
-
Data Processor: The natural or legal person, public or private, that on his own or in association with others, processes the personal information for the Data Controller.
-
Supplier: Natural or legal person that supplies goods and services to ARQUITECTURA D1_D1.
-
Grievance: Request from the Data Subject or the people authorized by it or by law to correct, update or delete their Personal Data or to revoke the authorization in the cases established by law.
-
Data Controller: the natural or legal person, public or private, that on his own or in association with others, makes decisions regarding the database and/or the data processing.
-
Third Party: Any natural person or legal entity other than the persons belonging to ARCHITECTURE D1_D1.
-
Data Subject: natural person whose personal data is the object of processing.
-
Transfer: Data transfer takes place when the Data Controller and/or Data Processor in charge of processing the personal information, located in Colombia, sends the personal information or data to a recipient, which in turn is a data controller and is located inside or outside of the country.
-
Transmission: Personal data processing that implies the communication of that information inside or outside of the territory of the Republic of Colombia, when its purpose is processing by the Data Processor on behalf of the Data Controller.
-
Treatment: Any operation or set of operations on Personal Data such as collection, storage, use, circulation or deletion.
3. Principles applicable to the Processing of Personal Data
The following principles constitute the rules to be followed in the collection, handling, use, treatment, storage and exchange of Personal Data:
-
Legality: The Processing of Personal Data will be carried out in accordance with applicable legal provisions (Statutory Law 1581 of 2012 and its regulatory decrees).
-
Purpose: The Personal Data collected will be used for a specific and explicit purpose which must be informed to the Data Subject or allowed by law. The Data Subject will be clearly, sufficiently and previously informed about the purpose of the information provided.
-
Freedom: The collection of Personal Data can only be exercised with the prior, express and informed authorization of the Data Subject.
-
Accuracy: The information subject to the Processing of Personal Data must be truthful, complete, exact, updated, verifiable and understandable.
-
Transparency: In the Processing of Personal Data the right of the Data Subject to obtain at any time and without restrictions is guaranteed.
-
Security: The Personal Data subject to treatment will be handled adopting all the security measures that are necessary to avoid its loss, adulteration, consultation, use or unauthorized or fraudulent access.
-
Confidentiality: All the officials who work in ARQUITECTURA D1_D1 are obliged to keep confidentiality of the personal information to which they have access when they work in ARQUITECTURA D1_D1.
4. Purposes in the Processing of Personal Data
Next, the purposes for which ARQUITECTURA D1_D1 will use confidential data on the different interested parties will be described:
4.1. Purposes with clients
-
Compliance with obligations contracted with ARQUITECTURA D1_D1.
-
Sending information about the services offered by ARQUITECTURA D1_D1.
-
Allow ARQUITECTURA D1_D1 clients, with whom it has entered into contracts, to contact the Data Subject for the purpose of offering new services.
-
Control access to ARQUITECTURA D1_D1 offices and establish security measures, including the establishment of video-monitored areas.
-
Use of information registered on the website, e-mail marketing and other forms originated for the first contact with the client.
4.2. Purposes with collaborators
-
Manage and operate the personnel selection and recruitment processes, including the evaluation and qualification of the participants and the verification of work and personal references.
-
Develop the activities of Human Resources management within ARQUITECTURA D1_D1, such as payroll, affiliations to entities of the General Social Security System, activities of well-being and safety and health at work.
-
Make the necessary payments derived from the execution of the employment contract and/or its termination, and the other social benefits that may arise in accordance with the applicable law.
-
Contract benefits with third parties, such as life insurance, among others.
-
Notify authorized contacts in case of emergencies during business hours.
-
Employee access to the employer's computer resources and support for their use.
-
Business activities.
4.3. Purposes with suppliers
-
Perform the registration in the ARQUITECTURA D1_D1 systems.
-
Supplier evaluations.
-
Process payments and verify pending accounts.
5. Processing of Sensitive Personal Data
The Data classified as Sensitive may be used and processed when:
-
The Data Subject has given their explicit authorization to said Treatment, except in cases where, by law, the granting of said authorization is not required.
-
The Treatment is necessary to safeguard the vital interest of the Data Subject and he is physically or legally incapacitated. In these events, the legal representatives must grant their authorization.
-
The Treatment refers to data that is necessary for the recognition, exercise or defense of a right in a judicial process.
6. Processing of Personal Data of children and adolescents
Minors are Data Subjects of their Personal Data and therefore bearers of the corresponding rights. In accordance with the provisions of the Political Constitution and in accordance with the Code for Children and Adolescents, the rights of minors must be interpreted and applied in a prevalent manner and, therefore, must be observed with special care. In accordance with what is stated in Judgment C-748 of 2011, the opinions of minors must be taken into account when carrying out any Treatment of their data.
ARQUITECTURA D1_D1 undertakes then, in the Processing of Personal Data, to respect the prevailing rights of minors. The Treatment of Personal Data of minors is prohibited, except for those data that are public in nature.
7. Rights of the Data Subjects
Natural persons whose Personal Data is subject to Treatment by ARQUITECTURA D1_D1, have the following rights, which they can exercise at any time:
-
To know the Personal Data on which ARQUITECTURA D1_D1 is carrying out the Treatment. Similarly, the Data Subject can request at any time, that their data be updated or rectified (partial, inaccurate, incomplete, fractional, misleading data).
-
To request proof of the authorization granted to ARQUITECTURA D1_D1 for the Treatment of your Personal Data.
-
To be informed by ARQUITECTURA D1_D1, upon request, regarding the use that this has given to your Personal Data.
-
To submit complaints to the Superintendency of Industry and Commerce for infractions of the provisions of the Personal Data Protection Law.
-
To request ARQUITECTURA D1_D1 to delete your Personal Data and/or revoke the authorization granted for the Treatment thereof, by filing a grievance. However, the request to delete the information and the revocation of the authorization will not proceed when the Data Subject of the information has a legal or contractual duty to remain in the Database and/or Files, or while the relationship between the Data Subject and ARQUITECTURA D1_D1 is in force, by virtue of which their data was collected.
-
Free access to your Personal Data that has been processed: The rights of the Data Subjects may be exercised by the Data Subject, their successors (who must prove such quality), by the representative and/or attorney for the Data Subject (prior accreditation of the representation or empowerment), by stipulation in favor of another or for another.
8. Duties of ARQUITECTURA D1_D1 as Data Controller for the Processing of Personal Data
ARQUITECTURA D1_D1 is aware that the Personal Data is the property of the people they refer to and only they can decide on it. In this sense, ARQUITECTURA D1_D1 will use the Personal Data collected only for the purposes for which it is empowered and respecting, in any case, the current regulations on the Protection of Personal Data.
ARQUITECTURA D1_D1 will attend to the duties foreseen for the Data Controllers, contained in article 17 of Law 1581 of 2012 and the other regulations that modify or replace it.
9. Information Processing Procedures
9.1 Authorization
ARQUITECTURA D1_D1 will request authorization for the Processing of Personal Data by any means that allows it to be used as evidence. Depending on the case, said authorization may be part of a broader document, such as a contract or a specific document for this purpose. In any case, the description of the purpose of the Data Processing will also be informed by the same specific or attached document. ARQUITECTURA D1_D1 will inform the Data Subject, the following:
-
The Treatment to which your Personal Data will be subjected and the purpose thereof.
-
The rights that assist you as the Data Subject.
ARQUITECTURA D1_D1 will guarantee the right of access, prior accreditation of the identity of the Data Subject, legitimacy or personality of its representative, making the respective Personal Data available to him, at no cost or expense, in detail.
9.2 Queries
The Data Subjects of Personal Data or their successors, may consult their Personal Data that rest in the Database. Consequently, ARQUITECTURA D1_D1 will guarantee the right of consultation, supplying the Data Subjects of Personal Data with all the information contained in the individual record or that is linked to the identification of the Data Subject, through:
-
Electronic means of communication or others that it considers pertinent.
-
Systems and methods of consultation.
-
Customer service services or grievances that are in operation.
The requests for consultation will be answered within a maximum term of ten (10) business days from the date of receipt. In the event that a request for consultation cannot be met within the aforementioned term, the interested party will be informed before the expiration of the term of the reasons why their query has not been answered, which in no case may exceed five (5) business days following the expiration of the first term. Inquiries made regarding Personal Data should be sent by email to the following address arquitectura.d1d1@gmail.com.
9.3 Grievances
The Data Subject or his successors who consider that the information contained in a Database must be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in the regulations on Protection of Personal Data, may present a grievance before the Data Controller.
The grievance must be sent to the mail arquitectura.d1d1@gmail.com In this email you must indicate whether you want your data to be updated, rectified, or to revoke the authorization that had been granted for the Processing of Personal Data. For purposes of grievances, the Data Subject must take into account the provisions of article 15 of law 1581 of 2012.
If the grievance is incomplete, the Data Subject can complete it within five (5) business days after receiving the grievance so that the failures are rectified. If two (2) months have elapsed from the date of the request without the applicant submitting the required information, it will be understood that the grievance has been withdrawn.
In the event that the person receiving the grievance is not competent to resolve it, they will transfer it to the appropriate person within a maximum period of two (2) business days and will inform the interested party of the situation.
Once the complete grievance is received, the maximum term to attend it will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend the grievance within said term, the interested party will be informed of the reasons for the delay and the date on which their grievance will be addressed, which in no case may exceed eight (8) business days after the expiration of the first finished.
9.4 Rectification and updating of data
ARQUITECTURA D1_D1 has the obligation to rectify and update, at the request of the Data Subject, the information of this that turns out to be incomplete or inaccurate in accordance with the procedure and the terms indicated above.
In this regard, ARQUITECTURA D1_D1 will take into account the following: In requests for rectification and updating of Personal Data, the Data Subject must indicate the corrections to be made and provide the documentation that supports your request.
ARQUITECTURA D1_D1 has full freedom to enable mechanisms that facilitate the exercise of this right, as long as they benefit the Data Subject. Consequently, electronic or other means that ARQUITECTURA D1_D1 considers pertinent may be enabled. ARQUITECTURA D1_D1 may establish forms, systems and other methods, which will be made available to those interested on the website or by requesting them by email to arquitectura.d1d1@gmail.com.
9.5 Data deletion
The Data Subject of Personal Data has the right, at all times, to request to ARQUITECTURA D1_D1, the suppression (deletion) of their Personal Data when:
-
Consider that they are not being treated in accordance with the principles, duties and obligations set forth in current regulations.
-
They are no longer necessary or relevant for the purpose for which they were collected.
-
The period necessary for the fulfillment of the purposes for which they were collected has been exceeded.
The suppression implies the total or partial elimination of the personal information according to what is requested by the Data Subject in the registers, Files, Databases or Treatments carried out by ARQUITECTURA D1_D1.
The right of deletion is not an absolute right and the Data Controller for the Processing of Personal Data may deny the exercise of it when:
-
The Data Subject has a legal or contractual duty to remain in the Database.
-
The deletion of data hinders judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.
-
The data is necessary to protect the legally protected interests of the Data Subject to carry out an action based on the public interest or to fulfill an obligation legally acquired by the Data Subject.
9.6 Revocation of authorization
All Personal Data Subject can revoke, at any time, the consent to the Treatment of these as long as it is not prevented by a legal or contractual provision. For this, ARQUITECTURA D1_D1 will establish simple mechanisms that allow the Data Subject to revoke their consent.
10. Validity
This Policy is valid indefinitely, it is effective from the date of publication. This document will lose such validity in the event that the applicable regulations are subject to update.