PRIVACY POLICIES

In compliance with the provisions contained in article 15 of the Political Constitution, Law 1581 of 2012, Regulatory Decree 1377 of 2013, and other regulations that modify, add, complement or develop it, the company AG ESTUDIO SAS ., hereinafter ESTUDIO, committed to respecting and guaranteeing the rights of its clients, suppliers, users, employees, contractors and the general public, announces the treatment policies regarding the protection of personal data (hereinafter the “Policy”) that are stored and kept in our database, which are mandatory in all activities that involve, in whole or in part, the collection, storage, use, circulation and/or transfer of said information. AG ESTUDIO SAS , in compliance with the constitutional right to Habeas Data, only collects Personal Data when it has been previously authorized by its Owner, implementing for this purpose clear measures on confidentiality and privacy of Personal Data.

AIM

Define and implement procedures and processes required to comply with Law 1581 of 2012 and also regulate aspects related to the processing of personal data and the authorization of the owners of the information.

This is how AG ESTUDIO SAS is committed to complying with the right to protection of personal data and the right that all people have to know, update and rectify the information that has been collected about them in databases or files, and the other rights, freedoms and constitutional guarantees referred to in articles 15 and 20 of the Political Constitution of Colombia.

SCOPE AND LEGAL FRAMEWORK

As responsible for the processing of the information collected from its Clients, AG ESTUDIO SAS applies clear and precise policies in compliance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, and it describes the mechanisms through the which guarantees adequate management of the personal data collected and registered in its database, in order to allow the owners to exercise the right of Habeas Data.

In this way, this document that is made public has been prepared in accordance with the following Documents, Laws and Regulatory Decrees:

Political Constitution of Colombia - Article 15 and 20.

Law 1581 of 2012.

Law 1273 of 2009.

Law 1266 of 2008.

Regulatory Decrees 1727 of 2009 and 2952 of 2010 and Partial Regulatory Decree No. 1377 of 2013.

General information about AG ESTUDIO SAS as the person in charge of processing personal data

Company name: AG ESTUDIO SAS

NIT. 901382986-3

Address: Carrera 36 Nº 9 sur 80 Medellín

Telephone: 589-88-57

Email: info@argemirosierra.com

Website: www.argemirosierra.com

 

LEGAL DEFINITIONS APPLICABLE TO PERSONAL DATA PROCESSING POLICIES

For the purposes of this document and in accordance with current legal regulations, the following definitions must be taken into account in order to provide adequate interpretation and correct application with the provisions of Law 1581 of 2012:

Owner : Natural or legal person whose Personal Data is the subject of Processing, whether client, suppliers, users, employees, contractors and the general public.

Personal data : Any information linked or that can be associated with one or several specific or determinable natural persons.

Privacy Notice: Physical, electronic document or any other format generated by the Controller that is made available to the Owner for the processing of their personal data. In the Privacy Notice, the Owner is informed of the information regarding the existence of the information processing policies that will be applicable, the way to access them and the purpose of the treatment that is intended to be given to personal data.

Responsible for the Treatment : natural or legal person, public or private, who alone or in association with others, decides on the database and/or the Processing of the data.

 

Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data;

 

Processing : Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

 

Treatment Policies regarding the protection of Personal Data : Refers to this document.

 

Sensitive Data : Those that affect the privacy of the Owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, rights human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

Public data: It is data that is not semi-private, private or sensitive. Public data are considered, among others, data relating to the marital status of people, their profession or trade, and their status as a merchant or public servant. Due to its nature, public data may be contained, among others, in public registries, public documents, official gazettes and bulletins, and duly executed judicial rulings that are not subject to confidentiality.

Private Data: It is the data that, due to its intimate or reserved nature, is only relevant to the owner.

Data Protection Officer: This is the person whose function is to monitor and control the application of the Data Protection Policy.

Data Processor: Natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of personal data on behalf of the Personal Data Controller.

Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is located inside or outside from the country

 

Transmission: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Processor on behalf of the Controller.

When a term used is defined in this Information Processing Policy, that definition will apply. Likewise, when a term used is not expressly defined in this document or in the applicable Law, the literal meaning of the stipulations will apply, provided that such interpretation is consistent with the purpose of the Information Processing Policy.

PRINCIPLES THAT GUIDE THE PROCESSING OF PERSONAL DATA

In accordance with article 4 of Law 1581 of 2012, the principles that govern the Processing of Personal Data are the following:

 

Principle of legality in matters of data processing: The processing referred to in Law 1581 of 2012 in Decree 1377 of 2013 is a regulated activity that must be subject to what is established therein and in the other provisions that develop it.

 

Principle of purpose : The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Owner.

 

Principle of purpose: the purpose of the Treatment must be legitimate in accordance with the Constitution and the law, and informed to the owner.

 

Principle of freedom: personal data can only be processed with the prior, express and informed consent of the Owner or by legal or judicial mandate. Personal data may not be obtained or disclosed without prior authorization.

Principle of truthfulness : The information subject to Treatment must be true, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited.

Reasonable limit principle: the storage and processing of personal data will be limited to what is essentially necessary to fulfill the previously specified purposes of the business relationship, as well as the fulfillment of the purposes authorized by the Owner.

Principle of transparency : In the Treatment, the right of the Owner to obtain information at any time and without restrictions from the person responsible or the person in charge, about the existence of data that concerns him or her, must be guaranteed.

Principle of Access and restricted circulation: Treatment may only be carried out by persons authorized by the Owner or by the persons provided for in this Law. Treatment is subject to the limits derived from the nature of the personal data.

Security principle : The information subject to Treatment by the Controller or person in charge of the Treatment referred to in this law must be handled with the necessary measures to provide security to the records and prevent their adulteration, loss, consultation, use or unauthorized access. or fraudulent.

Principle of confidentiality : All persons involved in the Processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks included in the Processing has ended, and may only supply or communicate personal data when this corresponds to the development of the activities authorized in this law and in the terms thereof.

Principle of Systematic Incorporation: the principles of Personal Data Protection will be implemented in all processes and procedures of commercial activity.

 

AUTHORIZATION AND PROCEDURE FOR THE PROCESSING OF PERSONAL DATA

From the entry into force of this Policy, AG ESTUDIO SAS , at the time of collecting Personal Data, will request authorization from the Owners, informing them of the personal data that will be collected as well as all the specific purposes of the Treatment for which your consent is obtained

The authorization of the Owners may be expressed by: (l) writing, (ll) orally or (lll) through unequivocal conduct of the Owner that allows a reasonable conclusion that the respective authorization was granted. In no case will silence be an unequivocal behavior.

AG ESTUDIO SAS will keep the proof of said authorizations in an appropriate manner, respecting the principles of confidentiality and privacy of information.

Notwithstanding the foregoing, the authorization of the Owner will not be necessary when it comes to: (l) Information required by a public or administrative entity in the exercise of its legal functions or by court order; (ll) Data of a public nature; (lll) Cases of medical or health emergency; (lV) Processing of information authorized by law for historical, statistical or scientific purposes; and (V) Data related to the Civil Registry of Persons.

 

 

RIGHTS OF INFORMATION HOLDERS

AG ESTUDIO SAS, in accordance with its express commitment to respect at all times the rights of its valued clients or buyers, the owner of the personal data and in accordance with Article 8 of Law 1581 of 2012 will have the rights established below. :

Know, update and rectify your personal data in front of the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or data whose processing is expressly prohibited or has not been authorized.

Request proof of the authorization granted to the Data Controller except when it is expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of this law;

Be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been given to your personal data.

Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of this law and other regulations that modify, add or complement it;

Revoke the authorization and/or request the deletion of the data when the processing does not respect constitutional and legal principles, rights and guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the Treatment the Controller or Processor has engaged in conduct contrary to this law and the Constitution;

Free access to your personal data that has been processed.

In accordance with art. 20 of Decree 1377 of 2013, the exercise of the aforementioned Rights may be exercised by :

By the Owner, who must sufficiently prove his or her identity by the different means made available by the person responsible.

By their successors, who must prove such quality.

By the representative and/or attorney-in-fact of the Owner, prior accreditation of the representation or power of attorney.

By stipulation in favor of another or for another.

The rights of children or adolescents will be exercised by the people who are empowered to represent them.

REVOCATION OF AUTHORIZATION AND/OR DELETION OF DATA

The Holders of Personal Data may, at any time, request AG ESTUDIO SAS to delete their data and/or revoke the authorization that has been granted for the processing thereof, by submitting a claim in accordance with the provisions of Article 15 of Law 1581 of 2012.

Notwithstanding the above, we warn that the request to delete the information and/or revoke the authorization will not proceed when, as the Owner of the personal data, you have a legal or contractual duty by virtue of which it must remain in the AG database. SAS STUDIO .

PURPOSES OF THE PROCESSING OF PERSONAL DATA

The Personal Data of the Holders that are collected by AG ESTUDIO SAS in the development of its corporate purpose, and included in its database, are the following:

(I) Type of identity document; (II) Identification document number; (III) Names and surnames; (IV) Address 1; (V) Address 2; (VI) Office telephone; (VII) Residence telephone number; (VIII) Cellular; (IX) Email address; (X) City; (XI) Department and (XII) Country.

The Personal Data collected by AG ESTUDIO SAS are included in a Database to which the Company's personnel have access in the exercise of their duties and in some cases the contractor in charge of providing Call Center services, who is warned that Under no circumstances are you authorized to Process the information for purposes other than those described here:

Carry out, through any means directly or through third parties, advertising and marketing campaigns to offer discounts or promotions for our own or third-party products or services;

Inform about changes to our products or services;

Implement loyalty programs;

Evaluate the quality of our products and services and carry out studies on consumer habits, preference, purchase interest, product testing, concept, service evaluation, satisfaction and others related to our services and products.

Carry out credit, collection or credit risk studies;

Advance commercial agreements, events or institutional programs directly or in association with third parties;

Provide our required products and services directly or through third parties, and receive feedback;

Control and prevent fraud in all its forms.

Generate optimal communication in relation to our services, products, promotions, billing and other activities.

Inform about new products or services that are related or not to the signed contract;

Carry out the necessary steps to comply with the obligations inherent to the services provided by AG ESTUDIO SAS.

Comply with the obligations contracted with our clients, allies, users, suppliers, their subsidiaries, distributors, subcontractors and other people directly or indirectly related to the corporate purpose of AG ESTUDIO SAS

Additionally, for the purposes of reporting and consulting credit risk centers legally established in Colombia, collection or commercial efforts, these purposes to comply with contractual and/or legal obligations with their clients and will be through technological, commercial and/or allies. or strategic.

Share with third parties that collaborate with the Company and who, in order to fulfill their functions, must access the information to some extent, such as messaging service providers, advertising agencies, call centers and collection houses. It is specified at this point that these third parties are obliged to maintain the confidentiality of the information to which they have access, all of which is regulated by confidentiality agreements signed with them.

Confirm the data necessary for the delivery of products and/or provision of services;

Carry out the procedures for attention to PQRs submitted to the Company;

Support the Company's audit processes;

Confirm product purchases made via the web;

Comply with legal information obligations to administrative entities, as well as to the competent authorities that require it;

Any other purpose may result in the development of the contract or commercial relationship between AG ESTUDIO SAS and the Owner.

The information provided by the Owner will only be used for the purposes indicated here and once the need for the Processing of Personal Data ceases, it may be deleted from the AG ESTUDIO SAS databases or archived in secure terms for the purposes of only be disclosed when required by law.

It is important to clarify that AG ESTUDIO SAS does not request or store information corresponding to Credit or Debit Cards that is provided to make purchase transactions on the web portal. This information and the duty to process it are the responsibility of the payment gateway directly.

DATA SECURITY

The Personal Data that is included in the AG ESTUDIO SAS Database comes from the information collected in the exercise of the activities carried out due to commercial, contractual, labor or any other type of ties with its users, clients, suppliers, contractors. , employees and/or the general public.

Channels such as our website, social networks, telephone service line, commercial and employment contracts, direct sales, distributors and service channels, among others, are the means through which the Company obtains the Personal Data referred to. this Policy.

The Personal Data collected by the Company is stored through duly licensed software, which is supplied by suppliers specialized in the matter, with whom confidentiality agreements are signed for the adequate protection of the information.

AREA RESPONSIBLE FOR ATTENDING QUERIES TO INFORMATION OWNERS

The AG ESTUDIO SAS Service Area will be the area in charge of receiving requests, complaints or claims from the Holders of Personal Data. This area will be in charge of carrying out the necessary internal management in order to guarantee a clear, efficient and timely response to the Data Owner.

 

DUTIES OF THE RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA

The duties that govern those responsible for the management of information and that are in accordance with the provisions of the Law that regulates the activity are the following:

Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data.

Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Owner.

Duly inform the Owner about the purpose of the collection and the rights granted to him by virtue of the authorization granted.

Maintain the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

Guarantee that the information provided to the Data Processor is true, complete, accurate, updated, verifiable and understandable.

Update the information, communicating in a timely manner to the Data Processor, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it remains updated.

Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor.

Provide the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of the law.

Demand that the Data Processor at all times respect the security and privacy conditions of the Owner's information.

Process queries and claims formulated in the terms indicated in this law.

Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and, especially, to respond to queries and complaints.

Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been submitted and the respective process has not been completed.

Inform at the request of the Owner about the use given to their data.

Inform the data protection authority when violations of security codes occur and there are risks in the administration of the Owners' information.

Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

PROCEDURES FOR THE ATTENTION OF QUERIES, CLAIMS AND COMPLAINTS

Consultations: The information found in the company's databases may be consulted by the Owners or their assigns and in this way exercise the right of consultation.

Queries must be made through the Data Protection Channel, using one of the contact methods that are written in this policy and must contain the following information:

The name and contact address of the owner or any other means to receive the response.

The clear and precise description of the personal data with respect to which the owner seeks to exercise the right of consultation.

The query will be answered within a maximum period of ten (10) business days from the date of receipt. When it is not possible to attend to the query within said term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which their query will be attended to, which in no case may exceed five (5) business days following the expiration of the first term.

Claims (Correction, update, deletion): The Owner or his successors who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in this policy. , may file a claim with the Data Controller or the Data Processor.

Claims must be formulated in writing or by email ( info@argemirosierra.com ) according to the information contained in this document, and must contain the following information:

Identification of the Owner.

Description of the facts that give rise to the claim.

Owner's address.

Documentation that you want to present as evidence.

The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

Procedural requirement: The Owner or successor in title may only file a complaint with the Superintendence of Industry and Commerce once the consultation or claim process has been exhausted before the Data Controller or Data Processor.

MODIFICATIONS TO POLICIES

AG ESTUDIO SAS reserves the right to modify, at any time, its policies and procedures for the Processing of Personal Data. The changes that are made will be informed to the Owners by any means of communication and in this way, they will be able to exercise their rights.

 

VALIDITY

Validity of the databases: The databases subject to Treatment will remain valid as long as they are necessary to develop the purposes established in this document.

Policy validity:

This Personal Data Protection Policy of the company AG ESTUDIO SAS takes effect from its issuance.