Data treatment policy
I. Purpose of the Treatment Policy
II. Definitions for the purposes of the Personal Data Treatment Policy
III. Principles for the Processing of Personal Data
IV. Authorization for the Processing of Personal Data
V. Purposes of the Processing of Personal Data
SAW. Procedures for the Processing of Personal Data
VII. Information and mechanisms provided by UH ABOGADOS SAS as Responsible for the Processing of Personal Data
VIII. Person responsible for the Processing of Personal Data
IX. Rights of the Holder of Personal Data
X. Transfer of Personal Data
XI. Duties of the Person Responsible for the Processing of Personal Data
XII. Validity and Modification of the Personal Data Treatment Policy
XIII. Other provisions
I. OBJECTIVE OF THE TREATMENT POLICY
UH ABOGADOS SAS (hereinafter the "Firm"), in order to strictly comply with current regulations on the protection of personal data, especially as established in Law 1581 of 2012, Decree 1377 of 2013 and other provisions that modify, add or complement them, and committed to the security of the personal information of its clients, suppliers, contractors, users, employees and the general public, it is allowed to present the Information Treatment Policy in terms of data protection Personal (hereinafter the "Policy") of the Firm, in relation to the collection, use and transfer thereof, by virtue of the authorization that has been granted by the Holders of the information.
In this Policy, the Firm details the general corporate guidelines that are taken into account in order to protect the personal data of the Holders, such as the purpose of collecting the information, the rights of the Information Holders, the area responsible for attending to the queries, requests and complaints, as well as the procedures that must be exhausted to know, update, rectify and delete the information.
The Firm, in compliance with the constitutional right to Habeas Data, only collects personal data, when it has been previously authorized by its Holder, implementing for this purpose, clear measures on confidentiality and privacy of personal data.
II. DEFINITIONS FOR THE PURPOSES OF THE TREATMENT POLICY
For the purposes of this Policy, the definitions indicated in Law 1581 of 2012 will be taken into account, which are outlined below:
1. Information holder: Natural or legal person whose personal data is subject to Treatment.
2. Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data. In the specific case, the Firm will be considered Responsible for the Treatment.
3. Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the Treatment of personal data on behalf of the Responsible for the Treatment.
4. Personal data: Any information linked or that may be associated with one or more specific or determinable natural persons.
5. Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
6. Treatment Policies regarding the protection of Personal Data: refers to this document.
7. Sensitive Data: Those that affect the privacy of the Holder or whose improper use may generate discrimination.
III. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
In accordance with article 4 of Law 1581 of 2012, the principles that govern the Processing of personal data are:
1. Principle of legality regarding Data Processing: The Processing referred to in Law 1581 2012 is a regulated activity that must be subject to what is established therein and the other provisions that develop it.
2. Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder of the information.
3. Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the Information Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
4. Principle of truthfulness or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. Processing of partial, incomplete, fractional or misleading data is prohibited.
5. Principle of transparency: In the Treatment, the right of the Owner of the information to obtain from the Responsible or the Person in Charge, at any time and without restrictions, information about the existence of data concerning him or her must be guaranteed.
6. Principle of access and restricted circulation: The Treatment is subject to the limits that derive from the nature of the personal data. In this sense, the Treatment can only be done by persons authorized by the Information Owner and / or by the persons provided by law.
7. Principle of security: The information subject to Treatment by the Treatment Manager or Person in Charge of Treatment referred to in Law 1581 of 2012, must be managed with the technical, human and administrative measures that are necessary to provide security to the records. avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.
8. Principle of confidentiality: All persons involved in the Processing of personal data that are not public in nature are obliged to guarantee the reservation of the information, even after the end of their relationship with any of the tasks included in the Processing. , being able to only supply or communicate personal data when this corresponds to the development of activities authorized by law and in the terms provided by the law.
IV. AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA
The Firm, at the time of collecting personal data, will request an authorization from the Holders of the information, informing about the specific purposes of the Treatment for which said consent is obtained.
In attention to the principle of freedom established by Law 1581 of 2012, the authorization of the Holders of the information may be manifested in writing. The Firm will keep the proof of said authorizations in an adequate manner, respecting the principles of confidentiality and privacy of the information.
Considering that the Firm has collected personal data prior to the date of publication and entry into force of this Policy, the following measures will be implemented in order to obtain authorization and protection of Personal Data:
1. The Firm will request the authorization of the Holders of the information to continue with the Processing of their personal data, through efficient written communication mechanisms, such as emails, as well as to inform them of the Policy and the way of exercising your rights vis-à-vis the Firm and the Managers.
2. Additionally, a link called "Protection of Personal Data" will be published on the Firm's website www.uhabogados.com, in which users can view the Policy and how to exercise their rights against the Firm and the Responsible for the Treatment.
V. PURPOSES OF THE TREATMENT
1. Purposes of the Processing of Personal Data
The personal data of the Holders of the information are collected by the Firm in development of its corporate purpose, in order to:
1. To comply with the obligations, commercial, labor, corporate and accounting of the Firm.
2. Provide its services in accordance with the particular needs of the Firm's clients, in order to fulfill the contracts signed by it, the sending of commercial information on new services offered by the Firm, and the sending of newsletters with information relevant legal.
3. Comply with the internal processes of the Firm regarding the administration of suppliers and contractors.
4. The process of filing, updating the systems, protection and custody of information and databases of the Firm.
5. Registration of the information of the Employees, suppliers and clients in the Firm's database.
6. The transmission of data to third parties with whom contracts have been entered into for this purpose, for commercial, contractual, administrative, marketing and / or operational purposes.
7. For security or fraud prevention purposes.
8. Any other purpose that may result in the development of the contract or the commercial relationship between the Firm and the Holder of the information.
The information provided by the owner of the information will only be used for the purposes indicated here and once the need for the processing of personal data ceases, they may be eliminated from the databases of the Firm or archived in secure terms at effects of only being disclosed when required by law.
2. TYPE OF PERSONAL DATA THAT ARE INCLUDED IN THE FIRM'S DATABASES
The Firm, within its corporate purpose and in order to develop the activities described above, collects from its Holders information regarding their personal data, for example: name, address, telephone, identity document, email, employment data, occupation , among others.
The foregoing is justified on the grounds that the Firm's main corporate purpose is to provide legal advice and legal support in matters related to trade, litigation, regulation and real estate.
SAW. PROCEDURES FOR THE PROCESSING OF PERSONAL DATA
The personal data that are included in the Firm's Database come from the information collected in the exercise of the activities developed by reason of links: (i) commercial; (ii) contractual; (iii) labor, or of any other nature with its users, clients, suppliers, contractors, employees and / or the general public.
The collection of personal data is carried out through commercial and employment contracts, written documents, among others. This activity implies the prior, express and informed authorization of the Owner of the information.
1. Procedure to know, update, rectify, or delete information related to Personal Data
In order to protect and maintain the confidentiality of the personal data of the Information Holders, the Firm determines that the procedure for knowing, updating, rectifying and deleting information implies that the Information Holder submits his request to the Firm through of the means provided for this, namely: (i) Through the email email@example.com sending the request accompanied by a copy of the identity document of the Holder of the information; or (ii) Sending a written request to the registered office of the Firm, Carrera 29 C No. 10 C 125, Ed. Select, office 401, which must be accompanied by a copy of the identity document of the Holder of the information.
The Administrative Coordination of the Firm will be the area in charge of the processing of personal data, and will respond to the queries, requests and claims of the Information Owner, complying with current regulations on the matter through the email administracion @ uhabogados. com.
2. Procedure to delete information and revoke the Authorization for the Processing of Personal Data
The Holders of the information may, at any time, request the Firm to delete their data and / or revoke the authorization, by submitting a claim in accordance with the provisions of article 15 of Law 1581 of 2012.
The Firm will make available to the Holders of the information the email firstname.lastname@example.org, and its website www.uhabogados.com for purposes of proceeding accordingly.
It is essential to note that the request to delete the information and the revocation of the authorization will not proceed when the Holder of the information has a current legal or contractual duty with the Firm.
VII. INFORMATION AND CONTACT MECHANISMS PROVIDED BY THE FIRM AS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
Company name: UH Abogados SAS
NIT: 900.668.911 - 7
Address: Medellín, Antioquia, Colombia
Address: Carrera 29 C No. 10 C 125, Select Building, office 401
Phone: (57 4) 322 4365
VIII. PERSON RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
The person responsible for the Firm, the Administrative Coordination, will be in charge of receiving the requests, queries or claims of the Information Holders. This person will be in charge of carrying out the necessary internal procedure in order to guarantee a clear, efficient, understandable and timely response to the Holder of the information.
IX. RIGHTS OF THE OWNER OF PERSONAL DATA
In accordance with article 8 of Law 1581 of 2012, the Holder of the information will have the following rights:
1. Know, update and rectify your personal data in front of the Treatment Managers or Treatment Managers. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized;
2. Request proof of the authorization granted to the Data Controller, except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012;
3. Be informed by the Treatment Manager or the Treatment Manager, upon request, regarding the use that has been given to your personal data;
4. Present before the Superintendency of Industry and Commerce complaints for infractions to the provisions of Law 1581 of 2012 and the other regulations that modify, add or complement it;
5. Revoke the authorization and / or request the deletion of your personal data when the principles, rights and constitutional and legal guarantees are not respected in the Treatment. The revocation and / or deletion will proceed when the Superintendency of Industry and Commerce has determined that in the Treatment the Responsible or Person in Charge have incurred in conduct contrary to the law and the Constitution;
6. Free access to your personal data that have been subject to Treatment.
In accordance with article 20 of Decree 1377 of 2013, the exercise of the aforementioned Rights may be exercised:
1. By the Owner of the information, who must sufficiently prove his identity by the different means made available to him by the Responsible.
2. By their successors in title, who must prove such quality.
3. By the representative and / or attorney-in-fact of the Holder of the information, prior accreditation of the representation or power of attorney.
4. By stipulation in favor of another or for another.
The rights of children or adolescents will be exercised by the people who are empowered to represent them.
X. TRANSFER OF PERSONAL DATA
The Firm may transfer the personal data of the Holders among themselves, and to the other companies or entities that belong or come to belong to the same control group and / or financial group, domiciled in Colombia and / or abroad, in strict compliance with the provisions of this Policy and the rules that regulate the matter.
XI. DUTIES OF THE DATA CONTROLLER
In accordance with article 17 of Law 1581 of 2012, the Data Controller will have the following duties:
1. Guarantee the Holder of the information, at all times, the full and effective exercise of the right to habeas data;
2. Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Holder of the information;
3. Properly inform the Holder of the information about the purpose of the collection and the rights that assist him by virtue of the authorization granted;
4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;
5. Guarantee that the information provided to the Treatment Manager is true, complete, exact, updated, verifiable and understandable;
6. Update the information, communicating in a timely manner to the Person in Charge of Treatment, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it is kept up-to-date;
7. Rectify the information when it is incorrect and communicate the pertinent to the Person in Charge of Treatment;
8. Provide the Treatment Manager, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of the law;
9. Require the Treatment Manager at all times, respect the security and privacy conditions of the Information of the Holder;
10. Process the queries, requests and claims formulated in the terms indicated in the law;
11. Adopt an internal manual of policies and procedures to guarantee adequate compliance with the law and especially, for the attention of queries and complaints;
12. Inform the Treatment Manager when certain information is under discussion by the Information Owner, once the claim has been submitted and the respective process has not been completed;
13. Inform, at the request of the Information Owner, about the use given to their personal data;
14. Inform the data protection authority, when there are violations of the security codes and there are risks in the administration of the information of the Holders;
15. Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce
XII. VALIDITY OF THE POLICY
This Policy for the Treatment of Information on the Protection of personal data of the Firm, governs from its publication.
This Policy may be modified by the Firm at any time, in order to adapt it to legislative or jurisprudential developments, as well as to best practices that are developed on the subject, in which case the Holders of the information will be informed in a timely manner.
Any modification or update of this Policy will be informed through the website www.uhabogados.com where the latest version of the Policy will be made available to the Holders of the information, indicating the effective date. of the corresponding modification or update, as the case may be.
The use or acquisition of the products or services offered by the Firm by the Holder of the information or his non-dissociation from them, after the new Policy is made available, constitutes acceptance of it.
The personal data or databases subject to Treatment, will be in force for the contractual term that the Owner of the information has the product or service, plus the term established by law.
XIII. OTHER PROVISIONS
1. For the purposes of processing the personal data of children and adolescents, the Firm will respond to and respect their best interests, and will also ensure respect for their fundamental rights. Additionally, the Firm will request authorization from the Representative of the child or adolescent in order to carry out the Processing of their Personal Data.
2. The Firm will collect, store, use or circulate the personal data on which it has the due authorization, for the term that is reasonable and necessary, which in any case may not be less than the term of the Firm. .