PERSONAL DATA PROCESSING POLICY
In accordance with the provisions of Law 1581 of 2012, Decree 1377 of 2013, Decree 1078 of 2015 and Circular SIC 002 of 2015, the Policy for the Processing of Personal Data is updated in the following terms:
RESPONSIBLE FOR PERSONAL DATA
The legal person responsible for the personal data and therefore of the databases in which they are located is SYSTEMICO SOFTWARE S.A.S.
For the purposes of this Data Management Policy, "SYSTEMICO" has designated as Responsible for the attention of requests, queries, claims from users and / or and/or potential customers, as well as the requirements related to personal information of employees and outsourcers of the company and those from contractors and/or suppliers, to the company's Administrative and Financial Department, located at Avenida Altos del Jardín No. 12 in the city of Bucaramanga.
Personal data of subscribers, users, potential customers, workers, contractors and / or suppliers collected by SYSTEMICO during the subscription of contracts, their execution or even after their termination and/or settlement, freely and voluntarily supplied, such as are: name, surname, identification, landline and/or mobile phone, physical and electronic address, and even that which is considered sensitive, ie, fingerprint (physical or digital).
In addition, in the case of workers, information regarding racial or ethnic origin, political orientation, religious beliefs, biometric data, photographs or portraits; information of socio-economic, patrimonial, tributary, family composition, commercial references; the one related to your health and any other required for the proper development of the contractual relationship and other necessary data that are requested when you contract any of our services or enter into any type of contract or during the execution thereof
SYSTEMICO collects the footprint that is a sensitive data with the authorization of the holder exclusively for the purpose of avoiding identity theft.
TREATMENT AND PURPOSE
The data collected by SYSTEMICO will be treated with the appropriate degree of protection, required by the Law and in this sense the responsible for the treatment is committed to treat the data for the exclusive purpose for which they were collected.
SYSTEMICO collects data from its users and potential customers for the following purposes.
- Identify you as a user of our services and advance the necessary steps for your best performance.
- Provide you with information related to our products, services, offers, promotions, alliances, competitions, as well as those of our affiliated or associated companies.
- Sending information pertaining to the state of your account and obligations.
- Contact any means that have been registered for the scheduling of visits proper to the provision of the service.
- Inform about new products or services related to the contracted or purchased services (s).
- Inform about changes in our products, services and fares.
- Evaluate the quality of the service.
- Referral of advertising, commercial and promotional offers by SYSTEMICO and its allies.
Systemico collects data from its employees and/or collaborators for the following purposes:
- Identify it as a worker or an ex worker.
- Determine the suitability of the workers for the performance of assigned functions.
- Follow up on their work and/or academic performance.
- Qualify and evaluate their performance.
- Execute and fulfill the contracts.
- Ensure your safety and personal care.
- Monitor and evaluate their behavior.
- Consult, process, request and report to any entity that manages databases for all the information related to its work and/or tax status.
- Maintain the normal development of the contractual relationship.
- Comply with legal, regulatory and/or regulatory provisions.
Systemico collects data from its contractors and suppliers for the following purposes:
- Request quotations for services and products.
- Invite them to participate in contractual processes.
- Verify the sending and receipt of documents.
- Update information.
- Ask for clarifications of proposals.
- Generate contractual processes.
PRINCIPLES FOR TREATMENT
Principle of legality: The treatment given to personal data is adjusted to the parameters established by Law
Principle of purpose: The personal data processed by SYSTEMICO will be used only for the purposes described above.
Principle of transparency: The Responsible of the treatment, guarantees the Rights of the holder at any time and without restrictions in this way it is of great importance to clearly inform the data that are collected and the treatment of the same.
Principle of safety: The information subject to treatment by SYSTEMICO has the measures required by the Law according to the quality of the data and in order to avoid its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Principle of confidentiality: All persons involved in the processing of personal data are obliged to guarantee the reservation of the information, even after the end of their relationship with any of the tasks included in the Treatment, and may only supply or communicate data personal where this corresponds to the development of the activities authorized by the Law or by the holder of the data. Principle of truthfulness or quality: The information subject to treatment must be truthful, complete, accurate, updated, up-to-date, verifiable, and comprenhensible. Processing of partial, incomplete or fractionated data is prohibited.
Principle of access and restricted circulation: The treatment is subject to the limits derived from the nature of the personal data, the provisions of the law and the political constitution. In this sense, treatment may only be done by authorized persons. Personal data, except for public information, may not be available on the Internet or other means of mass communication, unless the access is technically controllable to provide restricted knowledge only to holders or third parties authorized by law.
The security measures taken by SYSTEMICO on its databases are in accordance with those established by law, in order to prevent unauthorized access, use, modification, deletion, loss and/or misuse of personal data. All databases owned by SYSTEMICO have the basic security measures; these measures are increased according to the quality of the data.
RIGHTS OF THE DATA HOLDER
As holder of the data collected by SYSTEMICO, in accordance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, any person may make use of the following rights:
- Right of Access: it is the right of every person has to know if their personal data is being treated, they are included in the database, which purpose and origin have these, as well as the assignments made or envisaged to third parties. In order to exercise your right you may file an application with the person in charge of the treatment or through the contact channels already specified.
- It is important to emphasize that the owner will be able to consult for free his/her personal data at least once each calendar month and whenever there are substantial modifications of the policies of personal data processing. When the query is done more than once each month; SYSTEMICO as the owner of the database, will be able to charge the shipping costs, reproduction and if document certification is required.
- Right of Update and Rectification: It is the right that each person has as the data holder to update and correct the personal data that are in the databases owned by SYSTEMICO, when they have changed or when there is an error, are inaccurate or incomplete. For this purpose, a request for information must also be submitted, in addition to what is indicated in the previous point on access to personal data, the modifications to be made and to provide the documentation that supports your request.
- Right of Suppression: it is the right of each person has as a user to delete their personal data in the databases owned by SYSTEMICO, in the following cases: (i) when the treatment of the same does not conform to the provisions of the Law of Protection of data (Law 1581 of 2012) as long as the Superintendency of Industry and Commerce has determined that in the treatment the responsible or manager has incurred in conduct contrary to the ordering and (ii) by virtue of the free and voluntary application of the data holder, as long as there is no legal or contractual obligation to impose on the holder the duty to remain in the database concerned. The deletion gives rise to the blocking of its data, this means that the data are retained only at the disposal of competent authorities, for security purposes and to attend to the possible responsibilities born of the treatment.
- Submitting complaints: As a data holder you have the right to present to the Superintendency of industry and trade complaints for infringements associated with the use of your personal data, as long as you have exhausted the process of consultation or claim with SYSTEMICO.
DUTIES OF THE RESPONSIBLE AND TREATMENT MANAGERS
The person in charge and those in charge of the treatment must comply with the following provisions provided for in Law 1581 of 2012 and Decree 1377 of 2013.
Responsible for the treatment
- To guarantee to the holder, at all times, the full and effective exercise of the right of habeas data;
- To request and preserve, in the conditions foreseen in the present law, a copy of the respective authorization granted by the Holder;
- Duly inform the holder about the purpose of the collection and the rights that assist him/her by virtue of the authorization granted;
- Keep the information under the necessary safety conditions to prevent its adulteraition, loss, consultation, use or unauthorized or fraudulent access;
- Ensure that the information provided to the treatment manager is truthful, complete, accurate, up-to-date, verifiable and comprehensible;
- Update the information, communicating in a timely manner to the Treatment Manager, all the new information regarding to the data previously provided to him and to take the other necessary measures so that the information provided to him is kept up to date;
- To rectify the information when it is incorrect and communicate to the pertinent thing Person in charge of the Treatment;
- To provide to the Treatment Manager, as the case may be, with only data whose Treatment is previously authorized in accordance with the provisions of this law;
- To requiere to the Treatment Manager at all times, to respect the security and privacy conditions of the information of the Holder;
- To process the queries and claims formulated in the terms indicated in the present law;
- Adopt an internal policy and procedures manual to ensure the proper compliance with this law and, in particular, for the care of consultation and claims;
- To inform to the Treatment Manager when certain information is under discussion by the Holder, once the complaint has been filed and the respective procedure has not been completed;
- Report at the request of the Holder on the use given to his/her data;
- To Inform to the data protection authority when violations of the security codes are presente and there are risks in the administration of the information of the Holders.
- To comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
- To guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data; keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;
- Make timely the updating, rectification or deletion of the data in the terms of this law;
- Update the information reported by the Treatment Manager within five (5) business days from the date of receipt;
- To process the queries and the claims formulated by the Holders in the terms set out in this law;
- Refrain from circulating information that is being disputed by the Holder and whose blockade has been ordered by the Superintendency of Industry and Commerce;
- Allow access to information only to those who may have access to it;
- Inform the Superintendency of Industry and Commerce when there are violations of security codes and there are risks in the administration of the information of the Holders;
- Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
- Paragraph. In the event that the qualities of Responsible for Treatment and in charge of Treatment concur in the same person, it will be demanded the fulfillment of the duties foreseen for each one.
DATA PROTECTION OFFICER
SYSTEMICO has appointed a person in charge and/or responsible for exercising the role of data protection officer, who must perform its functions and perform all activities in accordance with the legislation that regulates the subject and in the terms established by the guide for the implementation of the demonstrated principle of (Accountability), published by the Superintendency of Industry and Commerce.
FUNCTIONS OF THE DATA PROTECTION OFFICER
The main function of the data protection Officer will be to ensure the effective implementation of the policies and procedures adopted by the company to meet the standards, as well as the implementation of good personal data management practices within the Company.
Additionally, it will perform the following functions:
- To ensure, in coordination with the Administrative and Financial Department, the effective and timely processing of the requests raised by the Data Holders.
- Establish the specific responsibilities of the areas of the company in the face of the collection, storage, use, updating, circulation and elimination of data.
- Establish the necessary controls and implement their permanent evaluation and review.
ATTENTION OF REQUESTS, QUERIES, CLAIMS AND PROCEDURES
Mr. Subscriber, user and/or potential client if you wish to make use of the rights that assist you can do so by the following means:
• Communication sent to the Responsible for the attention of requests from SYSTEMICO at Avenida Altos del Jardín N° 12 (Bucaramanga, Santander – Colombia).
• By email to firstname.lastname@example.org
Mr. Worker, Extracontractor, contractor and/or supplier if you wish to make use of the rights that assist you as a holder of the information, you may raise your request, complaint or claim by means of communication sent to those responsible already established in this Policy for the attention of requests, consultations and claims of systemic in the administrative headquarters Avenida Altos del jardín N° 12 (Bucaramanga, Santander – Colombia) or through the e-mail email@example.com.
Our privacy policies apply to all databases owned by SYSTEMICO.
The Treatment Policies established herein become effective on the day of publication on the website.
The Databases will be in force during the time that SYSTEMICO S.A.S., develops its corporate purpose.
For more information related to the legal provisions on data protection, and those related to the procedures for claiming them, we suggest you visit the website of the Superintendency of Industry and Commerce (www.sic.gov.co). SYSTEMICO reserves the right to modify the Personal Data Processing Policies at any time. Any modification will be communicated opportunely to the owners of the personal data through the web page.