NOTICE OF PRIVACY
In accordance with the provisions of Law 1581 of 2012 and the rules that add, regulate or modify it, we inform you that the personal data that you have given us, as an employee, client, service provider or in any other condition of natural person , will be part of our databases in order to use them in the development of business corresponding to our corporate purpose.
The handling of said data will be done in accordance with the provisions of the "Manual of Policies and Procedures for the Treatment of Personal Data", which contains the policies established by our Organization for the processing of data, the mechanisms for the effectiveness of rights of the owner of the information to know, update, rectify, delete the data that rest in our databases, as well as to claim the person in charge and revoke the authorization for its use. This manual can be consulted on the website: www.gerleinco.com .
POLICIES AND PROCEDURES MANUAL FOR THE PROCESSING OF PERSONAL DATA
1. INTRODUCTION
This document sets out the Information Processing policies that govern the activity carried out by GERLEINCO SA and the management of its databases. This document is developed in compliance with the provision of Law 1581 of 2012, "By which general provisions are issued for the protection of personal data", and the other rules that add, regulate or modify it, according to which all public or private entities that handle personal data must adopt an internal manual of policies and procedures to guarantee adequate compliance with the law and especially, to ensure the effective exercise of the rights of the holders, the attention of inquiries and claims.
All the information received by GERLEINCO SA Through its different communication channels, in digital or printed media, and that makes up our databases, obtained from employees, clients, service providers or in any other condition of natural person, and other holders of information, is governed by the following usage policies.
If you are related to any of our databases, it is because you have had or maintain a relationship with GERLEINCO SA
Information of the data controller:
- GERLEINCO SA Identified with NIT: 860.005.101-9
2. OBJECTIVE
Inform their employees, clients, service providers or in any other condition of natural person that they have provided their personal data to GERLEINCO SA, on the policy of Treatment of personal information and allow the Holders of personal data to exercise their fundamental right to Protection of Personal Data regulated by Law 1581 of 2012, establishing the necessary procedure that they must follow if they wish to know , update, rectify or delete the data found in our databases and / or files.
3. PRIVACY POLICY FOR THE PROCESSING OF PERSONAL DATA
GERLEINCO SA complying with the provisions of Statutory Law 1581 of 2012 and its Regulatory Decree 1377 of 2013, which dictates general provisions for the protection of personal data; adopts this policy for the collection, storage, use, circulation, deletion and all those activities that constitute the processing of personal data, which will be informed to all owners of the data collected or that in the future are obtained in the exercise of the activities and the organization's own services.
For GERLEINCO SA It is vitally important to properly process the data of natural persons who are our current and potential clients, employees, shareholders, partners, pensioners, suppliers and, in general, all natural persons. that due to a commercial relationship they authorize us to continue with the processing of your personal data; The information will be managed under security policies, procedures and standards, the objective of which is to protect and preserve its integrity, confidentiality and availability, regardless of the medium or format where it is stored, its temporary or permanent location, or the way it is stored. in which it is transmitted and / or transferred. We rely on technological tools and implement security practices that include: transmission and storage of sensitive information through secure mechanisms, use of protocols, assurance of technological components, restriction of access to information only to authorized personnel, backup of information, practices of secure software development, among others.
The Integrated Management System GERLEINCO SA will be responsible for responding to update requests or suppression of the information, for this it is arranged the channel habeasdata@gerleinco.com , or by sending a written communication to Carrera 10 N ° 28 -49 15th floor, telephone 282 5200 ext. 157.
In this way, GERLEINCO SA declares that it guarantees the rights of privacy, intimacy, and autonomy, in the processing of personal data, and consequently all its actions will be governed by the principles of legality, purpose, freedom, truthfulness or quality, transparency, access and restricted circulation , security and confidentiality.
Four. DEFINITIONS
For the Processing of personal data, GERLEINCO SA will take into account the following definitions:
to) Authorization: Prior or express and informed consent of the Holder to authorize and allow the Processing of their personal data.
b) Notice of Privacy: Verbal or written communication generated by the person in charge, addressed to the owner for the processing of their personal data, by means of which they are informed about the existence of the information processing policies that will be applicable, the way to access them and the characteristics of the treatment that is intended to be given to personal data.
c) Database: Organized set of personal data that is subject to Treatment.
d) Public data: It is one that is not semi-private, private or sensitive. Among others, are the data related to the marital status of people, their trade or profession, their status as a merchant or public servant. By its nature, public data are those that are contained in public registers, gazettes, bulletins and duly executed judicial decisions not subject to reserve.
and) Sensitive Data: Those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, human rights or that promotes the interests of any political party or that guarantee rights and guarantees of opposition political parties, as well as data related to the health, sex life and biometric data.
F) Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the Treatment of personal data on behalf of the Person Responsible for the Treatment.
g) Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the databases and / or the Treatment.
h) Headline: Natural person whose personal data are subject to Treatment.
i) Treatment: any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
j) Transfer: It takes place when the Person in Charge and / or in charge of the Processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is inside or outside the country.
k) Transmission: Treatment of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible.
5. AREA OF APPLICATION
This manual applies to the treatment of personal data registered in physical or digital documents that it collects and handles. GERLEINCO SA
The data protection regime established in this document will not apply to:
to) The databases or files kept exclusively for personal or domestic purposes. When GERLEINCO SA requires at any time to supply third parties with these databases or files, in advance, it will inform the Holder and request their authorization, according to the provisions contained in Law 1581/12.
b) The databases and files whose purpose is national security and defense, as well as the prevention, detection, monitoring and control of money laundering and financing of terrorism.
c) The databases that are intended and contain intelligence and counterintelligence information.
d) The databases and archives of journalistic information and other editorial content.
and) The databases and files regulated by Law 1266 of 2008, which dictates the general provisions of habeas data and regulates the management of the information contained in personal databases, especially financial, credit, commercial, services and that from third countries and other provisions are dictated.
F) The databases and files regulated by Law 79 of 1993, which regulates the conduct of Population and Housing Censuses throughout the national territory.
6. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
In the development, interpretation and application of this document, the following principles will be applied, in a compliant and comprehensive manner:
to) Principle of purpose: The procedure for Treatment of personal data collected by GERLEINCO SA must be informed to the Holder.
b) Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
c) Principle of truthfulness or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. Processing of partial, incomplete, fractional or misleading data is prohibited.
d) Principle of transparency: In the Treatment, the right of the Holder to obtain from the Responsible at any time and without restrictions, information about the existence of data concerning him must be guaranteed.
and) Principle of access and restricted circulation: Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the holders or authorized third parties.
F) Safety principle: The information subject to Treatment by the Responsible Party, must be handled with the technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
g) Principle of confidentiality: All persons who intervene in the processing of personal data that are not public in nature are obliged to guarantee the reservation of the information, even after the end of their relationship with any of the tasks that the processing comprises.
7. RIGHTS OF INFORMATION HOLDERS
In accordance with the provisions of Law 1581 of 2012, the Holder of personal data will have the following Rights:
to) Know, update and rectify your personal data in front of those responsible or in charge of the Treatment.
b) Right to request proof of the authorization granted for the Treatment of your personal data.
c) Be informed by the Treatment Manager or the Treatment Manager, upon request, regarding the use that has been given to your personal data.
d) File complaints with the Superintendency of Industry and Commerce.
and) Revoke the authorization granted or the deletion of the data.
F) Free access to your personal data that have been subject to Treatment.
8. DUTIES OF THE RESPONSIBLE FOR THE INFORMATION
GERLEINCO SA, undertakes to comply with the following duties, in relation to the processing of personal data:
to) Guarantee the owner of the information, at all times, the full and effective exercise of the right to habeas data.
b) Keep a copy of the respective authorization granted by the owner.
c) Properly inform the owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted.
d) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
and) Process the queries and claims made by the holders of the information in the terms indicated by articles 14 and 15 of Law 1581 of 2012.
F) Inform at the request of the Owner about the use given to their data.
g) Refrain from circulating information that is being controversial by the owner and whose blocking has been ordered by the Superintendency of Industry and Commerce.
h) Allow access to information only to authorized persons.
i) Inform through the means that it considers pertinent the new mechanisms that it implements so that the holders of the information make their rights effective.
j) Inform the Superintendency of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the Holders.
k) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
9. AUTHORIZATION
GERLEINCO SA, In its capacity as Responsible for the processing of personal data, it has had the necessary mechanisms to obtain the authorization of the holders, guaranteeing in any case that it is possible to verify the granting of said authorization.
10. FORM AND MECHANISMS TO GRANT THE AUTHORIZATION
GERLEINCO SA has defined the Authorization format for the collection and processing of personal data; This will be obtained by any of the following means: customer registration, supplier registration, personnel selection processes, general registration of a natural person for any other condition different from the above.
INQUIRIES AND COMPLAINTS
The process responsible for the attention of queries, requests and claims before which the Holder can exercise his rights to know, update, rectify, delete the data or rectify the Authorization in the terms of law, will be the Integrated Management System of GERLEINCO SA, for this the channel is arranged habeasdata@gerleinco.com , or by sending a written communication to Carrera 10 N ° 28 -49 15th floor, telephone 282 5200 ext. 157.
Queries
to) The Owner, authorized third party or attorney-in-fact may consult the information of the Owner that resides in the database.
b) The communication must contain at least the date of the request, a photocopy of the identification document, address and telephone number for notification purposes; for the representative of the Holder, document that accredits the representation, if it is the case.
c) To exercise this right by electronic means, the Owner, authorized third party or attorney-in-fact may formulate the query through the email addressed by GERLEINCO SA: habeasdata@gerleinco.com attaching a scanned copy of the identification document.
d) The person interested in exercising this right must, in any case, use a means that allows proof of sending and receiving the request.
and) The query will be answered within a maximum term of ten (10) business days from the date of receipt.
F) When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.
Claims
to) The Holder who considers that the information contained in the database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in the law, they may file a claim before GERLEINCO SA
b) The claim will be made through a written request addressed to GERLEINCO SA and the communication must contain at least the date of the request, a clear and precise description of the facts that give rise to the claim, a photocopy of the identification document, address and telephone number for notification purposes.
c) The person interested in exercising this right must, in any case, use a means that allows proof of sending and receiving the request. Whatever the means used to exercise this right; GERLEINCO SA will attend the request as long as the claim meets the required requirements.
d) If the claim is incomplete, the applicant will be required within five (5) days after receiving the claim to correct the faults. After two (2) months from the date of the request, if the applicant has not submitted the required information, it will be understood that he has withdrawn the claim.
and) The maximum term to attend the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.
F) In accordance with the established law guidelines, before going to the Superintendency of Industry and Commerce, the Holder must initially process his claim with GERLEINCO SA , filing your request in Carrera 10 N ° 28 -49 piso 15, telephone 282 5200 ext. 157.
DATA UPDATE RECTIFICATION, UPDATE OR DELETE
For the rectification, update or deletion of data, a request must be sent via email habeasdata@gerleinco.com , or by sending a written communication to Carrera 10 N ° 28 -49 15th floor, telephone 282 5200 ext. 157, indicating the corrections to be made and providing the documentation that supports the request.
REQUIREMENTS FOR THE PROCESSING OF SIGNIFICANT DATA
Processing of sensitive data is prohibited, except when:
to) The Holder has given his explicit authorization to said Treatment, except in cases where the granting of said authorization is not required by law.
b) The Treatment is necessary to safeguard the vital interest of the owner and he is physically or legally incapacitated. In these events, the legal representatives must grant their authorization.
c) The Treatment is carried out in the course of legitimate activities and with the due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or union, provided that they refer exclusively to its members or to people who maintain regular contact for reasons of its purpose. In these events, the data may not be provided to a third party without the authorization of the Owner.
d) The Treatment refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process.
and) The Treatment has a historical, statistical or scientific purpose. In this event, the measures leading to the suppression of the identity of the Holders will be taken.
Personal data of children and adolescents:
F) The Processing of personal data of minors or adolescents by GERLEINCO SA, It will be carried out while always respecting the best interests of children and adolescents, ensuring respect for their fundamental rights.
g) Any person responsible or legal representative involved in the Processing of the minor's personal data, must always ensure the proper use of this type of personal data.
h) GERLEINCO SA As responsible for the Treatment of personal information, it respects each and every one of the rights established in the Colombian Political Constitution, Law 1581 and Decree 1377 of 2013.
i) In conclusion, the data of children and adolescents can be subject to Treatment by GERLEINCO SA, as long as the prevalence of their fundamental rights is not put at risk and the fulfillment of the principle of their best interests is unequivocally responded to, the specific application of which refers to administrative issues of social security afflictions.
TREATMENT AND PURPOSE OF THE DATABASE
The personal data of employees, customers, service providers or in any other condition of natural person who have provided their personal data to GERLEINCO SA, will be subjected to the following treatments: collection, storage, use and administration.
DATABASE
DESCRIPTION
PURPOSE
DATA COLLECTION MECHANISM
Employees
Automated databases that contain data of the natural persons who are labor related to the Organization.
Labor Payments (Payroll, benefits, social security), accounting records.
Hiring support and employment history.
CV
Customers
Automated databases that contain data of the natural persons who access the services of the Organization.
Billing collection, accounting records, refunds
Customer registration.
Providers
Automated databases that contain data of the natural persons who maintain a contractual and commercial link with the Organization.
Record of Invoices, Accounting records.
Supplier registration.
Partners / shareholders
It is the base that contains the data information
Basics of the Partners or shareholders of the Organization.
Accounting records.
SECURITY OF THE INFORMATION
GERLEINCO SA, will adopt all the technical, human and administrative measures that are essential to guarantee security to its databases, avoiding adulteration, loss, consultation and unauthorized or fraudulent access.
Among others, the security measures adopted include, but are not limited to:
to) Encrypt the provision of our services using security protocols.
b) Establishment of confidentiality agreements with employees that go beyond the duration of the contract.
c) Implementation of security processes to verify the identity of the people who access the information either physically or electronically.
d) Permanent updating of security measures to adapt them to current regulations.
and) Adoption of firewall security systems, Proxy and detection of unauthorized access.
F) Network and information protection through the use of antivirus and antispyware.
g) Periodic monitoring of suspicious activities and physical and electronic maintenance of the databases.
h) Internal restriction of access to databases only to authorized personnel.
ASSOCIATED DOCUMENTS
Notice of Privacy
Authorization for the processing of Personal Data
Confidentiality agreement
APPLICABLE LEGISLATION
This manual is prepared taking into account the provisions contained in Law 1581 of 2012 “By which general provisions for the protection of personal data are issued” and Decree 1377 of 2013 “By which Law 1581 of 2012 is partially regulated” , as well as the other norms that modify, add, substitute or regulate them
MODIFICATIONS AND UPDATES.
Any change to the identification of the Responsible or purpose of the Treatment that affects the content of the authorization, will be communicated in a timely manner to the owners of the data through the usual means of contact. If the change is related to the purpose of the Treatment, a new authorization will be requested.
The aforementioned databases will be in force as long as GERLEINCO SA carry out the activities of its corporate purpose.