Your cart
There are no more items in your cartCORPORATE MANUAL OF POLICIES AND PROCEDURES FOR THE PROCESSING OF PERSONAL DATA INTERSECTIO S.A.S.
1. Legal Context.
The processing of personal data is carried out in compliance with the Statutory Law on Data Protection (Law 1581 of 2012), more specifically s articles 17 (k) and 18 (f), articles 15 and 20 of the Political Constitution of Colombia and article 13 of Law 1377 of 2013. which regulates the previous Law.
This Corporate Manual of Policies and Procedures for the Processing of Personal Data WEB shall be applicable to all data collected by the Data Controllers.
2. Concepts
The concepts defined below are, in essence, those contained in Decree 1377 of 2013 in its third article.
Authorization: Prior, express and informed consent of the Owner to carry out the processing of personal data.
Privacy Notice: Verbal or written communication generated by the Data Controller, addressed to the Owner for the processing of their personal data, informing them about the existence of the information processing policies that will be applicable to them, the way to access them and the purposes of the processing that is intended to be given to the personal data.
Database: An organized set of personal data that is processed.
Personal data: Any information linked or that may be associated with one or more specific or determinable natural persons.
Public data: This is data that is not semi-private, private or sensitive. Public data includes, but is not limited to, data relating to the marital status of individuals, their profession or trade, and their status as a trader or public servant. By their nature, public data may be contained, among others, in public registers, public documents, official gazettes and gazettes, and duly enforceable court judgments that are not subject to confidentiality.
Sensitive data: Sensitive data is understood to be data that affects the privacy of the Data Subject or whose improper use may lead to discrimination, such as data that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social or human rights organizations or that promotes the interests of any political party or that guarantee the rights and guarantees of opposition political parties. as well as data relating to health, sex life, and biometric data.
Data Processor: A natural or legal person, public or private, who, by s itself or in association with others, carries out the processing of personal data on behalf of the Data Controller.
Data Controller: A natural or legal person, public or private, who, on s own or in association with others, decides on the database and/or the processing of data.
Data Subject: Natural person whose personal data is processed.
Transfer: The transfer of data takes place when the Data Controller and/or Data Processor, located in Colombia, sends the information or personal data to a recipient, who is also a Data Controller and is located inside or outside the country s.
Transmission: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a processing by the processor on behalf of the Data Controller.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or erasure.
3. Acceptance of the Corporate Manual of Policies and Procedures for the Processing of Personal Data WEB.
In accordance with article nine of the Statutory Data Protection Law, any processing of personal data will require prior authorization from the Data Controller. The owners understand that whoever provides information considered as personal data, expressly accepts that these will be processed by INTERSECTIO S.A.S.
as set forth herein.
The same norma establishes that no authorization will be required for the processing of the following data.
• Data of a public nature.
• Information that is required by authorities in the exercise of their functions through s administrative acts, court rulings or any other legal act.
• Data related to the Civil Registry of persons.
• Cases of medical or health emergency.
• Processing of information authorized by law for historical, statistical or scientific purposes.
4. Responsible parties
The databases covered by this policy are the responsibility of INTERSECTIO S.A.S. (hereinafter referred to as "The Data Controller") whose contact details are as follows:
Addresses: Calle 1 B Sur No. 38 10 in Medellín, Antioquia.
Email: info@lasus.com.co
5. Purposes of the processing of personal data
In the ordinary course of its business, the Data Controller processes the personal data of natural persons, contained in databases for legitimate purposes, in compliance with the Constitution and the Law.
In "Annex 1. Database Inventory" presents the different databases managed by the Responsible Party, the information and characteristics of each of them.
6. Browsing data
The navigation systems and software necessary for the operation of this website collect personal data, the transmission of which is inherent to the operation of internet systems.
It is possible that the information collected can be used to identify users who use the web systems, even if this data is not collected for that purpose. This data includes the following:
• Domain name of the computer used to access the website.
• Parameters relating to the user's operating system.
• IP address.
• URL
• Date and time.
The above-mentioned data is used solely for the collection of anonymous statistical data, to generate usage and improvement parameters for the website.
7. Cookies or Web bugs
The website that is the subject of this policy does not use cookies or web bugs to collect the user's personal data, and only seeks to facilitate access to the website. Login cookies, which are not permanently stored on the user's computer, are only limited to collecting technical information to identify the user's session with the sole purpose of providing secure and adequate access to the website. To reject or delete cookies, you can configure your computer to do so by disabling the c Java Script code in your browser's security settings.
8. Rights of the Owners
In accordance with Articles 21 and 22 of Decree 1377 of 2013 and Article 8 of the LEPD, the holders of personal data have rights that they can use in relation to the processing of their personal data, which may be exercised by the following:
1. By the Data Controller, who must provide sufficient proof of identity by the various means made available by the Data Controller.
2. By their successors, who must prove such quality.
3. By the representative and/or attorney-in-fact of the Owner, after accrediting the representation or power of attorney.
4. By stipulation in favor of another and for another.
The rights of children or adolescents shall be exercised by the persons who are authorized to represent them.
The rights that the owners have in relation to the processing of their personal data are:
• Right of access or consultation: This is the right of the Data Controller to be informed by the Data Controller, upon request, regarding the origin, use and purpose of their personal data.
• Grievance and grievance rights: The Act distinguishes four types of grievances:
• Claim for correction: This is the right of the Owner to have updated, rectify or modify any partial, inaccurate, incomplete, fragmented, misleading data, or data whose processing is expressly prohibited or has not been authorized.
• Deletion claim: This is the right of the Owner to have data that is inadequate, excessive or that does not respect constitutional and legal principles, rights and guarantees deleted.
• Revocation claim: This is the right of the Owner to revoke the authorization previously given for the processing of their personal data.
• Infringement claim: This is the right of the Owner to request that the breach of the regulations on Data Protection be rectified.
• Right to request proof of the authorization granted to the Data Controller: Except when expressly excepted as a requirement for processing in accordance with the provisions of article 10 of the LEPD.
• Right to file complaints of infringements with the Superintendence of Industry and Commerce: The Owner or successor in title may only raise this complaint once the consultation or claim procedure has been exhausted before the Data Controller or Data Processor.
9. Holders' contact
The Data Protection Officer shall be responsible for requests, queries and complaints. The owners of the processed data may exercise their rights before this officer.
• Address: Calle 1 B Sur No. 38 10 in Medellín, Antioquia
• Email: info@lasus.com.co
10. Exercise of rights
10.1. Right of access or consultation
The owner will be able to consult their personal data free of charge in the following cases.
1. Once every calendar month.
2. Whenever there are substantial changes in El Resposan's data processing policies.
For consultations that have a frequency greater than that set forth in the first paragraph of this article, the Data Controller may charge the holder the costs of shipping, reproduction and, if applicable, certification of documents.
The right set forth in this paragraph may be exercised by the holder by submitting a written request to INTERSECTIO S.A.S. identified with the NIT 901.065.664-8 to the address at Calle 1 B Sur No. 38 10 in Medellín, Antioquia; by s by post sent to the address listed above, or by e-mail to the address: info@lasus.com.co indicating in the Subject "Exercise of the right of access or consultation". The application must contain the following information:
Name and surname of the Owner.
Photocopy of the Holder's C Citizenship card and, if applicable, of the person representing him/her, as well as the document accrediting such representation.
Request specifying the request for access or consultation
Address for notifications, date and signature of the applicant.
If applicable, the documents that accredit the consultation carried out.
By making this clear in the application, the information may be requested in any of the following ways.
On-screen display.
In writing, with a copy or photocopy sent by registered mail or not.
Telecopying.
E-mail or other electronic means
Another system appropriate to the configuration of the database or the nature of the processing, offered by INTERSECTIO S.A.S.
Once the request has been received, the Responsible Party will have a maximum period of ten (10) business days to resolve the request. In the event that it is not possible to resolve the request within the stated period, the applicant will be informed of the reason for this, and the Responsible Party will have a period of five (5) working days plus s, in accordance with article 14 of the LEPD.
10.2. Rights of complaints and grievances
The right set forth in this paragraph may be exercised by the holder by submitting a written request to INTERSECTIO S.A.S. identified with the NIT 901.065.664-8 to the address at Calle 1 B Sur No. 38 10 in Medellín, Antioquia; by s by post sent to the address listed above, or by e-mail to the address: info@lasus.com.co indicating in the Subject "Exercise of the right of access or consultation". The application must contain the following information:
• Name and surname of the Owner.
• Photocopy of the Holder's C Citizenship Certificate and, if applicable, of the person representing him/her, as well as the document accrediting such representation.
• Description of the facts and request in which the request for correction, deletion, revocation or infringement is specified.
• Address for notifications, date and signature of the applicant.
• Documents accrediting the request made that you wish to assert, when applicable.
If the complaint is incomplete, the interested party will be required within five (5) days of receipt of the complaint to correct the defects. If two (2) months have elapsed from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
Once the complete claim has been received, a legend will be included in the database that says "claim in process" and the reason for it, within a period of no more than two (2) business days. Such legend shall be maintained until the claim is decided.
The Data Controller will resolve the request for consultation within a maximum period of fifteen (15) business days from the date of receipt of the request. When it is not possible to attend to the claim within this period, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
Once the claim process has been exhausted, the Owner or successor in title may file a complaint with the Superintendence of Industry and Commerce.
11. Security Policies
In order to comply with the principle of security enshrined in article 4 (g) of the LEPD, the Data Controller has implemented technical, human and administrative measures necessary to guarantee the security of the records, preventing their adulteration, loss, consultation, use or unauthorized or fraudulent access.
On the other hand, the Data Controller, through the signing of the corresponding data transmission contracts, has required the data processors with whom it works to implement the necessary security measures to guarantee the security and confidentiality of the information in the processing of personal data.
12. International Data Transfer.
In line with Title VIII of the LEPD, the transfer of data to countries that do not have the security conditions established in the aforementioned Law is expressly prohibited. When a country s does not comply with the conditions established by the Superintendence of Industry and Commerce, the transfer of data to this country will be understood to be prohibited s The conditions of the country s to which the data are to be transferred may in no case be lower than those established by the LEPD. The transfer of data to third countries shall not be prohibited when:
• You have given your express and unequivocal consent for the transfer.
• Exchange of medical data, when required by the Owner's processing for reasons of health or public hygiene.
• Bank or stock market transfers, in accordance with the applicable legislation.
• Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
• Transfers necessary for the execution of a contract between the Data Controller and the Data Controller, or for the execution of pre-contractual measures, provided that the Owner has been authorized.
• Transfers legally required to safeguard the public s interest, or for the recognition, exercise or defense of a right in a judicial process.
In cases where the exception is not contemplated, the Superintendence of Industry and Commerce will announce the verdict on the possibility or prohibition of the transfer of data to third countries. The official in charge shall be empowered to request the necessary information, as well as to carry out the necessary steps to determine the viability of the operation.
As long as there is a data transfer contract between the Data Controller and a processor located outside the Colombian territory, the consent or authorization of the owner will not be required.
13. Term
The databases processed by the Data Controller will be processed for the time required for the purpose for which these data are collected. When the purpose or purposes for which the data were collected have been fulfilled, without prejudice to the provisions of other legal regulations, the Data Controller will proceed to the total deletion of the data, unless there is any legal or contractual obligation to keep them in custody.