PERSONAL DATA PROCESSING POLICY

Generalities

This document establishes the Personal Data Treatment Policies of Splendor Proteas, LLC, in compliance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, and it describes the mechanisms through which THE COMPANY guarantees proper handling of the personal data collected in its databases, in order to allow the holders to exercise the right of Hábeas Data.

 

Definitions

 

  • Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data. 
  • Database: Organized set of personal data that is subject to Treatment.
  • Personal data: Any information linked to or that may be associated with one or more specific or determinable natural persons.
  • Person in charge: Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of personal data on behalf of the Person Responsible for the Treatment.
  • Responsible: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data.
  • Owner: Natural person whose personal data is subject to Treatment.
  • Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
  • Principle of legality: The processing of personal data is a regulated activity that must be subject to the provisions of the law and the other provisions that develop it.
  • Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder.
  • Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
  • Principle of truthfulness or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fractioned or misleading data is prohibited;
  • Principle of transparency: In the Treatment, the right of the Holder to obtain from the Treatment Manager or the Treatment Manager, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed.

 

Principle of access and restricted circulation:

 

Treatment is subject to the limits derived from the nature of personal data, the provisions of the law and the Constitution. In this sense, the Treatment can only be done by persons authorized by the Holder and / or by the persons provided for by law. Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, Unless access is technically controllable to provide restricted knowledge only to Holders or authorized third parties in accordance with the law.

Security principle: The information subject to Treatment by the Treatment Manager or Person in Charge of Treatment must be handled with the technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or access not authorized or fraudulent.

Principle of confidentiality: All persons who intervene in the Processing of personal data that are not public are obliged to guarantee the reservation of the information, even after the end of their relationship with any of the tasks that the Treatment comprises, being able only carry out supply or communication of personal data when this corresponds to the development of the activities authorized by law and in the terms of the same.

Database content

General information such as full name, number and type of identification, gender and contact information (email, physical address, landline and mobile phone) is stored in the COMPANY’s databases. In addition to these, and depending on the nature of the database, the institution may have specific data required for the treatment to which the data will be submitted. In the databases of employees and contractors, additional information on work and academic history is included, as well as sensitive data required by the nature of the employment relationship (photograph, family group composition, biometric data). Sensitive information may be stored in the databases with the prior authorization of the owner, in compliance with the provisions of articles 5 and 7 of Law 1581 of 2012.

The information that appears in the entity’s databases is subjected to different forms of treatment, such as collection, exchange, updating, processing, reproduction, collection, storage, use, systematization and organization, all of them partially or totally in compliance with the purposes established here. The information may be delivered, transmitted or transferred to public entities, business partners, contractors, affiliates, subsidiaries, solely for the purpose of fulfilling the purposes of the corresponding database. In any case, the delivery, transmission or transfer will be made after signing the commitments that are necessary to safeguard the confidentiality of the information.

In compliance with legal duties, THE COMPANY may provide personal information to judicial or administrative entities. THE COMPANY will ensure the correct use of the personal data of minors, guaranteeing that the requirements are met

applicable laws and that all treatment is previously authorized and justified in the best interests of minors. Purpose The information collected by the institution is intended to allow the proper development of its purpose. In addition, the Institution keeps the information necessary to comply with legal duties, mainly in accounting, corporate, and labor matters. Information about clients, suppliers, partners and employees, current or past, is kept in order to facilitate, promote, allow or maintain relationships of a labor, civil and commercial nature.

 

Rights of the holders

In accordance with the provisions of article 8 of Law 1581 of 2012, the holders may:

 

Know, update and rectify your personal data in front of the ____________ or the Managers. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized.

Request proof of the authorization granted to the COMPANY, except when it is expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of this law.

Be informed by the COMPANY or the Manager, upon request, regarding the use that has been given to your personal data.

Present before the Superintendence of Industry and Commerce complaints for infractions to the provisions of this law and the other regulations that modify, add or complement it.

Revoke the authorization and / or request the deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees. The revocation and / or deletion will proceed when the Superintendence of Industry and Commerce has determined that the COMPANY or the Person in Charge has incurred in conduct contrary to this law and the Constitution.

Free access to your personal data that have been subject to Treatment. Obligations of the COMPANY.

 

For its part, the COMPANY must:

 

Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data.

Request and keep, under the conditions provided in this law, a copy of the respective authorization granted by the Owner.

Properly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

Guarantee that the information provided to the Processor is truthful, complete, accurate, updated, verifiable and understandable. Update the information, communicating in a timely manner to the Treatment Manager, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it is kept updated.

Rectify the information when it is incorrect and communicate the pertinent to the Manager.

Provide the person in charge, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of this law.

Demand from the Manager at all times, respect for the security and privacy conditions of the Owner’s information.

Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and especially, for the attention of queries and complaints.

Inform the Person in Charge when certain information is under discussion by the Holder, once the claim has been submitted and the respective procedure has not been completed.

Inform at the request of the Holder about the use given to their data; Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders.

Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce. Responsible person or area Any request, complaint or claim related to the handling of personal data, in application of the provisions of Law 1581 of 2012 and Decree 1377 of 2013, must be sent to the office of the company located in P.O. Box 223233 Hollywood, FL 33022. 

to email cs@splendorproteas.com or on the phone (786) 436 5415

 

Procedures for submitting and responding to inquiries

 

The owners of personal data that appear in the databases of the COMPANY or their successors in title, may consult the data that the information will provide in the terms provided in the applicable legislation. Any request for consultation, correction, update or deletion must be submitted in writing or by email, according to the information contained in this document. Queries will be answered within a term of ten (10) business days from the date of receipt of the respective request. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

 

Procedures for submitting and responding to inquiries, complaints and claims Claims must be made in writing or by email, according to the information contained in this document, and must contain, at least, the following information: identification of the Holder, description of the facts that give rise to the claim, address of the holder, documentation to be submitted as proof If the claim is incomplete, the interested party will be required within five (5) days after receiving the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn. In the event that whoever receives the claim is not competent to resolve it, it will transfer it to the corresponding person within a maximum term of two (2) business days and will inform the interested party of the situation. Once the complete claim is received, a legend that says «claim in process» and the reason for it will be included in the database, within a term not exceeding two (2) business days. Said legend must be maintained until the claim is decided. The maximum term to attend the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be attended, which in no case may exceed eight (8) business days following the expiration of the first finished.

Validity of the database

 

The databases managed by the COMPANY will be maintained indefinitely, while it develops its purpose, and as long as it is necessary to ensure compliance with legal obligations, particularly labor and accounting, but the data may be deleted at any time at the request of the owner , as long as this request does not contradict a legal obligation or an obligation contained in a contract between the COMPANY and the Holder.