Policy Protection of Personal Data
Through this document, the company KRISPETA SAS, owner of the CORPO brand hereinafter “CORPO” complying with the Colombian law 1581, 2012, Regulatory Decree 1377 of 2013 and other related regulations, implementing its policy Data Processing personal (hereinafter the “Policy”).
CORPO is a commercial company dedicated, as it is stated in its purpose, “the making of clothing and the development of any lawful activity, including exports of goods”
For the execution of the corporate purpose and development of the powers granted by the owners, CORPO performs personal data processing of its customers, loyal customers, wholesale customers, suppliers, employees and shareholders. Data are treated according to the guidelines enshrined in the current legal framework in Colombia; implementing all actions required for compliance with the protection and treatment of all personal data which it is responsible and / or manager, especially looking forward to protect holders rights, such as privacy, good name, to identify their rights and know, update and rectify your data.
1. GENERAL DISPOSITION
A. Responsible ID
KRISPETA S.A.S., identified business partnership with Nit 900306713 – 2 formed through private document on August 12, 2009.
Address: Carrera 48 No. 48 Sur 75 Int 155 Envigado, Antioquia. Medellín,
Teléfono: 57(4) 3224432
CORPO acts as personal data holder under the collection performing data holders. This policy aims to establish the procedures, principles and policies that will CORPO security in order to ensure proper use, storage and processing of personal data are collected.
C. Legal framework
This policy was developed in compliance with Articles 15 and 20 stated in Colombian Political Constitution, Law 1581 of 2012 “Whereby general provisions for personal data protection issued” in the Regulatory Decree 1377 of 2013 and the other rules from time to time add to or modify the subject.
CORPO’s Personal data processing folllows all the principles enshrined in Title II Article 4 of the General System of Personal Data Protection Law 1581 of 2012 and the rules that develop and complement applied.
In accordance with the provisions of Article 3 of Law 1581 of 2012 and Article 3 of Decree 1337 of 2013.
In addition the following terms shall be defined as
• Collection means: Platforms or mechanisms through which performs CORPO collection of personal data.
• Loyal customers: natural person who feels affinity for our brand CORPO and identifies with it, why, maintains a high relationship and contact.
• Major customers: Intermediary of the brands that distributes its products in places or channels where the brand does not arrive or is not interested in coming on their own.
• Company: KRISPETA SAS, a company identified with the NIT 900306713-2 as Responsible for Personal Data Processing.
• Final consumer: Natural person or contact that acquires, uses or potentially acquire the products marketed and distributed by CORPO.
• Contact: Record in the database containing personal data of individuals linked to the different legal entities which relates CORPO.
• Official accounts in Social Networks: Those profiles and / or pages which CORPO is sole owner and manager in a social network.
• Employee or former employee: Natural person with whom CORPO have or had at some point, an employment relationship directly or through a temporary employment agency or worker cooperatives.
• Interest groups: CORPO internal classification defined for handling Holders set according to the nature of the relationship, which are: Clients, loyal customers, wholesale customers, suppliers, employees and shareholders.
• Website: KRISPETA belonging to SAS and identifiable in the following directions that are enabled as acquisition channels Virtual Platform: www.corposwimwear.com
• Suppliers: independent natural or legal persons with CORPO who establishes legal relations – trade.
• Commercial partners: Independent individuals or legal entities whom CORPO has a business relationship with, in order to develop its purpose operation of commercial establishments.
Policy apply for the Treatment of Personal Data Bases which CORPO is responsible and / or Incharge from the date of its publication, leaving no effect over other institutional arrangements that are contrary. Everything not provided on in this Policy shall be regulated according to the Colombian Personal Data Protection General System.
Databases and Policy will have an indeterminate validity period in accordance with the duration of the corporate purpose of CORPO.
2. HOLDERS’ RIGHTS. According to what it contemplated by the current regulations applicable for the personal data protection, the following are the of holders’ rights:
A. Access, get to know, update, rectify and delete your personal data against the charge.
B. Request proof of the authorization granted by the data owner the to the data controller by any means valid.
C. CORPO be inform, upon request, the use given to your Personal Data.
D. Submit to the Superintendency of Industry and Commerce, complaints for violations of the provisions of the law 1581, 2012, prior consultation procedure or requirement to CORPO.
E. Revoke the authorization or request the deletion of data when the treatment not the principles, rights and constitutional and legal guarantees are respected.
F. Free access to personal data that have been processed by the responsible for them.
This set of rights may be exercised by: i) The holder of personal data, ii) the assignees of the Holder of Personal Data, iii) the representative and / or agent of the Holder of Personal Data.
3. CORPO DUTIES AND OBLIGATIONS
CORPO recognize that collected personal data are their owners property and consequently empowered to exercise the rights previously reported the following:
i) The holder of personal data, ii) the assignees of the Holder of Personal Data, iii) the representative and / or agent of the Holder of Personal Data.
CORPO, is responsible and in charge of personal data processing and circulation, however, eventually CORPO may entrust personal data treatment held in order to arrange communication, marketing, promotion, reporting, data update, loyalty plans, programs and special projects to enable compliance with the specific purpose for the Treatment of these, such as: marketing emails or self-service corporate purpose activities development, both physical and digital media; relationships with managers who are subject to the Processing of Personal Data contractual agreement with Personal Data protection, confidentiality, privacy and non-disclosure, pursuant to the purpose of the service provider.
Therefore, CORPO use the personal data for the fulfillment of the purposes expressly authorized by the holder or by current standards. .
Treatment and Protection of Personal Data, CORPO will have the following duties arising from the applicable legislation, without prejudice to other duties under the provisions governing regulate or reach.
• Request and keep a copy of the authorization granted by the Contractor for the processing of personal data.
• Duly inform the Holder on the purpose of the collection and the rights attached thereto, from the authorization granted from.
• Guarantee that the patentee, at all times, full and effective exercise of their rights regarding personal data and its complement of habeas data. Allowing access to information only to people who can access it.
• Ensure that information is accurate, complete, precise, current, verifiable and understandable. In addition, at all times it must prove that the information should correspond to the personal data initially granted for treatment.
• Keep information under physical and digital security conditions to prevent tampering, loss, consultation, use or unauthorized or fraudulent access in addition to any regulated and sanctioned in the law of cybercrime behavior.
• Update timely information, thus taking all the news regarding the holder’s details in a term not less than five (5) working days from receipt of the request. In addition, they should take all necessary measures so that the information is kept up to date. Also must implement a treatment procedure data regarding inquiries and complaints that the Holders may make of it.
• Rectify incorrect information when it is necessary and pertinent communication.
• Respect cardholder security and privacy information.
• Handle inquiries and complaints made under the terms prescribed by law.
• Identify when certain information is under discussion by the Contractor. Consequently, indicate the status of the data when it is in a state of “claim pending” when the Holder raise a complaint about these or “information in legal dispute” when the competent authority notifies officially the status of judicial proceedings that involving CORPO.
• Report, at Contractor request, on the given data use.
• Inform the data protection authority when violations of safety codes and there are risks arise in the management of information Cardmembers.
• Meet the requirements and instructions issued by the Superintendency of Industry and Commerce on the subject in particular.
• Use only data processed is previously authorized in accordance with the provisions of Law 1581 of 2012, Decree 1377 of 2013 and other rules that develop and complement the subject.
• Ensure proper use of personal data of children and adolescents in cases in which it is obtained with the express permission of their legal representative, the processing of data.
• Refrain from circulating information that is being contested by the holder and whose lock has been ordered by the Superintendency of Industry and Commerce or any other competent public entity in this decision.
• Use Personal Data Holder only for those purposes for which is duly empowered and always respecting current regulations on the protection of personal data.
• Respect at all times and for any reason the constitutional right to habeas data regulated by Law 1266 of 2008.
CORPO is empowered to order the Processing of Personal data held in order to make different arrangements regarding their bases, these managers must comply with the following obligations:
a. Guarantee that the patentee, at all times, full and effective exercise of the right of habeas data.
b. Keep information under security conditions necessary to prevent adulteration, loss, see, use or unauthorized or fraudulent access.
c. Update make timely, correct or delete data in the terms established by law.
d. Update the information reported by the controllers within five (5) working days of your receipt.
e. Handle inquiries and complaints made by the Holders under the terms stated in the Act.
f. Adopt internal policy and procedures to ensure proper compliance with regulations concerning the processing of personal data, especially for answering inquiries and complaints from the Holders.
g. Register in Databases legend “claim pending” in the way it is governed by the regulations concerning the processing of personal data.
h. Insert into the database Legend “information on legal discussion” once notified by the competent authority on judicial proceedings related to the quality of personal data.
i. Refrain from circulating information that is being contested by the holder and whose lock has been ordered by the Superintendency of Industry and Commerce.
j. Allow access to information only to people who can access it.
k. Inform the Superintendency of Industry and Commerce as violations of safety codes are presented and there are risks in information management Holders.
l. Comply with the instructions and requirements that imparts the Superintendence of Industry and Commerce.
4. INFORMATION PROCESSING
A. Uptake channels.
CORPO obtain authorization through different means, including physical documents, electronic messages and text data, Internet, Web sites, or any other format that in any case allow the consent by unequivocal conduct through which conclude that just have not worked by the Contractor or the person entitled to it, the data had not been stored or captured in the database. Authorization will be requested by CORPO prior to the Processing of Personal Data.
B. Fields capture information.
Developing the principles of protection of habeas data, the collection of personal data will be limited to those that are relevant and appropriate for the purpose for which they are collected or required by CORPO.
Therefore, they have established different management groups set Headlines, organized according to the nature of the relationship they have with CORPO. These groups are:
• Client: Natural person or contact that acquires, uses or potentially acquire the products marketed and distributed by CORPO.
• Loyal customers: natural person who feels affinity for our brand CORPO and identifies with it, why, maintains a high relationship and contact with it.
• Wholesale customers: Intermediary of the brands that distributes its products in places or channels where the brand does not arrive or is not interested in coming on their own.
• Commercial partners: Independent individuals or legal entities with which CORPO has a business relationship for the development of its corporate purpose in the operation of commercial establishments.
• Employee or former employee: Natural person with whom CORPO have or have had at some point, an employment relationship directly or through temporary employment services or worker cooperatives. This information Interest Group of people who are or were shareholders of CORPO be included.
• Suppliers: independent legal or natural or legal persons associated with CORPO people who have or have had any legal relationship – business.
C. Personal Data use Authorization.
CORPO as Personal Data and Transactional Information controller, obtained data from subjects its clear, prior, express, informed and free of vices Authorization, using forms, data collection formats, electronic forms, text messages or data and other means which provides or may provide for this purpose.
CORPO request holders of personal information Authorization and report the purpose on which the processing of personal data be provided, except in certain cases expressly authorized by Article 10 of Law 1581 of 2012.
D. Prior data collected Authorization to the effective date of this Policy.
For Personal Data collected prior to the effective date of this Policy CORPO have asked for Holders Authorization to continue the processing of personal data in accordance with the provisions of Article ten (10) of the 1377 Act, 2013. This procedure it ran through the mass mailing of an email in which the Holders were informed that their data were being processed by CORPO, informing them of these policies in information and how to exercise their rights.
Furthermore they were informed that, if within thirty (30) working days from the request for authorization to continue the Treatment of Personal Data already collected, the Contractor shall not contact CORPO to request removal of Personal data, CORPO will continue to make the treatment of the data contained in their databases for the purposes stated in the Policy.
E. Revocation of Authorization
Personal data holders might at any time revoke the authorization granted to CORPO for personal data processing or request removal or disposal thereof, provided they do not prevent a legal or contractual provision. CORPO establish simple mechanisms that allow the holder to revoke its authorization or request removal of personal data, at least by the same means by which it granted.
For this, it should be noted that the revocation of consent may be expressed full manner in relation to the authorized purposes, and therefore CORPO shall terminate any activity Data processing and partially in relation to certain types of treatment, in which case will these on those activities cease. In the latter case, CORPO will continue to treat the personal data for those purposes for which the holder has not revoked his consent.
F. Treatment to which the data will be submitted and purposes thereof.
Treatment of Holders’ data whom CORPO have had established a relationship as data controller and transactional information to offer value-added services, will be conducted based on the requirements of the Law 1581 of 2012 and Law 1266 of 2008 in what applicable, and generally to fulfill its purpose. In any case, personal data may be collected and processed for the uses contemplated in this Policy, for which such uses are presented in accordance with the Interest Groups as follows:
• Billing management.
• Response and follow-up management Petitions, Complaints of all kinds.
• loyal customers
• Billing management.
• For the granting of incentives and rewards that promote the sale and use of products, such as discounts, gifts, others.
• Promote and communicate information related benefit programs and campaigns and loyalty, service offerings, both proprietary products and services and third party.
• Develop the corporate purpose of KRISPETA according to its bylaws.
• Consult and treat consumption habits, hobbies and purchase transactions for the supply of own services and third-party or future allies.
• Holders contact data in order to conduct market research.
• Response and follow-up management Petitions, Complaints of all kinds.
• Accompanying buyers and shipping products.
• Sending commercial information, and service.
• Wholesale customers.
• Consultation and information verification with third-party databases or information centers.
• Sending commercial information;
• Sending emails, SMS messages and data;
• Query and report on information centers;
• Sending technical information;
• Track quotes and sales;
• Sending billing;
• Invitation to training programs and logistical coordination of program participation.
• Review and analysis of documents for credit quota allocation;
• Data update.
• Assess credit risk.
• Determine the credit quota, debt capacity and ability to access financing the acquisition of products CORPO.
• Employees or former employees:
• Inquiry via the internal network employee directory.
• own uses of the employment relationship as payments, settlements, memos, reports, social benefits.
• uses own relationship with shareholders of the company.
• Update indicators.
• Share it with third parties related to benefit the employee or former employee’s request.
• Data update.
• Overtaking recruitment processes.
• Creation and tracking purchase orders.
• Claims attention.
• Statistical analysis.
• Request for proposals and quotations.
• Sending and requesting information on product performance.
• Commercial contact for procurement and contracting.
• Share with related third parties.
• Data update.
• Management payment to suppliers.
In any case, it should be understood that the organization of the use of information in Stakeholders is purely descriptive and not limitative purposes, because each of the uses described in this paragraph, may be applied to any of the holders provided respect Capture the Champs stipulated
5. SECURITY MEASURES.
CORPO, in order to care of the personal data obtained through authorized channels by third parties mentioned in this Policy, has ordered security measures used and implemented in relation to its own information and allow reasonably conclude that there is adequate documentary models management and data protection to adequately fulfill their legal obligations regarding the care and custody of third party information.
CORPO deployed various security mechanisms to guard and to avoid damage, loss or leakage of information databases.
Database is in own servers with proper controls physical access among which are limiting access to key personal income, only it has a copy of the database and is only stored in the hard drive of the person who uses it, and also stored in a shared file in Google Drive, which only authorized access management.
There are protective measures adopted by each of the departments of CORPO
The first is described as digital barriers, in which the user must authenticate at the workstation.
The second represents the physical barriers guarding access to the media containing the databases. For this the staff is first identified at company’s gate and identification is requested by different employees in order to entry the facilities. Third parties must report No. identity card and register with the goal of the office complex to be authorized. Income is recorded by video surveillance cameras.
Additional password policies which secure keys of at least 12 digits are generated and characters suitable for not decrypted easily implemented
6. PETITIONS, COMPLAINTS AND INQUIRIES PROCEDURE
The procedures described below may only be exercised by the Contractor, its successors or representatives, provided that the identity or representation has first been established.
Procedure requests, inquiries and complaints concerning the matter may be made through the following official channels:
– Email: email@example.com
– Application sent to: Carrera 48 No. 48 Sur 75 Int 155 Envigado, Antioquia. Medellín
a. Procedure for exercising personal data holder’s right.
In all proceedings the Contractor or their representatives They should indicate at least the following information:
Name of owner
Type of requirement
b. Procedure for consultation on the Data Processing by their owners.
CORPO provides the best means for consultation by Holders of Personal Data on the treatment of their data, which will be reported within the collection forms Personal Data. The terms to resolve queries are those specified by Article 14 of Law 1581 of 2012.
c. Procedure to correct, update, correct or delete the data.
CORPO pursuant General Provisions on the Protection of Personal Data, will proceed to correct, update, correct or delete personal data upon Holder or his representative request. in the terms stated in paragraph 6.1 of this Policy. The procedure will be set forth in Article 15 of the General Provisions on the Protection of Personal Data. CORPO train responsible for answering inquiries and complaints about the procedural process pointing Law.
CORPO will not agree to the request made by the holder or his representative delete personal data, where there is a legal or contractual obligation for them to remain in the respective database.
d. Procedure to revoke the authorization given to CORPO to process personal data.
The owner of the Personal Data or its representative or authorized people may revoke the authorization given for personal data processing, raising an application to the controller in the terms of paragraph 6.1 of this Policy.
PARAGRAPH: Procedures described in the preceding paragraphs within the numeral 6, will be serviced within a maximum period of ten (10) business days from the date of receipt of the request, query or complaint in the main address or register their application official channels CORPO Care. When it is not possible to fully satisfy the request within such time, it will inform the person concerned, stating the reasons for the delay and indicating the date the request will be addressed, which in no case can exceed five (5) working days expiration of the first term.
If the request is about personal data treatment and this claim is incomplete, the Contractor will be required within five (5) days business days following the receipt of the complaint to remedy faults. If it takes two (2) months from the date of request, without the applicant presents the required information is deemed to have abandoned the claim.
In the case that the claims reciepient is not competent to solve it shall transmit to the appropriate within a maximum term of two (2) working days and report the situation to the person concerned.
Upon completed claim, the record associated with the Personal data holder state will be “Idle” and will be included in the database with the legend “claim process”. It will also have a customer request type “Claim” associated to the record, allowing to observ the reason for it. Within a period not exceeding two (2) business days. The legend will stay until the claim is decided.
The maximum term to address any claim will be fifteen (15) working days from the day following the date of its receipt. When it is not possible to meet the demand within that period, it shall inform the person concerned the reasons for the delay and the date on which the report will be addressed, which in no case exceed eight (8) working days following the expiry of the first finished.
7. UPDATING OF DATABASES.
CORPO, update their databases permanently, in accordance with the provisions of Law 1581 of 2012.
8. DATA PROCESSING OF CHILDREN AND TEENS.
In the Processing of Personal Data CORPO ensure respect for the prevailing rights of minors (children and adolescents). For this reason should collect them will comply with what is stated in Article 7 of Law 1581 of 2012 and other related provisions on the subject.
9. DATA TRANSFERS FOR TREATMENT BY THIRD NATIONAL AND INTERNATIONAL.
CORPO, can transmit or transfer partially or totally personal data and transactional information to third parties in the country or abroad, developing its corporate purpose, for which requested owner’s permission and implements the necessary actions for the compliance with regulatory provisions enshrined in Colombian law, by subscribing Transfer agreements and Processing of Personal Data.
10. PROCEDURE CARE OF PETITIONS, COMPLAINTS OR CLAIMS.
CORPO, through its Coordinated (a) Customer Service has provided some mechanisms for receiving any request, complaint or claim made by the holders of personal data that are processed and consecrated are in their bases Data. Such requests, complaints or claims will follow the procedure established in the system attention given CORPO protection, which is enshrined in section 5.1 of this Political.
11. PROCEDURE FOR CHANGES TO POLICY.
For modifying this policy a joint decision by officials CORPO the following is required:
– Commercial address.
Each modification is written evidence signed by the members will leave, and changes to the policy will be mandatory and immediate compliance.
This policy is effective as of the date of publication and leaves no effect other institutional arrangements that are contrary. Not provided for in this Policy shall be regulated according to the General System of Personal Data Protection in force in Colombia.