Content of the Data Processing Policy.
- The object of the data treatment policy.
- Scope of the data processing policy.
- Definitions were applicable to the data treatment policy.
- The regulatory framework in data processing policy.
- Who is the data treatment policy addressed to?
- Principles of the data protection policy.
- General provisions for obtaining data handling authorization.
- Purpose of data processing.
- Deletion of the data and/or revocation of the authorization.
- Request for information and/or update of the data collected.
- Rights of the holders.
- Area in charge of data processing.
- Communication channels.
- Duties of those responsible for the treatment.
- Other provisions.
- Modifications and/or additions to the treatment policy.
- OBJECT OF THE DATA PROCESSING POLICY.
SOFTWARE DEVELOPERS GROUP LTDA discloses the manual, which aims to protect and strictly comply with the constitutional and legal mandate, with users, customers, employees, suppliers, and generally all people. To know, update, verify and/or delete data that has been collected with prior authorization by the COMPANY in its database or files in general, in the fulfillment of social order and trade, and its treatment is at the head of it, thus defining the guidelines and parameters for the correct implementation, maintenance, and continuous updating with the current and supervening normality to consolidate an effective program of protection of personal data by SOFTWARE DEVELOPERS GROUP LTDA.
- SCOPE OF THE DATA PROCESSING POLICY.
SOFTWARE DEVELOPERS GROUP LTDA hereinafter the COMPANY determines the scope of the data protection manual, and this is to provide total, efficient and optimal coverage for each of our users, clients, employees, suppliers, and, in general, all people. In the procedures and activities that arise from the handling, possession, and collection of personal data, of those who have or have had a relationship with the company.
- DEFINITIONS APPLICABLE TO THE DATA PROCESSING POLICY.
To make a correct interpretation of the policies and applications contained in this manual, we suggest you take into account the following concepts and definitions.
a) Authorization: Prior, express, and informed consent of the Holder to carry out the Processing of personal data.
b) Notice of P Privacy Setting: verbal communication or written to be performed responsible for capturing the data, addressed to the holder of the right for the proper handling of personal information by which you are informed about the existence of treatment policies of information that will be applicable, the way to access them and the purpose that is intended to give the data that is going to be collected.
c) Responsible or Person in Charge of Treatment, natural or legal, public or private person who, by itself or in association with others, decides, manages, retains, carries out, or administers the database or the treatment thereof for this manual. BUSINESS.
d) Database: Organized set of personal data that is subject to Treatment.
e) Personal data: Any information linked or that may be associated with one or more natural persons is determined or determinable.
f) Public Data: It is the data that is not semi-private, private, or sensitive. Public data are considered, among others, data related to the marital status of people, their profession or trade, and their status as a merchant or public servant. By its nature, public data may be contained, among others, in public records, public documents, official gazettes and gazettes, and court decisions.
g) Sensitive data: Those data that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
h) Owner: Natural person whose personal data are subject to Treatment, these may be as: clients, users, employees (active and inactive), suppliers, or any third party whose data resides in the database or the general file of the business.
i) Treatment: Any operation or set of operations on personal data, such as collection, storage, use, movement, or deletion.
j) Treatment policy: refers to this document applied jointly and harmoniously with the current legal system.
- REGULATORY FRAMEWORK IN DATA PROCESSING POLICY.
SOFTWARE DEVELOPERS GROUP LTD in order to provide adequate processing of personal data has articulated the following regulatory framework is clear from what is commanded in the political constitution until regulated in treaties, laws, and decrees in force. In which they fall, both the rights of the holders of personal data, such as the duties of those stored such data. Those who must work in perfect harmony to any involvement or violation is not generated.
- Article 15, political constitution of Colombia: ”(…) All people have the right to their personal and family privacy and to their good name, and the State must respect them and ensure that they are respected. In the same way, they have the right to know, update and rectify the information that has been collected about them in data banks and in files of public and private entities. In the collection, processing, and circulation of data, freedom and other guarantees enshrined in the Constitution will be respected. Correspondence and other forms of private communication are inviolable. They can only be intercepted or registered by judicial order, in the cases and with the formalities established by law. For tax or judicial purposes and for cases of inspection, surveillance, and intervention of the State, the presentation of accounting books and other private documents may be required, under the terms established by law. ( …) ”.
- Law 1266 of 2008 By which the general provisions of habeas data are dictated and the handling of the information contained in personal databases is regulated, especially financial, credit, commercial, services and that from third countries and are dictated other provisions.
- Law 1581 of 2012 By which general provisions are issued for the protection of personal data.
- Decree 1377 of 2013 Partially regulates Law 1581 of 2012.
- Decree 886 of 2014 Regulates the article of Law 1581 of 2012 regarding the national registry of databases.
And other current legal provisions that modify, add or complement what concerns the protection of personal data.
- TO WHOM THE DATA PROCESSING POLICY IS ADDRESSED.
The present policy of data processing is for those who have nor have no relationship with the company and are regarded as holders of the rights to which the law refers. These can be such as clients, users, employees (active and inactive), suppliers, or any third party whose data resides in the database or the general file of the company.
- PRINCIPLES OF THE DATA PROTECTION POLICY.
SOFTWARE DEVELOPERS GROUP LTDA, Seeking the perfect harmony between the current legal provisions, welcomes and applies the guiding principles on the processing of personal data, provided in article 4 of Law 1581 of 2012 that provide:
ARTICLE 4 °. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA. In the development, interpretation, and application of this law, the following principles will be applied, harmoniously and comprehensively:
a) Principle of legality regarding data processing: The processing referred to in this law is a regulated activity that must be subject to what is established in it and in the other provisions that develop it;
b) Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder;
c) Principle of freedom: Treatment can only be exercised with the prior, express, and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent;
d) Principle of truthfulness or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable, and understandable. Processing of partial, incomplete, fractional, or misleading data is prohibited;
e) Principle of transparency: In the Treatment, the right of the Holder to obtain from the Treatment Manager or the Treatment Manager, at any time and without restrictions, information about the existence of data concerning him or her must be guaranteed;
f) Principle of access and restricted circulation: Treatment is subject to the limits derived from the nature of the personal data, the provisions of this law, and the Constitution. In this sense, the Treatment can only be done by persons authorized by the Holder and/or by the persons provided for in this law;
Personal data, except public information, may not be available on the Internet or other means of dissemination or mass communication unless access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties in accordance with this law;
g) Principle of security: The information subject to Treatment by the Treatment Manager or Person in Charge of Treatment referred to in this law, must be handled with the technical, human, and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access;
h) Principle of confidentiality: All persons who intervene in the processing of personal data that are not public are obliged to guarantee the reservation of the information, even after the end of their relationship with any of the tasks that the Treatment comprises, being able to only supply or communicate personal data when this corresponds to the development of the activities authorized in this law and in the terms of the same.
- GENERAL PROVISIONS TO OBTAIN DATA HANDLING AUTHORIZATION.
SOFTWARE DEVELOPERS GROUP LTDA, acting in accordance with the provisions of Article 5 of Decree 1377 of 2013, and as the person responsible for handling personal data, has developed an authorization form for handling personal data and has adopted procedures to request them. , this in order to make available to customers, users, employees, suppliers, and interested third parties, the information of what type of which are personal data will be collected by the company, as well as inform the purpose of these.
The authorization given by the owners, for the respective data processing can be carried out through different means, these are:
- In writing, with the completion of the forms made available by the company to the interested parties.
- Orally, this is through the different communication channels of the company, where the user will be informed if they authorize the handling and collection of their personal data.
- Unequivocal behaviors, series of acts carried out by the user or interested party that allows inferring that they authorize the capture of the handling of their personal data. In no way will the company interpret silence as unequivocal conduct.
In order to effectively comply with the provisions of the legal system, the company will store the evidence of said authorizations in a complete and adequate manner, respecting the principles of privacy and confidentiality of the information.
Likewise, and in accordance with the provisions of Article 10 of Law 1581 of 2012, the authorization of the owner will not be required when it comes to:
- Information required by a public or administrative entity in the exercise of its legal functions or by court order.
- Data of a public nature.
- Cases of medical or health emergency.
- Treatment of information authorized by law for historical, statistical, or scientific purposes.
- Data related to the civil registration of people.
In the same way, the company has established channels so that all those owners of data are collected by the company as the data controller. They may request the authorization that has not been granted for the processing of data or the deletion of the same to be revoked.
- PURPOSE OF THE TREATMENT.
SOFTWARE DEVELOPERS GROUP LTDA, in order to effectively comply with the current legal system, will specify the purpose of the personal data that it has collected, that it handles, uses, and exceptionally puts it into circulation. In compliance with the corporate and commercial purpose, which will be:
- Inform about changes in products and/or services.
- Provide products and/or services.
- Evaluate the quality of products and/or services.
- Achieve efficient communication related to its products, services, offers, alliances, studies, contests, content, as well as those of its related companies, and facilitate general access to their information.
- Verify them by consulting public databases or risk centers.
- Prepare statistical studies.
- Prepare market studies.
- Advance commercial agreements, institutional programs or events that are carried out directly with the company or with third parties.
- Send information on activities carried out by the company or relevant, important or interesting information through the different channels provided by the company.
- To comply with the obligations contracted with users, clients, employees, former employees, suppliers or anyone who has or has had a relationship with the company.
- Offer and guarantee the correct execution of the contract entered into with the owner of the personal data.
- Correct execution of the corporate and commercial purpose.
- Support the company's audit processes.
- Share with third parties who collaborate with the company and who, for the correct fulfillment of their functions, must access the data information.
- To comply with the obligations of the information to the information entities, as well as to the competent authorities that require it.
It is necessary to emphasize that any other purpose derived from those already described here that is given, in the development of the social or economic purpose of the company is by a contract, commercial or labor relationship, etc., existing between the company and the owner will be applied as the same way.
Likewise, SOFTWARE DEVELOPERS GROUP LTDA, guarantees that the information by the owner of personal data will be used in a responsible and safe way, for the purposes described here and once the relationship or the need to carry out the data processing is completed, the same They will be eliminated from the company's databases unless by legal provisions they must be kept or archived under optimal security conditions in order to be disclosed when required by law.
SOFTWARE DEVELOPERS GROUP LTDA, the main purpose of the company is the following activity: development of computer applications, computer support, systems consulting, sale of computer security accessories. In the same way, it offers services and installation, manufacturing, manufacturing, import, export, sale, and marketing of location and tracking of all types of goods in general on a satellite basis. Thus, in the fulfillment of its corporate purpose, the company collects information from holders of personal data such as name, identification, cell phone, telephone, email address, residence address, financial and medical information, among others. In order to ensure the development of the corporate purpose.
SOFTWARE DEVELOPERS GROUP LTDA, acting in accordance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, and through all forms and documents where the collection of personal data of users, customers, employees, suppliers, and other headlines. Informs by means of a script the general aspects of the protection of personal data, the rights as owners, and the purpose for which they are captured. If the recruitment is carried out verbally, said script will be communicated to the owner in the same way and the authorization is recorded through the technical means provided for that purpose.
_______________________________ identified with citizenship card N ° __________________ of _________________ I declare under the gravity of oath that the data provided by me are true and exact and that SOFTWARE DEVELOPERS GROUP LTDA, has previously informed me and expresses the rights that assist me, its purpose, treatment and validity that will be given to my personal data.
In proof of the foregoing, I expressly, freely, prior, voluntarily, and duly informed SOFTWARE DEVELOPERS GROUP LTDA, to process data in accordance with the purposes and conditions mentioned in the privacy notice, which I declare know, and accept.
SOFTWARE DEVELOPERS GROUP LTDA, in addition to the authorizations mentioned in this manual, performs the collection of personal data through the different documentation that is required in the selection, contracting, sale of products, or supplies by suppliers, among others.
The data collected by the company is stored and processed by means of certified software for the purpose, where adequate protection of the information will be carried out and a degree of confidentiality will be handled.
- DELETE OF THE DATA AND / OR REVOCATION OF AUTHORIZATION.
In accordance with the provisions of article 8 of Decree 1377, THE COMPANY has provided a free and agile mechanism through which the Holder can at all times and provided that there is no legal or contractual duty that prevents it, request THE COMPANY the deletion of your personal data and/or revoke the authorization you have given us for the Treatment thereof, by submitting a formal written request. If the respective legal term has expired, SOFTWARE DEVELOPERS GROUP LTDA does not delete your personal data from the databases, you will have the right to request the Superintendency of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal information.
- REQUEST FOR INFORMATION AND / OR UPDATING OF THE DATA COLLECTED.
SOFTWARE DEVELOPERS GROUP LTDA, in order to guarantee and execute strict compliance with current legislation on the protection of personal data, provides the content of the request, which must be made by the data subjects, to obtain information about them. Thus, said request must contain:
- Should be r performed by the owner, this must prove their identity in due form, if that is done by third party or guardian must attach the power authentic respective certifying their quality.
- Specify the type of information you want to request.
- Indicate the means by which you wish to be notified and the information required to do so.
- Send the request to the email firstname.lastname@example.org
The response period is governed by the provisions of the current legal system, which can vary from 10 to 15 business days.
Likewise, those holders who wish to update and/or correct the data collected by the company must make the request under the same conditions described in this chapter, attaching the type of update or correction they wish to carry out, this will be resolved. in the same terms and it will be received through the channels described in this manual.
- RIGHTS OF THE HOLDERS.
In accordance with the provisions of Article 20 of Decree 1377, the rights as holders may be exercised by :
- By the Owner of the data, who must sufficiently prove before THE COMPANY their identity by the different means or mechanisms that we have at their disposal.
- By the successors in title of the Data Owner, who must prove such quality to THE COMPANY
- By the representative and/or attorney-in-fact of the Data Owner, prior accreditation to THE COMPANY of the representation or empowerment
- By stipulation in favor of another or for another.
And so, and in accordance with the provisions of article 8 of Law 1581 of 2012, the owner of personal data has the following rights:
a) Know, update and rectify your personal data in front of the Treatment Managers or Treatment Managers. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized;
b) Request proof of the authorization granted to the Responsible for the Treatment except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of this law;
c) Be informed by the Treatment Manager or the Treatment Manager, upon request, regarding the use that has been given to your personal data;
d) Present before the Superintendency of Industry and Commerce complaints for infractions to the provisions of this law and the other regulations that modify, add or complement it;
e) <Literal CONDITIONALLY enforceable> Revoke the authorization and/or request the deletion of the data when in the Treatment the constitutional and legal principles, rights, and guarantees are not respected. The revocation and/or deletion will proceed when the Superintendency of Industry and Commerce has determined that in the Treatment the Responsible or Person in Charge have incurred in conduct contrary to this law and the Constitution;
f) Free access to your personal data that have been subject to Treatment.
- AREA IN CHARGE OF DATA PROCESSING.
SOFTWARE DEVELOPERS GROUP LTDA makes available to users, customers, suppliers, and interested parties. The customer service area, which through our advisers who are duly trained to provide the best service and obtain the best experience, has the function of giving a clear, truthful, timely, and effective response. In any request, complaint, or claim by the owner of the data collected.
The customer service area operates continuously, ensuring that users, customers, suppliers, and interested parties. They can access at any time and connect with our areas to exercise and/or know their rights as owners, as well as submit requests to know, update, delete and revoke authorization of data that have been captured by the company in compliance with its corporate purpose.
- COMMUNICATION CHANNELS.
SOFTWARE DEVELOPERS GROUP LTDA
City: Bogotá DC
Address: Carrera 17 N ° 70ª- 01
- DUTIES OF THOSE RESPONSIBLE FOR THE TREATMENT.
Acting in accordance with the provisions of Article 17 of Law 1581de 2012 SOFTWARE DEVELOPERS GROUP LTDA, it is obliged to fulfill each and every one of the duties imposed as responsible for the processing of data which are:
1. Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data;
2. Request and keep, under the conditions set forth in this law, a copy of the respective authorization granted by the Holder;
3. Properly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted;
4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;
5. Guarantee that the information provided to the Treatment Manager is true, complete, exact, updated, verifiable and understandable;
6. Update the information, communicating in a timely manner to the Person in Charge of Treatment, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it is kept up-to-date;
7. Rectify the information when it is incorrect and communicate the pertinent to the Person in Charge of Treatment;
8. Provide the Treatment Manager, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of this law;
9. Require the Treatment Manager at all times, respect the security and privacy conditions of the Information of the Holder;
10. Process the queries and claims formulated in the terms indicated in this law;
11. Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and especially, for the attention of queries and claims;
12. Inform the Treatment Manager when certain information is under discussion by the Holder, once the claim has been submitted and the respective process has not been completed;
13. Inform at the request of the Holder about the use given to their data;
14. Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders.
15. Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce
- OTHER PROVISIONS.
SOFTWARE DEVELOPERS GROUP LTDA, in order to comply with the prerogatives given in the constitution and the law, sets out additional provisions to those already mentioned in this manual which are:
1) The Company will collect, store, use or circulate the Personal Data for which it has the proper authorization, for the term that is reasonable and necessary.
2) In the event of the collection and capture of sensitive data, the company will inform the owner of the data, what is the purpose of obtaining it and this will not be obliged to accept.
3) If in compliance with the corporate purpose it is required to collect data from children and adolescents, the company will guarantee the protection of their fundamental rights, respect their best interests, and request, in the effects provided for in this manual, the authorization of the legal representative to capture and carry out the respective data processing.
4) personal data must be kept when required to comply with a legal or contractual obligation.
- MODIFICATIONS AND / OR ADDITIONS TO THE TREATMENT POLICY.
We inform you that if significant modifications and/or additions are made to the content of this manual of personal data treatment policies, referring to the identification of the person in charge and/or manager and the purpose of the processing of your personal data, which may affect the content of the authorization that you have granted to the company, you will communicate these changes before or at the latest at the time of the implementation of the new policies.
Similarly, when the change refers to the purpose of processing your personal data, the company will request a new authorization from you.
The present policy for the treatment of personal data presented by SOFTWARE DEVELOPERS GROUP LTDA enters into force from the month of May of the year 2021 and will take effect from the same date.