Personal Data Processing Policy
POLICY OF PROCESSING OF PERSONAL DATA - 1-2-TRUST S.A.S.
This Personal Data Treatment Policy will apply to all databases and/or files that contain personal data that are subject to treatment by 1-2-TRUST S.A.S. (hereinafter “1-2-Trust”).
2. IDENTIFICATION OF THE PERSON RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA.
1-2-TRUST is a commercial company with domicile in the city of CALI – COLOMBIA, located at AVENIDA 6ta Nro. 52 Norte – 24 TO 4 AP 1003, Cali; legally constituted, identified with NIT No. 900.440.104 – 1; which can be contacted through the email: firstname.lastname@example.org; and/or on the phone 8912385.
Authorization: Prior, express and informed consent of the Owner to carry out the Processing of Personal Data;
Privacy Notice: Verbal or written communication generated by the Responsible, directed to the Owner for the Treatment of your Personal Data, through which you are informed about the existence of the Information Processing Policies that will be applicable, the way of accessing to the same and the purposes of the Treatment that is intended to be given to personal data;
Database: Organized set of Personal Data that is subject to Treatment;
Public Data: It is the data that is not semi-private, private, or sensitive. Public data are considered, among others, data related to the civil status of people, their profession or trade, and their status as a merchant or public servant. By their nature, public data may be contained, among others, in public records, gazettes, official gazettes and duly executed judicial decisions that are not subject to the reservation;
Personal Data: Any information linked or that may be associated with one or more determined or determinable natural persons;
Treatment Manager: Natural or legal person, public or private, who by himself or in association with others, performs the processing of Personal Data on behalf of the Data Controller. In the events in which the Person Responsible does not act as the Manager of the Database, it will be expressly identified who will be the Manager;
Responsible for the Treatment: Natural or legal person, public or private, who by himself or in association with others, decides on the Database and / or the Treatment of the data;
Terms and Conditions: General framework in which the conditions for the participants of promotional or related activities are established;
Owner: Natural person whose Personal Data is processed;
Treatment: Any operation or set of operations on Personal Data, such as the collection, storage, use, circulation, or deletion.
Transfer: The data transfer takes place when the Person Responsible and / or in Charge of the Treatment of personal data, located in Colombia, send the information or personal data to a recipient, who in turn is Responsible for the Treatment and is inside or outside from the country;
Transmission: Treatment of Personal Data that involves the communication thereof within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible.
4. TREATMENT AND PURPOSE.
5. RIGHTS OF THE PERSONAL DATA HOLDERS.
People whose Personal Data are subject to Processing by 1-2-TRUST, have the following rights, which they can exercise at any time:
Know the Personal Data on which 1-2-TRUST is carrying out the Treatment. Similarly, the Owner can request at any time, that their data be updated or rectified, for example, if they find that their data is partial, inaccurate, incomplete, fractional, misleading, or those whose treatment is expressly prohibited or not has been authorized;
Request proof of the authorization granted to 1-2-TRUST for the Treatment of your Personal Data;
Be informed, upon request, regarding the use that the company is giving to your Personal Data;
Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add to or complement it;
Revoke the authorization and/or request the deletion of Personal Data, by filing a claim, by the procedure established in this Policy. However, the request to delete the information and the revocation of the authorization will not proceed when the Holder of the information has a legal or contractual duty with 1-2-TRUST.
Free access to your Personal Data that has been processed.
6. AREA RESPONSIBLE FOR THE IMPLEMENTATION AND OBSERVANCE OF THIS POLICY.
1-2-TRUST is in charge of the development, implementation, training, and observance of this policy, as well as the attention to requests, queries, complaints and claims before which the Owner of the information may exercise their rights to know, update, rectify and delete the data and revoke the authorization.
1-2-TRUST currently manages the following Databases: (i) Asana; (ii) Google Drive; Contapyme (iii).
1-2-TRUST must request prior, express, and informed authorization to the Holders of the Personal Data on which the processing is required. The authorization must be:
Previous: It means that the consent must be granted by the Owner, at the latest at the time of collection of Personal Data;
Express: It means that the Holder’s consent must be explicit and concrete, open and unspecified authorizations are not valid. The Owner is required to express his / her willingness to authorize 1-2-TRUST to process his / her Personal Data. This authorization may be given through the different mechanisms made available by 1-2-TRUST, such as:
By accepting the Terms and Conditions established on the website of the company 12trust.co;
In writing, including authorization clauses in the contracts that are signed, or filling out an authorization form provided by 1-2-TRUST “Authorization for the Treatment of Personal Data 1-2-TRUST”;
Orally, for example, in a telephone conversation or a video conference;
Through unequivocal conduct that allows concluding that it granted its authorization, for example, through its express acceptance of the Terms and Conditions of one or all the services provided by the company, within which the authorization of the Holders is required for the Treatment of your personal information.
In no case will 1-2-TRUST assimilate the Owner’s silence as unequivocal conduct to suppose the authorization of the Processing of Personal Data. Whatever the mechanism used by the company, proof of authorization must be kept to be able to be consulted later.
Informed: It means that when requesting the Holder’s consent, they must be informed of the following:
The Personal Data that will be collected;
The identification and contact details of the Data Controller and the Data Processor;
The specific purposes of the treatment that is intended to be carried out, that is: how and for what the collection, use, and circulation of Personal Data will be done;
What are the rights you have as the Owner of Personal Data;
The optional nature of the answer to the questions that are asked, when they are about Sensitive Data or Data of girls, boys, and adolescents.
9. SPECIAL PROVISIONS FOR THE PROCESSING OF PERSONAL DATA OF A SENSITIVE NATURE.
According to Law 1581 of 2012, Data of a sensitive nature are considered those that affect privacy or whose misuse can generate discrimination, such as those related to racial or ethnic origin, political orientation, religious or philosophical convictions, belonging to unions, social organizations, human rights organizations or political parties; states of health, sexual life, biometric data such as fingerprint, signature or photo. The treatment of Personal Data of a Sensitive nature is prohibited by law, unless you have express, prior and informed authorization from the Owner, among other exceptions enshrined in Article 6 of Law 1581 of 2012.
If 1-2-TRUST will request sensitive information, in addition to complying with the requirements established for authorization, the company must:
Inform the Owner that because it is Sensitive Data, she is not obliged to authorize its Treatment;
Inform the Owner that the Data that will be processed and the purpose thereof;
No activity of the company may be conditioned on the Owner supplying Sensitive Personal Data.
10. SPECIAL PROVISIONS FOR THE TREATMENT OF PERSONAL DATA OF CHILDREN AND GIRLS.
According to the provisions of Article 7 of Law 1581 of 2012 and Article 12 of Decree 1377 of 2013, 1-2-TRUST will only carry out the treatment, that is, the collection, storage, use, circulation and/or suppression of Data Personal corresponding to children and adolescents, as long as this Treatment responds and respects the best interests of children and adolescents, and ensures respect for their fundamental rights.
Once the above requirements have been met, 1-2-TRUST must obtain the authorization of the legal representative of the child or adolescent, after the minor exercises his or her right to be heard, an opinion that will be assessed taking into account maturity, autonomy and ability to understand The issue.
11. PROCEDURE FOR ATTENTION AND RESPONSE TO REQUESTS, CONSULTATIONS, COMPLAINTS AND CLAIMS OF THE PERSONAL DATA HOLDERS.
The Holders of Personal Data that are being collected, stored, used, put into circulation by 1-2-TRUST, may at any time exercise their rights to know, update, rectify and delete information and revoke the authorization. For this purpose, the following procedure will be followed, by the Personal Data Protection Law:
What does the procedure consist of?
The Holder or his successors in title may request 1-2-TRUST, through the means indicated below, the following:
Information on the Personal Data of the Owner that is the object of the Treatment;
Request proof of the authorization granted to the company for the Treatment of your Personal Data;
Information regarding the use that has been given by the company to your Personal Data;
Means enabled for the presentation of queries and claims:
1-2-TRUST has arranged the following means for the reception and attention of queries and claims:
Communication addressed to 1-2-TRUST S.A.S., located at the address: AVENIDA 6ta Nro. 52 Norte – 24 TO 4 AP 1003, Cali;
Request sent to the email email@example.com
Attention and response from 1-2-TRUST.
Inquiries: will be answered within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the query within said term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which his query will be answered, which in no case may exceed the following five (5) business days. at the expiration of the first term;
Claims: the Holder or his successor in title who considers that the information contained in a 1-2-TRUST database must be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, they may file a claim with the Data Controller which will be processed under the following rules:
The claim will be formulated using a request addressed to 1-2-TRUST as the Responsible for the Treatment, with the identification of the Owner, the description of the facts that give rise to the claim, the address, and accompanying the documents that they want to assert. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the failures. If two (2) months have elapsed since the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn. If the person who receives the claim is not competent to resolve it, he will transfer it to the appropriate person within a maximum period of two (2) business days and will inform the interested party of the replacement.
Once the complete claim has been received, a legend will be included in the Database that says “Claim in Process” and the reason for it, within a term not exceeding two (2) business days. Said legend must be kept until the claim is decided.
The maximum term to attend the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days after the expiration of the first finished.
12. SECURITY OF PERSONAL DATA.
1-2-TRUST, in a strict application of the Principle of Security in the Treatment of Personal Data, will provide the technical, human, and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized access. or fraudulent. The obligation and responsibility of 1-2-TRUST is limited to having the appropriate means for this purpose. 1-2-TRUST does not guarantee the total security of your information nor is it responsible for any consequence derived from technical failures or the improper entry by third parties to the Database or File in which the Personal Data object of Treatment by part 1-2-TRUST.
13. TRANSFER, TRANSMISSION AND DISCLOSURE OF PERSONAL DATA.
14. VALIDITY AND APPLICABLE LEGISLATION.
This Personal Data Treatment Policy, Privacy Notice and Authorization are governed by the provisions of current legislation on the protection of Personal Data, namely Law 1581 of 2012, Decree 1377 of 2013 and Decree 1727 of 2009.
1-2TRUST reserves the right to modify this policy at any time, after electronic communication addressed to the Holders of the information in cases where it is necessary by law. However, we invite you to regularly or periodically consult our website www.12trust.co through which the latest version of this Policy will be kept at your disposal.
This Data Processing Policy is effective as of June three (6), two thousand twenty (2020).