Privacy Policy

In compliance with the provisions of Statutory Law 1581 of 2012 and its Regulatory Decree 1377 of 2013, ITIC GROUP SAS informs the policy applicable to the entity for the treatment of personal data protection.

 

IDENTIFICATION OF THE DATA CONTROLLER.

 

 

NAME: ITIC GROUP SAS

 

NIT: 901.386.107-4.

 

ADDRESS: Carrera 10 # 97A-13 Office 202 Tower B.

 

CITY: Bogota DC

 

Country Colombia.

 

EMAIL: gerencia@iticgroup.com.co

 

WEBSITE: www.iticgroup.com.co

 

TELEPHONE: 7436532.

 

LEGAL FRAMEWORK.

 

 

Political Constitution, article 15, 20 Law 1266 of 2008.

Law 1581 of 2012.

Regulatory Decrees 1727 of 2009 and 2952 of 2010, partial Regulatory Decree 1377 of 2013.

 

 

 

OBJECTIVE:

 

The objective of this Personal Data Processing Policy is to establish the criteria by which the collection, storage, use, circulation and deletion of personal data processed by ITIC GROUP SAS will be carried out.

 

SCOPE:

 

This Policy is applicable to all personal and/or commercial information registered in the databases of ITIC GROUP SAS, who acts as the person responsible for the processing of personal data.

 

DEFINITIONS:

 

ITIC GROUP SAS, as the Company responsible for data processing in accordance with Law 1581 of 2012, has established the following definitions for the development of its data protection processing policy:

 

AUTHORIZATION: It is the prior, express and informed consent of the owner to carry out the processing of personal data.

 

PRIVACY NOTICE: It is the verbal or written communication generated by the person in charge of the Treatment, addressed to the owner for the treatment of his personal data, where he is informed of the existence of the information treatment policies that will be applicable to him, the form of access them and the purposes of the treatment that is intended to be given to personal data.

 

DATABASE: It is the organized set of personal data that is subject to treatment.

 

CAUSEHOLDER: It is the person who has succeeded another due to the death of this (heir).

 

DATA PROTECTION LAW: Refers to Law 1581 of 2012 and its regulatory Decrees or the regulations that modify, complement or replace them.

 

PERSONAL DATA: It is any piece of information linked to one or several determined or determinable persons or that can be associated with a natural or legal person.

 

PUBLIC DATA: It is all data that is not private, semi-private or sensitive. The data related to the Owner's marital status, his profession or trade and his quality as a merchant or public servant are considered as public data. Due to its nature, this data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.

 

SENSITIVE DATA: Sensitive data are those that affect the privacy of the owner, or in which case of improper use they may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, belonging to unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

 

PROCESSOR: Refers to the natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the data controller.

 

OWNER:  Refers to the natural person whose personal data is processed.

 

RESPONSIBLE FOR THE TREATMENT: It refers to the natural or legal person, public or private that by itself or in association with others, decides on the database and/or Treatment of the data.

 

HABEAS DATA:  It is the right of any person to know, update and rectify the information that has been collected about them in the data bank and in the files of public and private entities.

 

CLAIM: Refers to the request of the Data Owner or the persons authorized by it or by law to correct, update or delete their personal data.

 

TREATMENT: Refers to any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

 

TRANSFER: It is the sending of personal data made by the person in charge or the Manager from Colombia to a person in charge who is inside (national transfer) or outside the country (international transfer).

 

TRANSMISSION:  It is the processing of personal data that implies the communication of these within or outside the territory of the Republic of Colombia when its purpose is to carry out a treatment by the person in charge on behalf of the person in charge.

 

 

TREATMENT AND PURPOSE:

 

ITIC GROUP SAS acts as the person responsible for the Processing of Personal Data, in order to adequately develop its commercial activities, as well as strengthen its relationships with third parties, collects, stores, uses, circulates and deletes Personal Data that correspond to natural persons with whom it has or has had a relationship, as are workers and their families, shareholders, contractor, customers, suppliers and debtors.

 

Personal data is processed by ITIC GROUP SAS for the following purposes:

 

1. Carry out the pertinent steps for the development of the company's corporate purpose in what has to do with compliance with the purpose of the contract entered into with the Holder of the information.

2. Inform about changes in our products and services.

3. Offer our products and services, as well as make invitations to events.

4. Provide the products and services requested by the Holder.

5. Evaluate the quality of products and services.

6. Manage various procedures (requests, complaints, claims).

7. Carry out satisfaction surveys regarding the goods and services offered by ITIC GROUP SAS

8. Provide contact information to the commercial force and/or distribution network, telemarketing, market research and any third party with which ITIC GROUP SAS has a contractual relationship for the development of activities of this type (market research and telemarketing, etc. ) for their execution.

9. Contact the Owner through telephone means to carry out surveys, studies and/or confirmation of personal data necessary for the execution of a contractual relationship. Contact the Holder through electronic means – SMS or chat to send news related to loyalty campaigns or service improvement.

10. Sharing, Sharing, including the transfer and transmission of your personal data to third parties for the purposes related to the operation.

11. Contact the Holder via email to send statements, account statements or invoices in relation to the obligations derived from the contract entered into between the parties.

12. To offer corporate welfare programs and plan business activities, for the owner and his beneficiaries (children, spouse, permanent partner).

13. Know the credit information of the Holder that rests in Credit or irrigation Information Centers, such as CIFIN, DATACRÉDITO among others, in operators of data banks of financial, credit, commercial information for the purposes indicated in said law and its regulatory or amending standards .

14. To process requests for certifications in commercial or labor relations.

15. To meet the requirement(s) of the corresponding authorities.

16. To Contact your workers, development of Human Resources management and in general for the management of labor relations and compliance with the obligations derived from it.

 

 

SPECIAL PROTECTION: RIGHTS OF CHILDREN AND ADOLESCENTS:

 

In the Processing of Personal Data, ITIC GROUP SAS will ensure that the prevailing rights of children and adolescents are respected. The Processing of Personal Data of children and adolescents is prohibited, except for those that are of a public nature.

 

 

 

RIGHTS OF THE OWNER:

 

As the owner of your personal data, in accordance with the terms established in Law 1581 of 2012, you have the right to:

1. Free access to the data provided that has been processed.

2. To the knowledge, update and rectification of your information against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is prohibited or has not been authorized.

3. Request proof of authorization granted.

4. Submit to the Superintendence of Industry and Commerce (SIC) complaints for violations of the provisions of current regulations.

5. To revoke the authorization and/or request the deletion of the data, as long as there is no legal or contractual duty that prevents its deletion.

6. Refrain from answering questions about sensitive data. The answers that deal with sensitive data or data of girls, boys and adolescents will be optional.

 

DUTIES OF ITIC GROUP SAS

 

By virtue of this personal data treatment and protection policy, the following are the duties of ITIC GROUP SAS, without prejudice to the provisions provided by law:

 

1. Guarantee in favor of the owner, at all times, the full and effective exercise of the right of Habeas Data.

2. Request and keep a copy of the respective authorization granted by the Holder.

3. Inform the Data Holder about the purpose of collecting these, and the rights that assist him by virtue of the authorization granted.

4. Keep the Owner's information under the appropriate security conditions, in order to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

5. Guarantee that the information provided by the Holder is true, complete, updated, accurate, understandable and verifiable.

6. Keep the information provided by the Holder up to date, taking into account all the news that occurs regarding the data, as well as implementing the necessary measures so that said information is kept up to date.

7. Make the rectification of the information when it is incorrect and communicate what is pertinent to the Holder.

8. Respect the security and privacy conditions of the Owner's information.

9. Carry out the processing of queries and claims formulated in the terms stipulated by law.

10. Inform when the owner requests it about the use of their data.

11. Identify when certain information is under discussion by the Owner.

12. Inform the data protection authority in a timely manner when there are violations of the security codes and risks in the administration of the Owner's information.

13. Compliance with the requirements and instructions issued by the Superintendence of Industry and Commerce on the particular subject.

14. Make use of data whose treatment is previously authorized in accordance with the provisions of Law 1581 of 2012 exclusively.

15. The processing of personal data that ITIC GROUP SAS will carry out will be only for those purposes for which it is duly empowered, within the framework of respect for current regulations on the protection of personal data.

 

TREATMENT OF SENSITIVE DATA

The processing of sensitive personal data may be carried out and the data used by ITIC GROUP SAS in the event that the processing of said data is necessary for the recognition, exercise, or defense of a right in a judicial process.

Additionally, these data may be used and processed when they have a historical, statistical or scientific purpose, where the measures leading to the suppression of the Owner's identity will be adopted.

In the case of the treatment of personal data of girls, boys and adolescents, this is prohibited, except in the case of data of a public nature, and when the treatment complies with the following conditions and/or requirements:

• That they respond to and represent the best interest of girls, boys and adolescents.

• That respect for their fundamental rights be ensured in the processing of said data.

In such cases ITIC GROUP SAS undertakes to ensure the proper use of the processing of personal data of girls, boys and adolescents.

 

ATTENTION OF REQUESTS, QUERIES, COMPLAINTS AND CLAIMS

The Customer Relations Department is the agency in charge of processing the requests of the holders to make their rights effective.

Requests, inquiries, complaints and/or claims towards ITIC GROUP SAS, may be made through the website http://www.iticgroup.com, or by email gerenciaadministrativa@iticgroup.com.co.

 

PROCEDURE FOR THE EXERCISE OF THE RIGHT OF HABEAS DATA

 

In compliance with the regulations on the protection of personal data, ITIC GROUP SAS, is allowed to present the procedure and the minimum requirements for the exercise of your rights.

 

 

For the filing and attention of your request, we ask you to provide the following information:

• Full name and surname.

• Contact details: Residence address, Email address, Contact telephone numbers.

• Means to receive a response to your request.

• Reason(s)/fact(s) that give rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of the authorization granted, revoke it, delete, access the information).

• Signature (if applicable) and identification number.

In accordance with the provisions of the law, the maximum term to resolve your claim is fifteen (15) business days, counting from the day following the date of receipt of the claim. When it is not possible to address the claim within said term, ITIC GROUP SAS will inform the interested party of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following at the expiration of the first term.

Once the terms established by Law 1581 of 2012 and the other norms that regulate or complement it are fulfilled, the Owner who is denied, totally or partially, the exercise of the rights of access, update, rectification, deletion and revocation You can bring your case to the attention of the Superintendence of Industry and Commerce, in the Delegation for the Protection of Personal Data.

 

 

 

1. VALIDITY OF THE PERSONAL DATA PROCESSING POLICY:

 

This ITIC GROUP SAS Personal Data Processing Policy is in effect as of June 8, 2020.

 

 

The databases in which the personal data will be registered will have a validity equal to the time in which the information is maintained and used for the purposes described in this policy. Once that purpose(s) is fulfilled and provided there is no legal or contractual duty to retain your information, your data will be deleted from our databases.