PERSONAL DATA PROCESSING POLICY
Parra Rodriguez Abogados, with tax identification number (TIN) 900.616.317 – 9 (hereinafter the “Firm” or the “Responsible Party”) will apply the terms and conditions of this Policy for the Processing of Personal Data (hereinafter, the “Policy”). In compliance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013.
In the Policy, the mechanisms by means of which the Firm guarantees an adequate management of Personal Data collected in the Firm´s Databases are described, to allow the Holders the exercise of the right of Habeas Data.
In this Policy, the capitalized terms and expressions have the following meanings unless the context requires otherwise:
Appointed Party means the natural or legal person that Processes Personal Data on behalf of the Firm.
Authorized Persons means the persons that will be able to exercise the rights on behalf of the Holder and which are enunciated in article 8 of this Policy.
Authorization means the prior, express and informed consent given by Holder to the Firm for the Processing of the Holder’s Personal Data.
Database means the physical or electronic organized set of Personal Data that is subject to Processing.
Holder means the owner of the Personal Data that will be processed by the Firm.
Personal Data means the information that can be associated to one or several natural persons which can be determined or is determinable. This includes biometric data.
www.prslaws.com / Carrera 9 No. 74 08 Oficina 504 / Bogotá D.C., 110221, Colombia / tel.: + 57 (1) 3764200 fax: + 57 (1) 3761707 / NIT: 900616317-9
Parra Rodríguez Abogados S.A.S.
Processing means any operation performed on the Personal Data, such as: collection, storage, use, circulation and deletion.
Public Data means the information that can be associated with the civil status of a person, its profession, its condition of merchant or of public servant.
Responsible Party or Firm means the natural or legal person that decides on the Databases and/or Personal Data.
Sensitive Data means the information that affects the intimacy of the Holder and whose undue use could generate their discrimination. Sensitive Data includes the information that reveals: (i) racial or ethnic origin, the political orientation, religious or philosophical convictions, belonging to unions, social organizations, human rights organizations or those that promote the interests of any political party or that guarantees the rights and opposition of political parties; (iii) health-related data; to the sex life; and (iv) biometric data.
SIC means the Superintendence of Industry and Commerce.
Transference means the delivery of Personal Data from a Responsible Party to a receiver, so that the recipient Processes it as a Responsible Party.
Transmission means the delivery of Personal Data to the Appointed Party for its Processing under the control and responsibility of the Responsible Party.
Transmission Contract means the contract between the Firm and the Appointed Party for the Processing of Personal Data which is under their control and responsibility. In said contract, the Appointed Party will Process the Personal Data in accordance with the terms and conditions of this Policy.
- Obligations of the Firm for the Processing of Personal Data:
- obey provisions of the applicable laws;
- obey a legitimate purpose, previously informed and authorized by the Holder;
- seek for the Personal Data processed to be true, complete, accurate, updated, verifiable and understandable;
- guarantee the Holder’s right to be aware of the existence and content of the information that constitutes the processed Personal Data;
- not publish or disclose the Personal Data, except for Public Data and formal requests made by a judiciary or governmental authority;
- in case of hosting the Personal Data on the Internet, the Responsible Party must hold the necessary technical controls to limit their accessibility;
- adopt the necessary measures to protect Personal Data to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access; and
- guarantee the privacy of Personal Data.
- Purpose of Personal Data Processing:
- Perform the necessary activities to fulfil the obligations originated and derived from the legal and / or commercial relationship between the Responsible Party and the Holder;
- comply with the (i) fiscal obligations; and (ii) to keep commercial, corporate and accounting records of the Firm;
- comply with the internal procedures of the Firm in terms of administration of suppliers and contractors;
- control and prevention fraud and money laundering;
- archive and update the protection and custody systems that hold information and databases of the Firm;
- for selection processes for the Firm, the Personal Information of the applicants will be processed for the performance of the selection process; and
- employees Personal Data will be processed for (i) hiring procedures; (ii) payroll; (iii) social security benefits payment; and (iv) compliance with internal policies and legal obligations.
- Type of Personal Data collected by the Responsible Party:
- Name, identification number, business phone, address of the workplace, corporate e-mail address, name of the employer;
- tax information, bank account number, financial data;
- necessary information for compliance of the Firm´s obligation with the Holder;
- necessary information for the provision of the legal services offered by the Firm;
- provided that it is necessary to provide the required service, the Firm will request to the clients the following information: financial statements, annual tax returns, bank statements, official identifications of the attorneys-in-fact, contact information of the personnel related to the reception, processing and payment of invoices (e-mail, telephone, department, titlle), proof of compliance with legal, fiscal, administrative and / or labour obligations; and
- the Firm will request their employees the following: information on their affiliation with social security entities, home address, landline and cell phone number, civil status, age, birthdate, nationality, personal e-mail, gender, academic information, personal, commercial and labour references and if applicable name of spouse and children, ages and their respective dates of birth.
- Processing of Sensitive Data:
5.1. The Firm will only deal with Sensitive Data when it will be necessary for the fulfilment of its legal or contractual obligations with the Holder.
5.2. In the Treatment of Sensitive Data, the Firm or Appointed Party shall:
- inform the Holder there is not an obligation to authorize the processing;
- inform explicitly and in advance the Holder of the purpose of Processing of the Sensitive Data;
- obtain prior, express and informed consent of the Holder;
- not condition the provision of a service to the delivery of Sensitive Data;
- promote the respect for the best interests of children and adolescents; and
- ensure respect for the Holder´s fundamental rights.
- The Authorization for Processing shall:
- be collected by the Responsible Party or its Appointed Party prior to Processing;
- be kept in electronic or physical form;
- include the purpose of Processing and identify the data that will be collected;
- inform the Holder of its rights;
- inform the Holder of the existence of the Policy and how to access to it;
- inform the Holder of the contact details of the Responsible Party along with their identifications; and
- report of the optional nature to answer to the questions that are asked in relation to their Sensitive Data or data about children and adolescents
6.1. If the Personal Data supplied to the Firm belongs to third parties, the Firm understands that the person who delivers the Personal Data is authorized by the Holder.
6.2. While using the Firm´s website, the Holder declares that they have read, understood and accepted the terms of this Policy.
- The Holder has rights to:
- Become aware of the Personal Data that will be Processed;
- request the update, rectification or elimination of the Personal Data subject to processing;
- that when requested, Holder´s Personal Data will be updated, rectified or eliminated;
- request proof of the Authorization granted for Processing;
- revoke Authorization;
- be informed, upon request, of the use given to their Personal Data;
- file complaints with the SIC for infractions of this Policy and the applicable law, after exhaustion of the consultation or claim procedure established in article 9 of this Policy.
7.1. The request for suppression and/or the revocation of the Authorization shall not proceed when the Holder has a legal or contractual duty to remain in the Database of the Responsible Party.
7.2. The Holder shall have the right to consult his Personal Data free of charge:
(i) at least once each calendar month; and
(ii) whenever there are substantial modifications of the Policy that motivate new consultations.
7.3. For inquiries whose periodicity is greater than that indicated in section 7.2 above, the Responsible Party may charge the Holder the costs of shipping, reproduction and, where appropriate, certification of documents.
7.4. The Holder shall be responsible for the veracity, authenticity, validity and accuracy of the information provided and undertakes to notify the Firm of the changes to that information.
- The Authorized Persons are:
- the Holder´s successors;
- Holder´s attorney-in-fact; and
- in the case of children and adolescents, the person legally authorized to represent them.
- Procedure for the performance of Holder´s rights:
9.1. Procedure for consulting Personal Data:
9.1.1. The Holder or the Authorized Person must send a written communication to the Firm that must have at least the following information:
- Holder´s Full name and copy of their identification number;
- Holder´s contact information (telephone, e-mail, address);
- clear and precise request for consultation; and
- if the procedure is carried out by an Authorized Person, it must indicate it in the communication, informing the name of the Authorized Person and a copy of the documents that accredit the role.
9.1.2. The communication and its attachments must be sent to: Parra Rodríguez Abogados S.A.S.
Carrera 9 No. 74 – 08, office 504, Bogotá D.C., 110221, Colombia Directed to: Mr. John Farieta.Or to the e-mail email@example.com
9.1.3. The Firm will respond to the request within a maximum period of 10 business days counted from the date of receipt of the communication.
9.1.4. When it is not possible to respond the request within 10 business days, the Firm will send a communication to the interested party stating the reasons for the delay and the date on which the request will be answered.
9.1.5. The Firm may not exceed 15 business days from the receipt of the request to respond to it.
9.1.6. The Firm will send the answer in the same way as the request was submitted or, if applicable, by any other means agreed with the interested party.
9.2. Procedure for claims, updates, corrections and/or eliminations of Personal Data:
9.2.1. The Holder or the Authorized Person must send a written communication to the Firm in which at least the following information is available:
- Holder´s Full name and copy of their identification number;
- Holder´s contact information (telephone, e-mail, address)
- clear and precise description of Personal Data in question;
- clear and precise description of the claim and the documents the Holder want to assert;
- for the requests for correction and/or updating of the Holder’s Personal Data, an indication of the modifications to be made and provide the documentation supporting their request needs to be expressed; and
- if the procedure is carried out by an Authorized Person, it must indicate it in the communication, informing the name of the Authorized Person and a copy of the documents that accredit them.
9.2.2. The communication and its attachments must be sent to: Parra Rodríguez Abogados S.A.S.
Carrera 9 No. 74 – 08, office 504, Bogotá D.C., 110221, Colombia Directed to: Mr. John Farieta.
Or to the e-mail firstname.lastname@example.org
9.2.3. Within 2 working days following the reception of the claim the Firm must include a legend in the Database stating “claim in process”. This legend must be maintained until the claim is decided.
9.2.4. In case the person who receives the claim is not competent to resolve it, the Firm will transfer to claim to the corresponding person within a maximum period of 2 working days and the interested party will be informed of the situation.
9.2.5. If the information provided in the claim is erroneous and/or insufficient, the Firm will request, within 5 business days after the reception of the claim, the information and/or documents necessary to process it.
9.2.6. If, after 2 months from the request, the applicant has not provided the information and / or the required documents, the claim will be considered abandoned.
9.2.7. From the date of reception of the claim, with the complete information, the Firm will have 15 business days to address the claim.
9.2.8. If, even though the information of the claim is complete, it is not possible to attend to it within the term established in the previous point, the Firm must inform the interested party of the reasons for the delay and the date on which the claim will be handled.
9.2.9. The deadline to address the claim may not exceed 23 business days from the reception of the claim with full information.
9.2.10. The response to the claim shall be delivered in the same way as the one submitted or by any other means agreed with the interested party.
- Transfer and Transmissions of Personal Data:
10.1. The Firm may transfer Holder´s Personal Data to comply with its legal and/or commercial obligations.
10.2. The recipients of the Personal Data are obliged to maintain their confidentiality and to comply with the Policy and the applicable law.
10.3. The Firm may Transmit and Transfer international Personal Data provided that the recipient is a country that provides an adequate level of data protection.
- Duration of Processing:
11.1. The Processing will last as long as reasonable and necessary for the fulfilment of its purpose.
11.2. The Firm may continue to process the Personal Data despite the termination of the contractual relationship with the Holder, when it will aid to comply with the Firm´s legal, administrative and accounting obligations.
11.3. The Firm will proceed to the suppression of Personal Data when there is no longer a legal or contractual obligation that justifies the Processing of Personal Data.
If you wish to contact us in relation to this Policy or to the way we are Processing of your Personal Data, you may do so at our offices located at Carrera 9 No. 74 – 08, office 504, Bogotá D.C., 110221, Colombia, Tel: (+571) 3764200 or at the e-mail address email@example.com
- Date of publication
This Policy became effective on 22 September 2016 and was amended on 25 May 2018.