PERSONAL DATA PROCESSING POLICY — CAFORE ABOGADOS. CAFORE ABOGADOS, hereinafter The Company, with legal domicile at Carrera 7 No. 12B – 65 Office 401, Bogotá, Colombia, and contact phone (+57) (1) 318 330 8414, as data controller, collects, processes, stores
CAFORE LAWYERS
CAFORE ABOGADOS, hereinafter The Company, with legal domicile at Carrera 7 No. 12B – 65 Office 401, in the city of Bogotá – Colombia, and contact telephone (+57) 313 841 1825, as data controller, collects, processes, stores and disposes of the personal data that, in the natural exercise of its activities, it processes from its clients, employees, suppliers and third parties, under this personal data protection policy, the purpose of which is to make known the mechanisms and procedures to effectively exercise the rights, to inform who within The Company is in charge of handling petitions, complaints, claims and inquiries, communicating the purposes and processing to which personal data will be subjected in the development of The Company’s commercial activities.
CAFORE ABOGADOS may also process data of its former employees, visitors, guests, and persons requesting information about its services, pursuant to the terms set forth in this policy.
Our Policy applies to all collection, storage, use, transfer, transmission, and deletion of information that can be associated with or relate to natural persons determined or determinable payments that occurs in the territory of the Republic of Colombia, as well as the treatment that made those third parties with whom CAFORE LAWYERS agreed to undertake any activity related to, or connected with, the processing of personal data of which CAFORE LAWYERS is responsible.
The Policy will apply to the third parties with whom The Company eventually subscribe to contracts of transmission, in order that such third parties are aware of the obligations that will apply to, the purposes of which are to be submitted and the standards of security and confidentiality that must be taken when performing the processing on behalf of The Company.
The personal data collected will be used in order to initiate, advance and maintain the contractual relationship, business, work, and/or to receive publicity on which the holders have authorized their treatment, as well as to meet the requests and requests that are submitted by the holders of the personal data. Equally, the personal data will be processed and/or transferred when a legal duty to do so by, and to give effect to a competent authority when it is formally requires it.
I. PRINCIPLES
In all treatment performed by CAFORE LAWYERS, we will comply with the principles laid down in the law and in this Policy, in order to guarantee the right of habeas data in the headlines. These principles are:
| Principle | Description |
| Restricted access | The Company may not make available personal data for access through the Internet or by other means of communication, unless measures are put in place technical and security to control access and restrict access only to authorized individuals. The personal data may not be available on the internet or other means of communication or mass communication, except that access is technically controllable to provide a knowledge restricted only to the holders, or authorized third parties, or that the information is public. |
| Restricted circulation | Personal data may only be processed by the staff of the Company that has The authorization to do so, according to what is established by it, or who, within their functions are responsible for the conduct of such activities. You may not give personal data to third parties, within or outside the territory of the Republic of Colombia, without authorization or without the signing of a contract, in the event of transmission. |
| Confidentiality | In front of the treatment, the persons involved in the same, shall maintain the reserve of the information, even after it has finished, the link that gave origin to treatment. |
| Consent | Authorization for processing, as established by Decree 1377 of 2013, may be (i) in writing, (ii) orally, or (iii) through unequivocal conduct by the data subject that allows reasonably conclude that authorization was granted. |
| Sensitive data and diligence | Sensitive data you collect in the development of the activities of The Company, will be treated to preserve its integrity, restricted access, and security. |
| Purpose | All treatment activities must obey the legitimate purposes stated in this policy, and must be reported to the owner at the time of obtaining your consent. |
| Integrity | The personal data subject to processing must be truthful, complete, accurate, up to date, verifiable, and understandable. When in possession of personal data that is partial, incomplete, fragmented, or misleading, The Company shall refrain from processing it and request that the data subject complete or correct the information. The Company shall ensure the integrity of personal data contained in its databases and their accuracy. |
| Security | The Company must always carry out processing by deploying the technical, human, and administrative security measures, necessary and appropriate to its capabilities, to maintain confidentiality and security of personal data. The foregoing shall take into account legal provisions. |
| Severability Databases | The Company will maintain separate databases that have the quality of a manager, for those that have the condition of being responsible. |
| Temporality | The Company does not use personal data beyond the time reasonably required by the purpose for which it was informed to the respective owner and will carry out measures designed to ensure the deletion of your personal data when it ceases to fulfil the purpose for which it was collected. |
| Transparency | When the data subject so requests, the Company shall provide information regarding the existence of personal data concerning them or any data they are legally entitled to request. The response shall be delivered through the same channel, or at least through a channel similar to the one used by the data subject to make the request, and within the timeframes established by law and this policy. |
| Post-treatment | Any personal data that is not data public should be treated by managers and personnel as confidential, and under the safety parameters set by the Superintendence of Industry and Commerce. To the termination of such a link, such personal data shall continue to be treated in accordance with the policy, the manual and the applicable law. |
II. AUTHORIZATION, PROCESSING, AND PURPOSES
All treatment must be preceded by obtaining the authorization, which the holder authorizes a voluntary basis, prior, express and informed CAFORE LAWYERS, to treat the personal information and/or biometric data in accordance with the provisions of Law 1581 of 2012, the Decree Unique 1074 of 2015 and the present policy of processing of personal data. Information that will be used in the development of the activities and functions of The Company.
CAFORE LAWYERS, in the development of their business activities, will collect, use, manage, store, transmit, transfer, and will perform a variety of operations with personal data. In accordance with the above, the personal data processed by The Company shall be subject only to the purposes listed below, or which are accepted by the holders at the time of collection of the personal data. Also, managers or third parties who have access to personal data by virtue of law, contract or other binding document, will carry out the treatment in order to achieve the following purposes:
PURPOSE
Corporate and Administrative
| Managing all the information necessary for the fulfilment of the obligations tax and business records, corporate and accounting records of The Company and its customers. |
| To comply with the internal processes of The Company in the field of management of suppliers and contractors. |
| Deliver information to third parties for assessment and classification of suppliers. |
| The process of file, update systems, protection and custody of information and databases. |
| Perform analysis for the control and prevention of fraud and money laundering, including but not limited to consultation, reporting to restrictive lists and to financial-risk information bureaus. |
| Perform events, trainings, seminars, workshops and/or any other scenario that has a relationship with products and services that The Company offers. |
| The administration of the human resource of The Company, including but not limited to the evaluation of the candidates who are interested in being employees of The Company, the employment relationship to The Company, processes, training, conducting performance evaluation, advance social welfare programs and occupational health for employees and their family members, expedition labor certification, supply of work references if requested, conform to the human map of the staff working in The Company and the payment of payroll. |
| Advance campaigns for updating personal data to ensure the integrity of the same. |
| Forward internal investigations of compliance with the various policies of the company in the event of suspicious activity that may affect the good name of The Company. |
| The management of banks of leaves of life and days of recruitment to recruitment of staff. |
| Complete transactions, to obtain data and billing issue invoices. |
| Done in front of the Banks of Data, reports, positive or negative related to the state of enforcement, breach or default in financial obligations, commercial, credit and service at The Company's expense, upon prior written notice to the client with the terms of anticipation established by The company to comply with its obligations and/or demonstrate compliance. |
| To comply with tax obligations, contractual and legal. |
| The shipping of any modifications to this policy, as well as the application of new authorizations for the processing of personal data. |
| The other purposes as determined by the responsible in the processes of obtaining personal data for their treatment, in order to comply with legal and regulatory obligations, and to the development of the business of The Company. |
Marketing
| To perform marketing activities, awareness-raising, socializing, and send information about new products, news, competitions, events, campaigns, activities, promotions, and offers. |
| Conduct surveys of customer satisfaction, service quality and strengthen our channels of customer service. |
| Send information and implement CMR programs |
| To perform activities of customer loyalty. |
| Send out invitations and information about events and commercial activities and/or academic or training. |
Third parties
| To complement the information and, in general, to advance the necessary activities to manage requests, complaints and claims filed by customers of The Company and by third parties, and direccionarlas to the areas responsible for issuing the corresponding answers. |
| Transmit personal data to third parties with whom contracts have been entered into for this purpose, or documents such as addenda or declarations enabling the transmission of personal data have been signed, for commercial, administrative and/or operational purposes. Verify legal, financial and technical information in contractual processes carried out by The Company or third parties. |
| To verify legal information, financial and technical contractual processes that forward The Company or third parties. |
| In order to fulfil the purposes mentioned above, such as transfer, transmit, transfer, share, give, and/or disclose personal data to third parties, within and outside the national territory, even to countries that do not provide adequate levels of protection of personal data. |
CAFORE ABOGADOS may collect sensitive personal data such as data
biometrics such as fingerprints, photographs, and/or videos, among others, to ensure access and presence in facilities, outreach campaigns, awareness, reports to Headquarters, national authorities, and/or Company events.
Data collection will be reported to data subjects through privacy notices.
installed therein. The Company may collect biometric data of minors who enter the company's facilities and/or who are part of the family unit of the Company's employees, in which case
In the event that required the processing of sensitive personal data relating to health, racial or ethnic origin, religious beliefs or political orientation, membership of trade unions, social organizations, as well as those related to data sex, CAFORE LAWYERS will request your authorization indicating that the response is optional.
The databases that include information about data subjects shall remain in force for as long as the Company continues its ongoing operations, in accordance with the foundational nature of the corporation, as well as the activities inherent to its general administrative operation.
III. RIGHTS OF PERSONAL DATA SUBJECTS AND THEIR PROCEDURE
The holders of the personal data may exercise, at any time, the rights of access, updating, rectification and deletion of their personal data, as well as the revocation of the authorisation granted to CAFORE LAWYERS and to exercise any other right arising from or in connection with the protection of personal data (habeas data), via e-mail, or to the physical address of The Company. For this, they must take into account the following rules:
- Should be directed by electronic means to the e-mail address [email protected]
- Holders must submit your request identifying fully, and making a clear description of the query or request.
- In case required, any documents that support your request, the holder of information shall aportarlo with your request, if do not attach it, The Company will request within five (5) days following its request, clarification of the petition, or attached to support the same. In case you do not receive a response within two (2) months following the submission of your application, CAFORE LAWYERS means desistida your request.
- Once the request is received, CAFORE ABOGADOS shall proceed with the handling
and response within the legal time frames, that is, in case of inquiries of
information, within ten (10) days following, extendable by up to five (5) days if required, with prior notice to the requester. If the request is a complaint, the Company will process it internally and respond within fifteen (15) days following submission. - If the data subject is an employee or former employee of CAFORE ABOGADOS, they may also exercise their right to the protection of their personal data through the Administrative Department. Suppliers may likewise exercise their rights to access, update, rectify and/or delete their data.
Administrative Area, and the response time frames shall be those
previously stated.
Data subjects may at any time request CAFORE ABOGADOS to delete
your personal data and/or revoke the authorization granted for its processing, by filing a complaint, in accordance with Article 15 of Law 1581 of 2012. The request for deletion of information and the revocation of authorization shall not proceed when the data subject has a legal or contractual duty to remain in the database. It should be noted that there are two modalities in which the revocation of consent may occur. The first may apply to all the consented purposes; the second may occur with respect to specific types of processing, that is, the partial revocation of consent.
Pursuant to Law 1581 of 2012, CAFORE ABOGADOS informs that the Data Subject
information shall have the following rights:
- To know, update and correct your personal data;
- Request proof of the authorization granted for the processing of your personal data;
- Access free of charge to your personal data that are processed;
- Be informed of the treatment that is being given to their personal data;
- Request the revocation of the authorization, as long as there is a legal duty, or an obligation of a contractual nature of the head of the holder with The Company, according to which such personal data should remain in the database and/or be processed by The Company.
- To request the deletion of their personal data from the databases of The Company, provided, and where there is a legal duty, or an obligation of a contractual nature of the head of the holder with The Company, according to which such personal data should remain in the databases of the same.
- Submit before the Superintendence of Industry and Commerce complaints for violations of the law when you have exhausted the requirement of the procedure, going in the first instance to The Company.
IV. TRANSFERS AND TRANSMISSIONS
CAFORE LAWYERS only use personal data that you have authorized, and shall forward them to third parties for the purposes described here and to the competent administrative and judicial authorities, when required by them.
To perform a transfer of personal data to third parties responsible are located on the outside, CAFORE LAWYERS you will get the express and unequivocal authorisation of the holder for the shipping outside of the personal data or make based on any of the other hypotheses that have been contemplated in the applicable law to do so, including those set forth in the Law 1581 of 2013 and Decree 1377 of 2013.
CAFORE LAWYERS will apply to the other rules on transfer and transmission of personal data.
V. LINKS TO OTHER WEBSITES
The portal www.caforeabogados.com among others, you will be able to have links or links to other websites owned by third parties. If you decide to go to one of these web sites, you must keep in mind that each of these portals has a different privacy policy, for which we do not accept any responsibility for the information or personal data that you provide outside of our web site.
VI. VALIDITY OF THE PERSONAL DATA PROCESSING POLICY
This policy is valid from 01 June 2023 and will continue in force during the time that is necessary to fulfil the purposes mentioned in this policy.
VII. AMENDMENTS TO THE PRIVACY POLICY
CAFORE ABOGADOS reserves the right to modify this policy at any time; however, any change will be timely informed and published
through the website www.caforeabogados.com, and the change date will be recorded therein.
Spanish
English
Portuguese
Chinese