Contáctanos

GENERAL POLICY ON PERSONAL DATA PROTECTION

Purpose

To establish policies for the protection of personal data at Heimcore, in compliance with Statutory Law 1581 of 2012 and its regulatory decree 1377 of 2013, and to ensure these policies are communicated to all data subjects involved in the Cooperative’s processes.

Scope

All processes and third parties that store and process personal data.

Definitions and abbreviations

Expressions used in this Policy shall have the meaning given to them herein, or the meaning given to them by applicable law or case law, as such law or case law may be amended from time to time.

  1. a) Authorization: It is the prior, express and informed consent of the Owner to carry out the Processing of his/her Personal Data.
  1. b) Database: It is the organized set of Personal Data that is subject to Processing, electronic or not, whatever the modality of its creation, storage, organization and access.
  1. c) Personal Data: It is any information of any type, linked or that can be associated with one or more specific or identifiable natural or legal persons.
  1. d) Public Data: It is Personal Data classified as such according to legal mandates or the Political Constitution and that which is not semi-private, private or sensitive. Any data relating to the marital status of individuals, their profession or occupation, their status as merchants or public servants, and any other data that may be obtained without reservation is considered public data, among others. By its nature, public data may be contained in, among others, public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to non-disclosure agreements.
  1. e) Sensitive Data: Refers to Personal Data that impacts the privacy of the Owner and whose improper use could lead to discrimination. This includes information about union affiliations, racial or ethnic origin, political beliefs, religious or philosophical beliefs, membership in social organizations or unions, human rights interests, political party affiliations, and data related to health, sexual life, or biometric information.
  1. f) Data Processor: It is the natural or legal person, public or private, who by itself or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller.
  1. g) Authorized: It is the Company and all persons under the responsibility of the Company, who by virtue of the Authorization and these Policies have the legitimacy to Process the Personal Data of the Owner. The Authorized includes the gender of the Qualified.
  1. h) Qualification: It is the legitimacy that the Company expressly and in writing grants to third parties –through a contract or document in compliance with the applicable Law– for the Processing of Personal Data, converting such third parties into Data Processors of the Personal Data delivered or made available.
  1. i) Data Controller: It is the natural or legal person, public or private, who by itself or in association with others, decides on the Database and/or the Processing of Personal Data.
  1. j) Owner of the Personal Data: It is the natural or legal person to whom the information contained in a Database refers, and who holds the right to habeas data.
  1. k) Transfer: It is the Processing of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Processing by the Data Processor on behalf of the Data Controller.
  1. l) Transmission: It is the activity of Processing Personal Data through which the same are communicated, internally or with third parties, within or outside the territory of the Republic of Colombia, when said communication has as its objective the performance of any Processing activity by the recipient of the Personal Data.
  1. m) Processing of Personal Data: It is any systematic operation and procedure, whether electronic or not, that allows the collection, conservation, organization, storage, modification, relationship, use, circulation, evaluation, blocking, destruction and in general, the processing of Personal Data, as well as its transfer to third parties through communications, consultations, interconnections, cessions or data messages.

 

Principles for the processing of personal data

According to Law 1581 of 2012, the following principles guide its application:

Principle of Legal Compliance in Data Processing: The Processing referred to in this law is a regulated activity that must be subject to the provisions established therein and in any related regulations;

  1. b) Principle of Purpose: The Processing must serve a legitimate purpose as defined by the Constitution and applicable laws, and this purpose must be communicated to the owner;
  1. c) Principle of Freedom: The Processing can only be carried out with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives consent;
  1. d) Principle of Truthfulness or Quality: The information subject to Processing must be true, complete, accurate, up-to-date, verifiable and understandable. The processing of partial, incomplete, fractional or misleading data is prohibited;
  1. e) Principle of Transparency: In the Processing, the right of the Owner to obtain information about the existence of data concerning him/her from the Data Controller or the Data Processor, at any time and without restrictions, must be guaranteed;
  1. f) Principle of Restricted Access and Circulation: The Processing is governed by limitations based on the nature of the personal data, the provisions of this law and the Constitution. In this sense, the Processing may only be conducted by persons authorized by the Owner and/or by the persons provided for in this law;

Personal data, except for public information, may not be made available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Owners or authorized third parties in accordance with this law;

  1. g) Principle of Safety: The information subject to Processing by the Data Controller or Data Processor referred to in this law must be overseen with the technical, human and administrative measures necessary to provide security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access;
  1. h) Principle of Confidentiality: All persons involved in the Processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks that comprise the processing has ended, and may only provide or communicate personal data when this corresponds to the development of the activities authorized in this law and under the terms thereof.

 

Description

These policy sections apply to any registration of personal data made in person, by telephone and/or virtually for the purpose of acquiring any HEIMCORE product, service or benefit. The data owner registers or delivers his/her information freely and voluntarily and acknowledges that he/she has read and expressly accepted these terms and conditions:

  1. The HEIMCORE entity located in the city of Bogota D.C., at Calle 98 #70 – 91 Office 202, Centro Empresarial Pontevedra, is directly responsible for the processing and custody of personal data. However, it reserves the right to delegate its processing to a third party. The third party responsible for data processing has defined policies and procedures that guarantee the protection and confidentiality of the stored data.
  1. The stored data is protected in the different systems in accordance with the Information Security policies defined by the entity, mitigating unauthorized access that allows the disclosure, knowledge, modification, elimination or destruction of information stored in our databases.
  1. The entity will request the necessary data from the owner through physical means (Forms provided to the owner) or electronic means (Fincomercio website), for the provision of services, acquisition of products, work agreements and other processes required by the entity, and will be informed through the means in which they were requested.
  1. The entity may only provide information to the owners, successors in title or legal representatives, public or administrative entities, whether by legal means or by court order, to third parties authorized by the owner or the law.
  1. The entity has a Personal Data Protection Officer, who is responsible for periodically validating compliance with the policies and procedures for processing personal data in each of the entity’s related processes. Its functions include:

Identify and classify the databases in which personal information is collected (what data and where it is stored).

Provide controls (policies and procedures) that guarantee the security of information (confidentiality, integrity, availability) in the entity’s different databases.

Promote data protection awareness tools for the entity’s various officials and third parties.

Define the necessary controls to ensure compliance with the policies, procedures and technological controls associated with Data Management in the entity.

Register the entity’s different databases with the Superintendency of Industry and Commerce, along with the policies and procedures for their processing and safeguard.

Integrate personal data management into the entity’s Risk process.

Manage Information Security incidents in which personal data is exposed and report them to the regulatory body.

  1. The entity, as the party responsible for the information and/or in charge of processing, complies with the following duties:
  1. a) Guarantee the holder, at all times, the right to Habeas data.
  1. b) Maintain the information under the necessary security conditions in order to control unauthorized access, loss and disclosure of the information.
  1. c) Update or delete stored data, always ensuring its integrity, in accordance with the provisions of the Law.
  1. d) Process queries and complaints from owners in accordance with the provisions of the law.
  1. e) Define a Comprehensive Personal Data Management Program composed of policies and procedures that guarantee compliance with the Law regarding the Protection of Personal Data.
  1. f) Register databases, in accordance with the definitions set forth by the Superintendency of Industry and Commerce.
  1. g) Notify the Superintendency of Industry and Commerce when the information of the owners has been exposed due to information security incidents (viruses, computer attacks, among others).
  2. The owner has the right to know, update and rectify his/her personal data. Additionally, it can request the registration of authorization for the processing of data as mentioned in Article 10 of Law 1581 of 2012. It has the right to revoke and request the removal of its data whenever it wishes or when the personal data processing policy is not complied with. The owner may make any request by accessing our website in the PQRSF section.

 

Updated on March 7, 2023

Follow us
Facebook Linkedin Youtube
Information
Links
Legal Links
Work with us

Bogotá - Colombia

  • Calle 98 # 70 – 91 | Oficina 202 – 203 Centro Empresarial Pontevedra.

Cali – Colombia

  • Calle 64 Norte # 5B Norte – 146 Oficina 410 A Edificio Centro Empresa.
  • Mercadeo@heimcore.com.co
  • (+57) 601 5804352

Heimcore. Copyright © 2023 All Rights Reserved - Developed by e-me.

I want to work at

If you apply to one of the above offers, do not hesitate to send us your resume with all your information.