LA SOCIEDAD EMPRESA DE SOLUCIONES, SERVICIOS E INNOVACIÓN ESSI S.A.S.
IT IS ALLOWED TO MAKE ITS PERSONAL DATA PROCESSING POLICY KNOWN TO ALL ITS CUSTOMERS, EMPLOYEES AND SUPPLIERS.
PURPOSE.
On the occasion of the issuance of Law 1581 of 2012 and the Single Regulatory Decree 1074 of 2015, and in order to comply with its provisions that develop the right of people to know, update, rectify or delete personal information that has been collected about them in any database or file; EMPRESA DE SOLUCIONES, SERVICIOS E INNOVACIÓN ESSI S.A.S., Identified with NIT 804.005.810-9, domiciled in Girón – Santander, requests authorization from the holders of personal data to use them in a legal, lawful, safe and reliable manner, adjusting their use to their policies and procedures for the Processing of personal data.
DEFINITIONS.
For the purposes of the implementation of this policy and in accordance with legal regulations, the following definitions will be applicable:
a) Authorization: prior, express and informed consent of the Holder to carry out the Processing of personal data;
b) Privacy notice: physical, electronic document or in any other format generated by the Responsible that is made available to the Holder for the processing of their personal data. In the Privacy Notice, the Owner is informed of the information regarding the existence of the information processing policies that will be applicable to him, the way to access them and the purpose of the Processing that is intended to give to personal data;
C) Database: organized set of personal data that is subject to Processing;
D) Personal data: any information linked to or that may be associated with one or more specific or determinable natural persons;
e) Public data: it is the data classified as such according to the mandates of the law or the Political Constitution and that which is not semi-private, private or sensitive. Public, among others, are data relating to the marital status of people, their profession or profession, their quality as a merchant or public servant and those that can be obtained without any reservation. By its nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins;
F) Private data: it is the data that due to its intimate or reserved nature is only relevant to the owner;
g) Sensitive data: Sensitive data is understood as those that affect the privacy of the Holder or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life
h) Data Processor: natural or legal person, public or private, who, by herself or in association with others, carries out the Processing of personal data on behalf of the Data Controller;
i) Responsible for the Treatment: natural or legal person, public or private, who by herself or in association with others, decides on the database and/or the Processing of the data;
j) Owner: natural person whose personal data is subject to Processing;
k) Processing: any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion thereof.
PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
The processing of personal data in EMPRESA DE SOLUCIONES, SERVICIOS E INNOVACIÓN ESSI S.A.S. Will be governed by the following principles:
a) Principle of purpose: the Processing of the personal data collected must obey a legitimate purpose, which must be informed to the Holder;
b) Principle of freedom: the Treatment can only be carried out with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent;
c) Principle of veracity or quality: the information subject to Processing must be truthful, complete, accurate, up-to-date, verifiable and understandable. Partial, incomplete, fractional or misleading data will not be processed;
d) Principle of transparency: in the Treatment, the right of the Holder to obtain EMPRESA DE SOLUCIONES, SERVICIOS E INNOVACIÓN ESSI S.A.S. at any time and without restrictions, information about the existence of data concerning you;
e) Principle of access and restricted circulation: the Processing is subject to the limits derived from the nature of the personal data, the provisions of this law and the Constitution. Personal data, except for public information, and the provisions of the authorization granted by the owner of the data, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to Holders or authorized third parties;
f) Safety principle: information subject to processing by EMPRESA DE SOLUCIONES, SERVICIOS E INNOVACIÓN ESSI S.A.S. it must be protected through the use of technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access;
g) Principle of confidentiality: all persons involved in the Processing of personal data are obliged to guarantee the reservation of the information, even after the end of their relationship with any of the tasks that the Treatment includes. FIRST PARAGRAPH: in the event that sensitive personal data is collected, the Holder may refuse to authorize its Processing.
PROCESSING OF PERSONAL DATA
Harvest
The collection of data is carried out through the processing and / or delivery of documents, receipt of emails, by telephone and any other means by which they are requested or provided by virtue of the Privacy Notice or the express authorization for the Treatment, where the Holder authorizes the conservation and use of such information for the purposes that are exposed. Likewise, authorization will not be required when the data is collected by virtue of an express legal request from an entity in the State.
Storage
We keep the information for as long as reasonable and necessary in a physical and magnetic medium, in accordance with the purposes that justified the collection of such information. Once the information is not necessary for our purposes, we will delete the personal data in our possession.
In labor matters, the information provided in the resumes or during the selection process will be preserved so that the contractual relationship is not generated, with the purpose of considering them for future calls.
Use
The information authorized to be treated will have as its ultimate purpose:
VIRTUAL CUSTOMER DATABASE: Strong Promote and raise commercial offers to potential customers.
PHYSICAL CUSTOMER DATABASE: promote and raise commercial offers to potential customers.
PHYSICAL EMPLOYEE DATABASE: Carry out all the procedures of a process of pre-selection of our applicants for positions, such as home visits, technical security analysis and comply with our employer obligation to affiliate our dependent workers to the general comprehensive social security system and guarantee the rights granted to them by labor legislation.
VIRTUAL EMPLOYEE DATABASE: comply with our employer’s obligation to affiliate and pay contributions to the general comprehensive social security system for all our dependent workers and guarantee their own rights granted by labor legislation, especially the recognition of salaries and social benefits.
PHYSICAL SUPPLIER DATABASE: analyze the market of suppliers that allows us to efficiently meet the needs of our business.
PHYSICAL SHAREHOLDERS DATABASE: comply with our legal duties to update the shareholding of the company’s partners.
VIRTUAL ACCOUNTING DATABASE: Establish rigorous control over each of the resources and obligations of the business, record, in a clear and precise way, all the operations carried out by the company during the fiscal year, provide, at any time, a clear and true image of the financial situation that the business holds, foresee well in advance the future of the company. Serve as proof and source of information, before third parties, of all those acts of a legal nature in which accounting can have evidentiary force in accordance with the provisions of the law.
PHYSICAL ACCOUNTING DATABASE: Establish a control over each of the physical accounting documents that rest in the company, such as invoices, proof of exit, appropriations, financial statements, that are collected during the fiscal year; in order to evidence the accounting and legal situation of the company, and that has to be provided to the control entities.
RIGHTS THAT ASSIST YOU AS THE HOLDER AND PROCEDURE TO VALIDATE THEM
As the owner of the information collected, you may at any time file complaints with the Superintendence of Industry and Commerce for violations of the provisions of the rules on personal data, know, update, rectify, expand or delete the personal information provided, for which purpose, you can submit your request to THE RESPONSIBLE AREA at the times, telephone numbers and addresses detailed below.
The Holder is not obliged to provide data considered sensitive by law.
Claims. The Owner or his successors who consider that the information contained in a database must be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in this law, may file a claim with the Data Controller or the Data Processor which will be processed under the following rules:
1. The claim will be made by means of a request addressed to the Data Controller or the Data Processor, with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents that you want to assert. If the claim is incomplete, the interested party will be required within five (5) days of receipt of the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn from the claim.
In the event that the person who receives the claim is not competent to resolve it, it will transfer it to the appropriate person within a maximum period of two (2) working days and inform the interested party of the situation.
2. Once the complete claim has been received, a legend that says “claim in process” and the reason for it will be included in the database, in a period not exceeding two (2) working days. This legend must be maintained until the claim is decided.
3. The maximum term to deal with the claim will be fifteen (15) working days from the day following the date of its receipt. When it is not possible to deal with the claim within that term, the interested party will be informed of the reasons for the delay and the date on which his claim will be dealt with, which in no case may exceed eight (8) working days following the expiration of the first term.
The Holder or successor in title may only file a complaint with the Superintendence of Industry and Commerce once the consultation or claim process has been exhausted with the Data Controller or Data Processor.
AREA IN CHARGE
The SYSTEMS AREA of EMPRESA DE SOLUCIONES, SERVICIOS E INNOVACIÓN ESSI S.A.S., Will be responsible for responding to the requests, complaints and claims made by the Holder of the data in exercise of the rights contemplated in the previous paragraph of this policy. For this purpose, the Holder of the data or whoever exercises his representation may send their request, complaint or claim from Monday to Friday from 8:00 a.m. to 6:00 p.m. to the email tesoreria@essisas.com, call the telephone line (+57) (+607) 6532226, or file it at the following address corresponding to our offices CARRERA 16C No 60-110, La Esmeralda neighborhood of the municipality of Girón – Santander.
VALIDITY OF THE PROCESSING OF PERSONAL DATA
Our Personal Data Processing Policy is effective from the first (01) of September two thousand and seventeen (2017). The personal data that is stored, used or transmitted will remain in the corresponding databases protected by the Company for as long as is necessary for the purposes mentioned in this Policy, so its processing is directly linked to the purposes for which the personal data was collected.
MODIFICATIONS
EMPRESA DE SOLUCIONES, SERVICIOS E INNOVACIÓN ESSI S.A.S. Reserves the right to make any modifications it deems relevant and necessary to this policy, so in the event of implementing any substantial change in terms of the storage or use of your information, this will be published on our website or an electronic notification will be sent to your corresponding addresses.
With this statement EMPRESA DE SOLUCIONES, SERVICIOS E INNOVACIÓN ESSI S.A.S., complies with all the requirements of Law 1581 of 2012 and the Single Regulatory Decree 1074 of 2015.
Attentively,
___________________________________
MAURICIO BRÍÑEZ RODRÍGUEZ
LEGAL REPRESENTATIVE
EMPRESA DE SOLUCIONES, SERVICIOS E INNOVACIÓN ESSI S.A.S.