Privacy Policy

POLÍTICA DE PRIVACIDAD

PERSONAL DATA PROTECTION TREATMENT POLICY CRUZ Y GANDINI SAS (NEC METHOD) NIT No. 900.441.009-2
In compliance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013 in which the provisions for the protection of personal data are issued, CRUZ Y GANDINI SAS, in its capacity as responsible, accepts this policy for the treatment of all the personal data found in our databases and / or files, which will be disclosed to all owners of the data that have been collected and that in the future are obtained in the exercise of labor and commercial activities. Through this policy CRUZ Y GANDINI SAS, states that it guarantees the rights of privacy in the processing of personal data and strives to make effective the guarantee of the rights of privacy and intimacy of each of the data and information of headlines. All the holders who in the development of the different work, commercial activities, among others, are permanent or occasional and provide any type of personal information, may update or consult it later.
LEGAL FRAMEWORK
This Manual of Personal Data Protection Treatment Policies is supported by the provisions of the Political Constitution of Colombia (articles 15 and 20), Law 1266 OF 2008, Law 1581 of 2012, Decree 1377 of 2013, Decree 1074 of 2015 (Chapter 25 and 26, external circular No. 002 of 2015. CRUZ Y GANDINI SAS, can unilaterally change its Privacy Policy and use of Personal Data, without the consent of the owner, but taking into account that CRUZ Y GANDINI SAS ,, undertakes to keep the previous versions of this Policy, always respecting the rights of the owner of the personal data enshrined in the Colombian Constitution and Law. In cases where CRUZ Y GANDINI SAS carries out activities related to its corporate purpose and these are minors are involved, it will proceed in accordance with the provisions of article 7 of Law 1581 of 2012. This Policy is strictly and mandatory for CRUZ Y GANDINI SAS, as Responsible for the Data Protection Treatment, as well as for employees, contractors and third parties, which must be observed and respected in the performance of their functions and activities, even after terminating their commercial, labor or other relationship. Likewise, they undertake to keep strict confidentiality in relation to the data handled.
I. IDENTIFICATION Company Name: CRUZ Y GANDINI SAS, Nit: 900.441.009-2 Address: calle 5 B3 No. 38-44 Consultorio 402, Cali. Telephone: ( 57) (2) 5240170 ext. 402 Email: info@metodonec.com Website: www.metodonec.com.
II. DEFINITIONS
In accordance with current regulations regarding the protection of personal data, the following definitions will be taken into account: 1 The definitions set out in this document were taken from current Colombian regulations that regulate data protection.
- Authorization: prior, express and informed consent of the owner to carry out the Processing of Personal Data. - Privacy Notice: physical, electronic document or in any other format generated by the Responsible Party that is made available to the Owner for the processing of their personal data. In the Privacy Notice, the Owner is informed of the information regarding the existence of the information processing policies that will be applicable, the way to access them and the purpose of the treatment that is intended to be given to the personal data. - Database: organized set of Personal Data that is subject to Treatment. - Personal Data: any information linked or that may be associated with one or more specific or determinable natural persons. - Person in charge of the Treatment: natural or legal person, public or private, that by itself or in association with others, carries out the Treatment of Personal Data on behalf of the Person Responsible for the Treatment. In the events in which the Responsible Party is not in charge of the Database, the person in charge will be expressly identified. - Public Data: it is the data classified as such according to the mandates of the law or the Political Constitution and that which is not semi-private, private or sensitive. The data relating to the marital status of people, their profession or trade, their status as a merchant or public servant and those that can be obtained without any reservation are Public, among others. - Private Data: it is the data that due to its intimate or reserved nature is only relevant for the owner. - Sensitive Data: those that affect the privacy of the owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, of human rights or that promotes the interests of any political party or that guarantees human rights or that promotes opposition interests, as well as data related to health, sexual life and biometric data. - Person in charge of the Treatment: natural or legal person, public or private, that by itself or in association with others, carries out the processing of personal data on behalf of the Person Responsible for the Treatment. - Terms and Conditions: general framework in which the conditions for participants of promotional or related activities are established. - Owner: natural person whose personal data are subject to Treatment. - Treatment: Any operation or set of operations on Personal Data, such as the collection, storage, use, circulation or deletion. - Transfer: the transfer of data takes place when the person in charge and / or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is within or out of the country. - Transmission: processing of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a treatment by the person in charge on behalf of the person in charge.
III. TREATMENT AND PURPOSE The authorization of the processing of personal data carried out by CRUZ Y GANDINI SAS, for the proper development of its commercial activities is to collect, store, process, circulate, use and transmit or transfer (as appropriate) and delete personal data corresponding to Natural persons with whom you have or have had a relationship, strictly complying with the security and confidentiality duties ordered by Law 1581 of 2012 and Decree 1377 of 2013, in order to fulfill the following purposes:
- Sending information from your collaborators and family members, either for the provision of health services or programming of the company's activities as well as to support internal or external audit processes. - Advance the work of portfolio recovery, notifications of balances, pending billing for payment and other information related to the services provided by CRUZ Y GANDINI SAS - To strengthen relationships with our clients, personal data will be used to send relevant information as well as for the reception of support requirements, advice, consultancies and everything related to the company's corporate purpose. In the same way, the attention of requests, complaints, claims or congratulations, conducting customer satisfaction surveys and inviting the events and activities programmed by CRUZ Y GANDINI SAS The processing of personal data of applicants, employees, retired employees, clients, suppliers, contractors or any person with whom CRUZ Y GANDINI SAS, has established or establishes a relationship, permanent or occasional, will do so within the legal framework that regulates the matter. Without prejudice to the exceptions provided by law, in the processing of sensitive data, the prior, express and informed authorization of the owner is required, which must be obtained by any means that may be subject to subsequent consultation and verification.
IV GUIDING PRINCIPLES
To guarantee the protection of personal data, CRUZ Y GANDINI SAS will adapt the following principles in a comprehensive and harmonious way, in the light of which the treatment, transfer and transmission of personal data must be carried out. The principles included in this document were taken from the current Colombian regulations that regulate the protection of personal data. - Principle of Legality in Data Processing Matters: data processing is a regulated activity, which must be subject to current and applicable legal provisions governing the subject. - Principle of Purpose: the activity of personal data processing carried out by CRUZ Y GANDINI SAS, or to which it has access, will obey a legitimate purpose in accordance with the Political Constitution of Colombia, which must be informed to the respective owner of the data personal. - Principle of Freedom: the processing of personal data can only be carried out with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal, statutory or judicial mandate that relieves consent. - Principle of Truthfulness or Quality: the information subject to the processing of personal data must be truthful, complete, exact, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited. - Principle of Transparency: In the processing of personal data, CRUZ Y GANDINI SAS, will guarantee the Holder his right to obtain at any time and without restrictions, information about the existence of any type of information or personal data that is of interest or ownership. - Principle of Access and Restricted Circulation: the processing of personal data is subject to the limits derived from their nature, from the provisions of the law and the Constitution. Consequently, the treatment can only be done by people authorized by the owner and / or by the people provided by law. Personal data, except for public information, may not be available on the internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the holders or authorized third parties in accordance with the law. - Security Principle: the information subject to treatment by CRUZ Y GANDINI SAS, must be handled with the technical, human and administrative measures that are
necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. - Principle of Confidentiality: all personnel who, at CRUZ Y GANDINI SAS, administer, handle, update or have access to information of any kind found in the Database, are obliged to guarantee the reservation of the information, therefore They undertake to keep and keep strictly confidential and not reveal to third parties, all the information that they come to know in the execution and exercise of their functions; Except in the case of activities expressly authorized by the data protection law. This obligation persists and will be maintained even after the end of your relationship with any of the tasks that the treatment comprises.
V. RIGHTS OF THE OWNER OF THE PERSONAL DATA INFORMATION
In accordance with the provisions of current regulations, all persons whose personal data are processed by CRUZ Y GANDINI SAS, have the following rights, which they may exercise at any time: - Know, update and rectify the Personal Data provided to CRUZ Y GANDINI SAS, which are subject to treatment. The owner may exercise this right, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is expressly prohibited or has not been authorized. - Require at any time the proof of authorization granted to CRUZ Y GANDINI SAS, for the processing of personal data, through valid means, except in cases where authorization is not necessary. - Be informed by CRUZ Y GANDINI SAS, upon request, regarding the use that it has given your personal data. - Present before the Superintendency of Industry and Commerce, or the entity that will act in its place, complaints about infractions or the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it, after consultation or request made to CRUZ Y GANDINI SAS - Request to CRUZ Y GANDINI SAS, the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected, through the different channels of attention existing for this purpose. - Free access to your Personal Data subject to Treatment. - Know the Company's data processing policy and through it, the use and purpose that will be given to your personal data. 3 Law 1581 of 2012. Art 10 "CASES IN WHICH AUTHORIZATION IS NOT NECESSARY" The authorization of the owner will not be necessary when it comes to: information required by a public or administrative entity in the exercise of its legal functions or by court order, data of a public nature, medical or health emergencies, information processing authorized by law for historical, statistical or scientific purposes, data related to the civil registry of individuals. Whoever accesses personal data without prior authorization must in any case comply with the provisions contained in this law. The aforementioned rights may be exercised, taking into account the following aspects: - When the owner consults the personal data, requests authorization or information on the use that is given to their data, they can make the consultation in writing, in person or by the different means that CRUZ Y GANDINI SAS has made available
SAW. DUTIES OF CRUZ Y GANDINI SAS
REGARDING THE PROCESSING OF PERSONAL DATA
CRUZ Y GANDINI SAS, admits that personal data are the exclusive property of the owner and consequently only he can decide on them. CRUZ Y GANDINI SAS, will use personal data only for the purposes authorized by the owner or by current regulations. CRUZ Y GANDINI SAS, in the treatment and protection of personal data, will have the following duties, without prejudice to others provided in the provisions that regulate or regulate this matter: - Guarantee at all times to the owner, the full and effective exercise of the right habeas data. - Request a copy of the authorization granted by the owner for the processing of personal data and keep it. - Inform the owner of the purpose of the collection and the rights that favor him by virtue of the authorization granted. - Keep the information under conditions of high security standards, which prevent adulteration, loss, consultation, use or unauthorized and / or fraudulent access. - Timely update the information, regarding the news of the owner's data, implementing the necessary measures. - Guarantee that the information is truthful, complete, accurate, updated, verifiable and understandable. - Rectify the information when it is incorrect and communicate the pertinent. - Respect the security and privacy conditions of the owner's information. - Process all inquiries, claims and requests made within the terms indicated by law. - Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the holders. - Allow access to information only to people who can have access to it. - Use the personal data of the owner only for those purposes for which he is duly empowered and respecting in any case the current regulations CRUZ Y GANDINI SAS, is responsible for all the personal data of the owners, as long as said information has been provided by them, as well as that of the database or storage medium where they are located and is their property or management. Information and / or Personal Data of the Independent Owner of the commercial, labor or other relationship that implies accessing the services or participating in the different processes or activities of CRUZ Y GANDINI SAS, you must voluntarily provide your data as they are between others: name, surname, identification, telephone number, address and other necessary data that are requested in the different registration processes (suppliers, clients, employees) Protection of Information or Personal Data CRUZ Y GANDINI SAS, works hard to guarantee the protection of information, avoiding unauthorized access, modifications, disclosure and unauthorized elimination of information found within existing databases. In the event that data is supplied and the entire process is carried out by means of the transmission of information or data through the internet or wireless networks, it must be taken into account that due to the characteristics of these means it is impossible to guarantee optimal security, therefore, in these cases, the risk inherent in the transmission of information or the means used belongs to the owner. CRUZ Y GANDINI SAS, to guarantee and comply with the Data Protection obligation, implemented the following controls:
- Monitor the management of information systems, which allow optimal operation. - Register of obligations or confidentiality agreements with personnel who have a commercial, labor or other relationship. Failure to comply with these agreements implies the termination of the relationship that said persons have with CRUZ Y GANDINI SAS, becoming a creditor of the disciplinary sanctions provided for in the Law. - Perform periodic audits to guarantee the correct implementation of Law 1581 of 2012 and others related standards. - Adopt technological security mechanisms such as security software, digital signatures, SSL certificates, Hypertext Transfer Protocol Secure (HTTPS), as the necessary tools to safeguard and protect the personal databases processed by CRUZ Y GANDINI SAS
VII. AUTHORIZATION Except for the cases defined in Law 1581 of 2012, CRUZ Y GANDINI SAS, will request the prior, express and informed authorization of the owners of the personal data at the time the information is captured, by the different means that can be used as proof (physical document, electronic, data message, internet, websites, among others). The authorization may be part of a contract or a specific document for this purpose. In no case will CRUZ Y GANDINI SAS assimilate the owner's silence to unequivocal conduct. Whatever the mechanism used, it is necessary that the authorization be kept in order to be consulted later. CRUZ Y GANDINI SAS, will keep the proof of authorization granted by the owner of the personal data for its treatment, using the available mechanisms at its disposal and will adopt the actions that are necessary to maintain the registry.
VIII. REVOCATION OF THE AUTHORIZATION The owner of the personal data may at any time revoke the authorization and consent to the processing of these, as long as it is not prevented by a legal or contractual provision. For this, CRUZ Y GANDINI SAS, has different mechanisms that allow the owner to revoke their consent and / or request the deletion of their personal data. Therefore, it must be taken into account that the revocation of consent can be expressed, on the one hand, in a total way in relation to the authorized purposes, and therefore CRUZ Y GANDINI SAS, must end any data processing activity; and on the other, partially in relation to certain types of treatment, in which case it will be these on which the treatment activities will cease, such as for advertising purposes, among others. In the latter case, CRUZ Y GANDINI SAS may continue to process personal data for those purposes in relation to which the owner has not revoked their consent.
IX. PROCEDURE FOR THE ATTENTION AND RESPONSE OF QUERIES, COMPLAINTS, CLAIMS AND REQUESTS FROM THE HOLDERS OF PERSONAL DATA. The owners of the personal data that are being collected, stored, processed, used and transmitted or transferred by CRUZ Y GANDINI SAS, may at any time exercise their rights to know, update and rectify the information. For this purpose, the following procedure will be followed, in accordance with the Personal Data Protection Law:
- Enabled Service Channels for the Submission of Queries, complaints, claims and petitions. CRUZ Y GANDINI SAS, makes available to the owner the following means of reception for the attention of requests, queries, complaints and claims that allow them to keep proof of them:
1. Written medium: it must be addressed to CRUZ Y GANDINI SAS, to the Customer Service area, calle 5 B3 No. 38-44 Consultorio 402, Cali. 2. Telephone Medium: The holder may contact our PBX telephone line: ( 57) (2) 5240170 ext. 402 from Monday to Friday from 8:00 a.m. to 12:00 p.m. and from 2:00 a.m. to 6:00 p.m. and on Saturdays from 8:00 a.m. to 12:00 p.m. 3. Electronic means: our email is available for the attention of the requests info@metodonec.com. 4. They may also carry out this procedure through our website www.metodonec.com.
- Attention and Response to Requests, Queries, Complaints and Claims. The requests that are made through the different service channels will be attended to within a maximum term of ten (10) business days from the date of filing. In the event that it is not possible to meet the request in the stipulated time, the interested party will be informed of the reason why a timely response has not been given and defining a date on which the query and / or request will be attended, which in no case it may exceed five (5) business days following the expiration of the first term. - In the event that the requests are for updating, rectification or deletion of the data, they will be answered within the following fifteen (15) business days, which count from the filing of the request. All requests must contain at least the description of the facts that give rise to the complaint or claim, the address and contact information of the applicant. If the request is submitted with incomplete data, CRUZ Y GANDINI SAS, will require the interested party within five (5) days following receipt of the complaint or claim to correct the failures. If, after two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the complaint or claim has been withdrawn.
X. INFORMATION SECURITY CRUZ Y GANDINI SAS, will adopt the technical, human and administrative measures that are necessary to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. Both internal and external personnel and all those who have responsibilities over the sources, repositories and processing resources of CRUZ Y GANDINI SAS information, must adopt the guidelines contained in this document and in the documents related to it, in order to to maintain confidentiality, integrity and ensure the availability of information. CRUZ Y GANDINI SAS, is committed to making a correct use and treatment of the personal data contained in the database, avoiding unauthorized access to third parties. For this purpose, it has security protocols and access to information, storage and processing systems including physical control measures, security risks. Likewise, a perimeter security system "Firewall" and first level proactive intrusion detection have been implemented to keep the information safe. The system is constantly monitored through vulnerability analysis. CRUZ Y GANDINI SAS, has deployed a series of documents and activities internally to guarantee the correct functioning of the security schemes applied to the personal data database processed. Storage of Personal Data CRUZ Y GANDINI SAS, requests the necessary data for the acquisition of services, interaction with clients, activities involving the internal personnel of the Company and everything related to the billing process. Once the personal data have been provided voluntarily and freely, through registration through the different channels or means set by CRUZ Y GANDINI SAS, they are stored in the database
corresponding data according to the process in which they intervene or according to the service acquired. In some cases the databases are behind a firewall for added security and the servers on which the databases rest are physically protected in a safe place. On the other hand, in the case of personal data corresponding to employees, customers, suppliers, among others, it is stored physically in files that are under lock and key. Only authorized personnel who have signed information confidentiality agreements can access them. XI. INFORMATION DISCLOSURE Each owner of the personal data processed by CRUZ Y GANDINI SAS, acknowledges and accepts this personal data treatment policy and declares to know which CRUZ Y GANDINI SAS, can provide this information to state entities that in the exercise of their functions , request this information. Likewise, it accepts that they may be subject to internal or external audit processes by companies in charge of this type of control. The foregoing, subject to the confidentiality of the information.
XII. VALIDITY AND UPDATE This policy for the processing of personal data was approved by the General Management and will be in force as of May 1, 2017. The databases in which the personal data rest will have a validity equal to the period in which they are maintain the purpose or purposes of the treatment in each database.

Share by: