Internal Policy Manual
SAN BASILIO CALZADO S.A.S NIT 890939791-8
Internal manual of policies and procedures for the protection of personal data
Introduction
The purpose of this manual is to comply with the provisions of literal k) of article 17 of Statutory Law 1581 of 2012, by which general provisions are issued for the protection of personal data, among which is the adoption of a Internal manual of policies and procedures through which the correct compliance with this Law is guaranteed and, in particular, to ensure the effective exercise of the rights of the owners. All the information received by SAN BASILIO CALZADO S.A.S through its different communication channels, in digital or printed media and that make up our databases, obtained from customers, suppliers, and employees, is governed by the following use policies. If you are listed in any of our databases, it is because you have had or maintain a business or employment relationship with SAN BASILIO S.A.S.
Internal manual of policies and procedures for the protection of personal data
Introduction
The purpose of this manual is to comply with the provisions of literal k) of article 17 of Statutory Law 1581 of 2012, by which general provisions are issued for the protection of personal data, among which is the adoption of a Internal manual of policies and procedures through which the correct compliance with this Law is guaranteed and, in particular, to ensure the effective exercise of the rights of the owners. All the information received by SAN BASILIO CALZADO S.A.S through its different communication channels, in digital or printed media and that make up our databases, obtained from customers, suppliers, and employees, is governed by the following use policies. If you are listed in any of our databases, it is because you have had or maintain a business or employment relationship with SAN BASILIO S.A.S.
Through this manual, the procedures for the collection and treatment of personal data are indicated in the terms established in the Law.
Object.
The purpose of this manual is to comply with the legal, constitutional and jurisprudential provisions concerning the development of the constitutional right that all people have to know, update and rectify the information that has been collected about them in databases or files related to the articles 15 and 20 of the Political Constitution.
Applicable legislation.
This manual was prepared taking into account the provisions contained in Law 1581 of 2012 "By which general provisions are issued for the protection of personal data", Decree 1377 of 2013 "By which Law 1581 is partially regulated", the Decree 886 of 2014 and Decree 1074 of 2015.
Area of application.
This manual will apply to the processing of personal data collected and handled by SAN BASILIO CALZADO S.A.S.
This manual will not apply to:
To the data or files kept in an exclusively personal or domestic environment.
To the data containing the purpose of national security and defense, as well as the prevention, detection, monitoring and control of money laundering and the financing of terrorism.
To data containing intelligence and counterintelligence information of the State.
To the data of journalistic information and other editorial content.
To the databases and files regulated by Statutory Law 1266 of 2008.
To the databases and files regulated by Law 79 of 1993.
Definitions.
For the application of the rules and procedures established in this manual, and in accordance with the provisions of article 3 of Statutory Law 1581 of 2012, it will be understood as:
Authorization: prior, express and informed consent of the Owner to carry out the Processing of personal data.
For the application of the rules and procedures established in this manual, and in accordance with the provisions of article 3 of Statutory Law 1581 of 2012, it will be understood as:
Authorization: prior, express and informed consent of the Owner to carry out the Processing of personal data.
Privacy notice: physical document, electronic or in any other format, generated by the person responsible for the Treatment that is made available to the owner for the Treatment of their personal data. Through this, the Owner of the information is informed of the existence of the applicable policies for the treatment of their personal data, together with the way to access them and the characteristics of the treatment of personal data.
Sensitive data: Sensitive data is understood to be that which affects the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, organizations social, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
Database: organized set of personal data that is subject to Treatment.
Personal data: any information linked or that can be associated with one or more specific or determinable natural persons.
Person in Charge of Treatment: natural or legal person, public or private, that by itself or in association with others, performs the Treatment of personal data on behalf of the Person Responsible for Treatment.
Responsible for the Treatment: natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of the data.
Owner: natural person whose personal data is subject to Treatment.
Treatment: any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
5. Principles for the treatment of personal data. In the development, interpretation and application of this manual, the following principles will be applied, harmoniously and comprehensively: Principle of purpose: The Treatment of personal data must obey a legitimate purpose, which must be informed to the Owner. Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent. Principle of veracity or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited. Principle of transparency: In the Treatment, the right of the Holder to obtain from the Responsible at any time and without restrictions, information about the existence of data that concerns him must be guaranteed. Principle of access and restricted circulation: Personal data, except for public information, may not be available on the Internet or other means of disclosure or mass communication, unless access is technically controllable to provide restricted knowledge only to authorized owners or third parties. . Security principle: The information subject to Treatment by the Responsible Party must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. Confidentiality principle: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that the treatment comprises. Identification of the person responsible for the processing of personal data The company SAN BASILIO CALZADO S.A.S will be responsible for the processing of personal data, located at Carrera 25 A Calle 1 A Sur 45, Local 1051 Parque Comercial El Tesoro, Municipality of Medellín, (Antioquia), Colombia, designated email: comercial@sanbasilio.com.co, service phone: (+574)321-05-53 Rights of the owners of the information In accordance with article 8 of Statutory Law 1581 of 2012, customers, suppliers and employees as holders of information have the following rights which they can exercise at any time: Know, update and rectify your personal data before SAN BASILIO CALZADO S.A.S. in its capacity as Data Controller. Request proof of the authorization granted to SAN BASILIO CALZADO S.A.S. Be informed by SAN BASILIO CALZADO S.A.S regarding the use that has been given to your personal data. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Statutory Law 1581 of 2012, having exhausted the consultation or claim process as indicated in the aforementioned Law. Revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the Treatment. Free access to your personal data that has been processed. Duties of SAN BASILIO CALZADO S.A.S in its capacity as responsible for the processing of personal data: Guarantee the owner of the information, at all times, the full and effective exercise of the right of habeas data. Keep a copy of the respective authorization granted by the owner. Duly inform the owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access. Process the queries and claims made by the owners of the information in the terms indicated by articles 14 and 15 of Law 1581 of 2012. Inform at the request of the Owner about the use given to their data. Inform the Superintendence of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the Holders. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce. Duties regarding the treatment of data of children and adolescents.
SAN BASILIO CALZADO S.A.S, in its capacity as Responsible for the processing of the personal data of the aforementioned groups, must take special care to ensure compliance with the Law regarding these groups and respect for their rights, especially with respect to personal data. personal data that do not fit into the category of data of a public nature (name, gender, date of birth, etc.).
Authorization.
Authorization.
SAN BASILIO CALZADO S.A.S. will request prior, express and informed authorization from the owners of the information, for this the company can use physical and electronic means, but in no case the silence of the owner will be understood as an unequivocal conduct.
The authorization of the holders of the information that was obtained by physical means will be properly preserved so that they can later be consulted.
In the event that the database is very broad and disproportionate and it is impossible to request authorization from each owner of the database, SAN BASILIO CALZADO S.A.S may implement alternative mechanisms such as the website.
Authorization for the processing of personal data will be implemented on the company's website, which the owners of the information may accept, if within 30 business days, counted from the implementation of alternative mechanisms the owner has not contacted the person responsible for the information, the person in charge may continue processing the data for the purposes described in this policy.
Cases in which authorization is not required
The authorization of the holder will not be necessary in the case of:
Information required by a public or administrative entity in the exercise of its legal functions or by court order.
Data of a public nature.
Cases of medical or health emergency.
Treatment of information authorized by law for historical, statistical or scientific purposes.
Data related to the Civil Registry of Persons.
Treatment
The company SAN BASILIO CALZADO S.A.S as responsible for the processing of personal data, for the operation and development of its commercial activities, with prior authorization from the owners of the information, collects, stores, uses, circulates and deletes information from customers, suppliers and/or or employees, subject exclusively to the purposes established in this policy.
Authorization purposes.
The company SAN BASILIO CALZADO S.A.S as responsible for the processing of personal data, for the operation and development of its commercial activities, with prior authorization from the owners of the information, collects, stores, uses, circulates and deletes information from customers, suppliers and/or or employees, subject exclusively to the purposes established in this policy.
Authorization purposes.
The treatment of the personal data of the holders that are in the San Basilio database arises from the different commercial and labor relations between the company and third parties, this information is necessary for the correct functioning of the commercial operation and is collected for the following purposes:
Sales and purchase statistics.
marketing and merchandising.
Collection management.
Billing.
Customer analysis.
Carry out credit studies and verification of data before irrigation centers.
Monitoring of guarantees and returns.
Request quotes and orders.
Payment notification.
Accounting and tax management.
Make affiliations.
Prepare contracts.
Payroll management.
Personnel selection processes.
Control of audit processes.
Sensitive data.
For the purposes of this manual, sensitive data is understood to affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, to unions, social, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data
Sensitive data processing.
The processing of sensitive data is prohibited, except when:
The Holder has given his explicit authorization to said Treatment.
The Treatment is necessary to safeguard the vital interest of the Holder and he is physically or legally incapacitated.
The Treatment is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided that they refer exclusively to its members or to people who maintain regular contact by reason of its purpose.
The Treatment refers to data that is necessary for the recognition, exercise or defense of a right in a judicial process.
The Treatment has a historical, statistical or scientific purpose.
Proof of authorization.
SAN BASILIO CALZADO S.A.S. in its capacity as Data Controller, it will have the necessary means to maintain the technical and technological records of when and how authorization was obtained from the Owner of the information to process them.
Notice of Privacy.
The privacy notice is a physical, electronic document or any other format, through which the owner of the information is informed about the existence of policies that will be applicable to him, as well as the way in which they can access them and the characteristics of the treatment that will be given to personal data.
In all cases, you must inform the Holder how to access or consult the information treatment policy.
The privacy notice of San Basilio Calzado S.A.S can be consulted on the website www.sanbasilio.com.co
Procedures to guarantee the right of access, consultation and claim of the owner of the information.
PROCEDURES FOR ACCESS, CONSULTATION AND CLAIM. The holders of the information may exercise their rights at any time and free of charge, after proof of their identity.
Access.
Taking into account that the power to dispose of or decide on personal data rests with the Holder of the information, this power necessarily implies the right of the holder to access and know the personal information that is being processed, including in this aspect the scope, conditions and generalities of the treatment.
Taking into account the foregoing, this right is guaranteed to the Holder, which includes.
Knowledge of the existence of the processing of your personal data.
Access to your personal data.
The circumstances of the processing of personal data.
Taking into account that the power to dispose of or decide on personal data rests with the Holder of the information, this power necessarily implies the right of the holder to access and know the personal information that is being processed, including in this aspect the scope, conditions and generalities of the treatment.
Taking into account the foregoing, this right is guaranteed to the Holder, which includes.
Knowledge of the existence of the processing of your personal data.
Access to your personal data.
The circumstances of the processing of personal data.
Query.
In accordance with article 14 of Statutory Law 1581 of 2012, the Holders or their successors in title may consult the personal information of the Holder that resides in any database. This right is guaranteed by supplying them with all the information contained in the individual record or that is linked to the identification of the Holder.
SAN BASILIO CALZADO S.A.S. As the data controller, you must provide the requested information
Queries will be answered within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the query within said term, the interested party will be informed within the first term conferred, where the reasons for the delay will be expressed and indicating the date on which his query will be attended, which in no case may exceed the five (5) business days following the expiration of the first term.
claim.
In accordance with article 14 of Statutory Law 1581 of 2012, the Holders or their successors in title may consult the personal information of the Holder that resides in any database. This right is guaranteed by supplying them with all the information contained in the individual record or that is linked to the identification of the Holder.
SAN BASILIO CALZADO S.A.S. As the data controller, you must provide the requested information
Queries will be answered within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the query within said term, the interested party will be informed within the first term conferred, where the reasons for the delay will be expressed and indicating the date on which his query will be attended, which in no case may exceed the five (5) business days following the expiration of the first term.
claim.
In accordance with article 15 of Statutory Law 1581 of 2012, the Holder or his successors in title who consider that the information contained in a database must be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in Statutory Law 1581 of 2012, may file a claim which will be processed under the following rules:
The claim will be formulated through a communication made by the owner or his successors in title addressed to SAN BASILIO CALZADO S.A.S. responsible for the Treatment, which must include the information indicated in article 15 of Statutory Law 1581 of 2012. If the claim is incomplete, the interested party will be required within five (5) days after receiving the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn the claim.
The claim will be formulated through a communication made by the owner or his successors in title addressed to SAN BASILIO CALZADO S.A.S. responsible for the Treatment, which must include the information indicated in article 15 of Statutory Law 1581 of 2012. If the claim is incomplete, the interested party will be required within five (5) days after receiving the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn the claim.
In the event that SAN BASILIO CALZADO S.A.S receives a claim that it is not competent to resolve, it will transfer it to the appropriate party within a maximum period of two (2) business days and will inform the interested party of the situation.
Once the complete claim is received, a legend will be included in the database that says "claim in process" and the reason for it, in a term not exceeding two (2) business days. Said legend must be kept until the claim is decided.
The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.
At any time and free of charge, the natural person who owns the personal data or their representative may request the rectification, updating or deletion of their personal data after proof of their identity.
The request for rectification, updating or deletion of your personal data must be submitted through the provided means indicated in the privacy notice and must contain at least the following information:
The name and address of the Holder or representative or any other means to receive the response to your request.
The documents that prove the identity or representation of the Owner of the personal data.
The clear and precise description of the personal data and the facts that give rise to the claim.
The documents that you want to assert in the claim.
The suppression implies the total or partial elimination of the personal information in accordance with the request of the Holder, of the records, files and databases or treatments carried out by SAN BASILIO CALZADO S.A.S.
Depending on the nature of the personal database, the claim will be managed by the area responsible for attending to it within SAN BASILIO CALZADO S.A.S.
The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.
At any time and free of charge, the natural person who owns the personal data or their representative may request the rectification, updating or deletion of their personal data after proof of their identity.
The request for rectification, updating or deletion of your personal data must be submitted through the provided means indicated in the privacy notice and must contain at least the following information:
The name and address of the Holder or representative or any other means to receive the response to your request.
The documents that prove the identity or representation of the Owner of the personal data.
The clear and precise description of the personal data and the facts that give rise to the claim.
The documents that you want to assert in the claim.
The suppression implies the total or partial elimination of the personal information in accordance with the request of the Holder, of the records, files and databases or treatments carried out by SAN BASILIO CALZADO S.A.S.
Depending on the nature of the personal database, the claim will be managed by the area responsible for attending to it within SAN BASILIO CALZADO S.A.S.
Revocation of information.
In accordance with the provisions of the law, in the event that the principles, rights and constitutional and legal guarantees are not respected in the treatment, the owners or their representatives may request the revocation of the authorization granted for the treatment of the same, Unless such revocation is prevented by legal or contractual provision, indicating in said case, the specific reasons based on which it considers that the situation of non-compliance with the aforementioned scope is taking place.
Information security and confidentiality measures.
For data storage, SAN BASILIO CALZADO S.A.S. It has an external server in which all the databases are stored.
To access the information system, SAN BASILIO CALZADO S.A.S has created profiles and each profile is assigned a password for its own unique use.
The external server is protected by a Firewall system that allows control of network access and keeps the databases safe from any external threat.
The personal database of SAN BASILIO CALZADO S.A.S will never be used for profit or fraudulent purposes, advertising of third parties outside the purposes for which they were authorized.
The human resource will be aimed at conserving and protecting the information avoiding loss or access by unauthorized personnel.
Designation.
The Administrative division, designated by SAN BASILIO CALZADO S.A.S as the area responsible for handling requests, queries and claims before which the owner of the information may exercise their rights to know, update, rectify, delete and revoke the authorization.
The requirements made by the holders of the databases will be received verbally or in writing by means of: Service telephone: (574) 321-05-53, email: comercial@sanbasilio.com.co or certified mail at the address Carrera 25 A Calle 1 A Sur 45 Local 1051 Parque Comercial El Tesoro, Medellín, Colombia.
Validity of the manual.
This manual is effective as of October 13, 2016.
In accordance with the provisions of the law, in the event that the principles, rights and constitutional and legal guarantees are not respected in the treatment, the owners or their representatives may request the revocation of the authorization granted for the treatment of the same, Unless such revocation is prevented by legal or contractual provision, indicating in said case, the specific reasons based on which it considers that the situation of non-compliance with the aforementioned scope is taking place.
Information security and confidentiality measures.
For data storage, SAN BASILIO CALZADO S.A.S. It has an external server in which all the databases are stored.
To access the information system, SAN BASILIO CALZADO S.A.S has created profiles and each profile is assigned a password for its own unique use.
The external server is protected by a Firewall system that allows control of network access and keeps the databases safe from any external threat.
The personal database of SAN BASILIO CALZADO S.A.S will never be used for profit or fraudulent purposes, advertising of third parties outside the purposes for which they were authorized.
The human resource will be aimed at conserving and protecting the information avoiding loss or access by unauthorized personnel.
Designation.
The Administrative division, designated by SAN BASILIO CALZADO S.A.S as the area responsible for handling requests, queries and claims before which the owner of the information may exercise their rights to know, update, rectify, delete and revoke the authorization.
The requirements made by the holders of the databases will be received verbally or in writing by means of: Service telephone: (574) 321-05-53, email: comercial@sanbasilio.com.co or certified mail at the address Carrera 25 A Calle 1 A Sur 45 Local 1051 Parque Comercial El Tesoro, Medellín, Colombia.
Validity of the manual.
This manual is effective as of October 13, 2016.