Privacy Policy

INFORMATION AND DATA HANDLING POLICIES

GUIA SAI S.A.S.

  1. INTRODUCTION:

Based on the Statutory Law 1581 of 2012 "By which general provisions are issued for the protection of personal data" and Decree 1377 of 2013, "By which Law 1581 of 2012 is partially regulated", Law 1266 of 2009 "wherebythe general provisions of habeas data are issued and the handling of information contained in personal databases is regulated, especially financial, credit, commercial, service and from third countries and other provisions are issued" (case law on the subject)GUIA SAI S.A.S., domiciled in the city of San Andres, San Andres and Providencia, as responsible for the processing of personal data of others, adopts by this document the policies and procedures to ensure the right of individuals to know, update and rectify the information that has been recorded about them in databases and / or files.

This Policy applies to all recordable personal information of clients, prospects, contractors, suppliers, employees, or any other person who for any reason provides information or makes them susceptible to treatment by GUIA SAI S.A.S, the Company may update this policy at any time, by legal update, internal policies, or for any other reason or circumstance, which will be informed and made known in a timely manner, by written document, publication on the website, verbal communication or by any other means of mass notification, for this reason it is recommended to the holder of personal data, review it regularly to ensure that you have read the most current version.

In accordance with the relevant legislation in force, the following are established

DEFINITIONS;

which will be applied and implemented in accordance with the criteria of interpretation that guarantee a systematic and comprehensive application, and in line with technological advances, technological neutrality; and the other principles and postulates that govern the fundamental rights that surround, orbit and surround the right to habeas data and personal data protection.

Authorisation: Prior, express and informed consent of the holder to carry out the processing of personal data.

Database: Organised set of personal data that is the object of Processing.
Personal data: Any information linked or that can be associated to one or several determined or determinable natural persons.

Processor: A natural or legal person, public or private, who, alone or in association with others, carries out the processing of personal data on behalf of the controller.

Controller: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the processing of the data.

Data subject: Natural person whose personal data is the subject of processing.

Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

 

  1. DATA CONTROLLER;

The responsible for the treatment of your personal data is GUIA SAI S.A.S, identified with Nit: 901.013.739-9, with main office in Avenida 20 de julio N° 4ª -26 of San Andrés, San Andrés y Providencia, Web Portal: www.guiasanandresislas.com and www.guiasai.com, cellular 316 3208865.

GUIA SAI S.A.S. shall comply with the duties foreseen for Data Controllers and Data Processors, contained in articles 17 and 18 of Law 1581 of 2012, or rules that regulate or modify it, namely:

  1. Guarantee the Data Subject, at all times, the full and effective exercise of the right to habeas data;
  2. Request and keep, under the conditions provided for in this law, a copy of the respective authorisation granted by the Data Controller;
  3. Duly inform the Data Subject about the purpose of the collection and the rights that he/she has by virtue of the authorisation granted;
  4. Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorised or fraudulent use or access;
  5. Ensure that the information provided to the Data Controller is true, complete, accurate, up to date, verifiable and comprehensible;
  6. To update the information, communicating in a timely manner to the Data Processor, all new developments with respect to the data previously provided and to adopt the other necessary measures to ensure that the information provided to the Data Processor is kept up to date;
  7. Rectify the information when it is incorrect and communicate the relevant information to the Data Processor;
  8. To provide to the Data Processor, as the case may be, only data the Processing of which has been previously authorised in accordance with the provisions of this law;
  9. Demand that the Data Controller at all times respect the conditions of security and privacy of the Data Subject's information;
  10. Process queries and claims formulated under the terms set out in this law;
  11. Adopt an internal manual of policies and procedures to ensure adequate compliance with this law and, in particular, to deal with queries and complaints;
  12. Inform the Data Controller when certain information is under discussion by the Data Subject, once the complaint has been filed and the respective process has not been completed; m. To inform the Data Controller, at the request of the Data Subject, about the use given to his/her data;
  13. Inform the data protection authority when there are violations of the security codes and there are risks in the administration of data subjects' information.
  14. Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

 

  1. PURPOSE OF THE PERSONAL DATA AND THEIR CLASSIFICATION:

GUIA SAI S.A.S, has a database with personal information that has been used for commercial purposes through invitations to face-to-face and virtual events and promotion of tourism on the island of San Andres and Providencia, in the same way the database is used for labour use at the level of GUIA SAI S.A.S staff, for portfolio use and everything derived from the sale-purchase relationship.

Within the scope of the rights to privacy, good name, image and other Constitutional guarantees, GUIA SAI S.A.S. uses the personal data that the data owner registered in the different ways that such data is collected (as a customer, supplier, employee or other), the data collected, has to do with their identification data, that is, names and surnames, gender, profession or trade, telephone numbers, address and profile on social networks. Additionally, GUIA SAI S.A.S. uses company contact data: telephone numbers (office and mobile), email, position, company name and identification, number of employees, technological platforms, address and business group. On the employment side the data may be extended with other information derived from the employment relationship.

Likewise, GUIA SAI S.A.S. makes use of the data provided throughout the course of its relations with customers, such as storage of documents that were filed in our offices and containing signature and personal information of these when it comes to natural persons, or partners, employees, contractors or dependents in the case of legal persons.
The collection of personal data and its automated processing are intended to facilitate the management, administration, improvement and expansion of the various services, the development of statistics, management or monitoring of incidents, as well as the sending of communications, and any other purpose that in the exercise of its corporate purpose GUIA SAI S.A.S. requires. Thus, personal data are used exclusively by the marketing, commercial, administrative and customer service areas for the following purposes:

  • Creation and preservation of documents legally required by accounting rules.
  • Processing of your personal data in our marketing activities.
  • To improve our knowledge of the market in the marketing of hardware, agricultural, construction and fasteners products.
  • Adaptation of our products and services to better respond to your interests, data update campaigns.
  • Sending letters, magazines and communications in general.
  • Improve the services offered by GUIA SAI S.A.S. Conduct studies and analysis of surveys and feedback from partners and guests.
  • Management of requests, complaints and claims.

GUIA SAI S.A.S, performs the following classification of the information collected in the database;

Employee database; natural persons who are employed and that the information collected is specifically for employment use.

Database Contractors and suppliers; Natural and legal persons who provide any service or sale of products to the company GUIA SAI S.A.S. The data collected here are used for compliance with the contractual relationship.

Commercial database; These are the natural and legal persons whose data has been collected and this information is used to promote the company's corporate purpose and everything derived from commercial relations.

The Authorisation for the use of this data may be recorded in physical documents, data messages, internet, websites, any format that allows its consultation by means of which the authorisation can be unequivocally concluded.

Cases in which authorisation is not required, the authorisation of the Data Controller is not required in the case of:

Information required by a public or administrative body in the exercise of its legal functions or by court order.

- Data of a public nature.

- Medical or health emergencies

Processing of information authorised by law for historical, statistical or scientific purposes.

Data related to the Civil Registry of Individuals

 

  1. EXERCISE OF THE RIGHTS OF THE HOLDER OF THE PERSONAL DATA TO KNOW, UPDATE, RECTIFY AND DELETE HIS OR HER INFORMATION

The user may exercise his/her right to know, update, rectify and delete the personal data supplied to GUIA SAI S.A.S., by sending a communication through the following means:

 

Mail electrónico:info@guiasai.com, Direct mail addressed to GUIA SAI S.A.S at Avenida 20 de julio N° 4ª -26 de San Andrés, San Andrés y providencia, Colombia.
In accordance with the provisions of Article 20 of Decree 1377 of 2013, the rights of the owners established in the Law, may be exercised by:

  • The Data Subject, who must provide sufficient proof of his or her identity by the various means made available to him or her by the data controller.
  • By their successors in title, who must provide proof of such status.
  • By the representative and/or attorney-in-fact of the Data Controller, upon accreditation of the
  • representation or proxy.
  • By stipulation in favour of or for another.

As the Data Subject, you have the right to demand that the following principles are respected in the processing of your personal data:

Legality: the processing of data is a regulated activity that must be subject to the provisions of the Law and the provisions that develop the matter.

Purpose: the processing of personal data must be carried out for a legitimate purpose, which must be communicated to the data subject;

Freedom: Processing must be carried out with the consent of the data subject, and personal data may not be obtained or disclosed without the consent of the data subject, or in the absence of a legal or judicial mandate revealing consent.

Truthfulness and Quality: the information subject to processing must be truthful, complete, accurate, up-to-date, verifiable and comprehensible. The processing of partial, incomplete, fragmented or misleading data is prohibited.

Transparency: the right of the data subject to obtain, at any time and without restriction, information about the existence of his or her data must be guaranteed in the processing.

Restricted Access and Circulation: Personal data, except for those of a public nature, may not be made available on the internet or other means of mass dissemination or communication, unless access is technically controllable so as to provide restricted knowledge only to data subjects or authorised third parties.

Security: the information subject to processing must be protected through the use of technical, human and administrative measures that provide security to the records, avoiding their adulteration, loss, consultation, unauthorised or fraudulent use or access.

Confidentiality: the persons involved in the processing of personal data must guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing.

 

The request or right exercised by the owner of the personal data must contain the name and surname of the user and the contact details to receive notifications.
This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorised by the owner.
The owner of the personal data may ask GUIA SAI S.A.S for a copy of the data held about him/her. Likewise, GUIA SAI S.A.S will update, rectify or delete the data when they are inaccurate, incomplete or no longer necessary or relevant for the initial purpose.

The holder may consult his/her personal data free of charge once every calendar month and whenever there are substantial modifications to the data processing policies of GUIA SAI S.A.S. In compliance with the above, the following procedure is established:

 

COMPLAINTS AND QUERIES RIGHT OF HOLDERS

 

The right to complain

 

The Holder of private personal data corresponding to a natural person and considers that the information contained or stored may be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties and principles contained in the regulations on Personal Data Protection. In this regard, they may submit a complaint to the Controller or Data Processor GUIA SAI SAI S.A.S.

The complaint may be submitted by the holder, taking into account the information indicated in article 15 of Law 1581 of 2012.

If the claim is incomplete, the holder may complete it within five (5) working days of receipt of the claim, in order to rectify the faults or errors.

If two (2) months have elapsed since the date of the request without the applicant submitting the requested information, it shall be understood that the claim has been withdrawn.

Once GUIA SAI S.A.S. has received the completed claim, the holder will be informed that the "claim is being processed" within two (2) working days.

The maximum term to resolve the claim is fifteen (15) working days, counted from the day following the date of receipt. When it is not possible to address the claim within this period, GUIA SAI S.A.S. will inform the interested party of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) working days following the expiration of the first term.

 

Right to Consultation:

The Data Controllers or their successors in title may consult the personal information of the Data Controller contained in any database of GUIA SAI S.A.S. will provide them with all the information contained in the individual record or that is linked to the identification of the Data Controller. The consultation shall be made in writing, in the name of GUIA SAI S.A.S., which shall be addressed internally to the Area in charge, provided that it is the owner of the data.

The consultation will be dealt with within a period of ten (10) working days from the date of receipt of the same. If it is not possible to deal with the query within this period, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the query will be dealt with, which in no case may exceed five (5) working days following the expiry of the first period.

 

The owner of the data may request by telephone or download it from the website the forms to make the claims that the Right to Claim deals with.

  1. DATA COLLECTED WITHOUT EXPRESS AUTHORISATION OF THE DATA SUBJECT PRIOR TO DECREE 1377 OF 2013

GUIA SAI S.A.S. has promoted the use of all the mechanisms it has considered relevant to request the authorisation of the owners to continue with the processing of personal data collected by GUIA SAI S.A.S., for the purposes already specified within the policy.

Among these mechanisms is the publication of the privacy notice on the website www.guiasanandresislas.com and www.guiasai.com, GUIA SAI S.A.S. considers the above to be efficient communication mechanisms. Taking into account the mechanisms adopted and described above, in those cases in which the holder has not contacted GUIA SAI S.A.S. to request the deletion of his/her personal data, GUIA SAI S.A.S reasonably concludes that, in accordance with the provisions of Article 7 of Decree 1377 of 2013, there is an unequivocal conduct of the holder, granting authorisation for the processing of the data contained in the databases for the purpose indicated in this data processing policy, without prejudice to the right of the holder to exercise his right at any time and request the deletion of the data.

 

 

  1. SENSITIVE DATA

For the purposes of the Personal Data Protection Act and the present personal data processing policies, sensitive data are understood to be those related to the privacy of the owner, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership of trade unions, social organisations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data. GUIA SAI S.A.S. reiterates its apolitical character, as well as the fact that it is an entity without excluding religious or ethnic orientations. However, the holder of the personal information is not obliged to provide sensitive data, therefore any request for such data will require express authorisation.

  1. PERSONAL DATA OF MINORS

The personal data on children and adolescents contained in the GUIA SAI S.A.S. databases and which are necessary for the provision of GUIA SAI S.A.S. services, will be used solely and exclusively for the purposes of registration and statistics. GUIA SAI S.A.S. ensures their protection in accordance with the Political Constitution and the Law. In any case, any use of the data of minors that are registered in the databases of GUIA SAI S.A.S. or that are requested must be expressly authorized by the legal representative of the child or adolescent, after the exercise of the minor's right to be heard, an opinion that will be assessed taking into account the maturity, autonomy and ability to understand the matter. Similarly, GUIA SAI S.A.S. will provide the legal representatives of minors with the possibility of exercising their rights of access, cancellation, rectification and opposition of the data of their guardians.

  1. THIRD PARTIES

The databases or files will not be provided to third parties, except with the express authorisation of the owner, or in the cases provided for by law. The transfer and/or sharing of data of prospects, clients, partners and employees of GUIA SAI S.A.S. with third parties, refers solely and exclusively to the purposes corresponding to the sending of correspondence and communications from GUIA SAI S.A.S.

  1. SECURITY MEASURES ADOPTED IN RELATION TO THE PROCESSING OF PERSONAL DATA

GUIA SAI S.A.S. informs the holders of personal data that it has adopted the necessary technical, human and administrative measures to guarantee the security and confidentiality of the data and to avoid its alteration, loss, consultation, use or unauthorised access. The personal data provided by the owner of the information to GUIA SAI S.A.S. by any means, such as name, identification, age, gender, address, telephone and email, will be managed confidentially, with the due constitutional and legal guarantees and other regulations applicable to the protection of personal data.
The information will be incorporated into the database managed by GUIA SAI S.A.S, and whose responsibility and management is in charge of GUIA SAI S.A.S.
GUIA SAI S.A.S has security protocols and access to our information systems, access to the different databases is restricted even for our employees and collaborators.

Our employees are committed to the confidentiality and proper handling of databases in accordance with the policies on the treatment of information established by law.

The system where the databases are stored has different security certifications, is physically protected in a secure location and is supervised.

Only authorised personnel can access it and therefore access the personal data of our clients and/or prospects under a password-protected system.
Therefore, GUIA SAI S.A.S. will grant the guarantees and assume the obligations or responsibilities for loss or theft of information from its computer system only when through negligence or malice, an unauthorised third party accesses the information, and will diligently and prudently seek the security of the information in digital or physical media.

 

  1. ACCEPTANCE OF THESE POLICIES

The holder of the personal data declares that he/she has read and accepts the present Personal Data Processing Policy of GUIA SAI S.A.S. Taking into account that there is a recurrent relationship between the holders of the personal data and GUIA SAI S.A.S, has explicitly requested from its clients, prospects, collaborators and contractors the authorizations to continue with the processing of personal data already collected, in accordance with the provisions of article 10 of Decree 1377 of 2013; GUIA SAI S.A.S will continue to use the stored data necessary to provide the services for the normal operation, as long as the Holder does not contact the Controller to request the deletion of their personal data in the legal terms, without prejudice to the power of the holder to exercise their rights at any time and request the deletion of the data.

  1. VALIDITY OF THE PERSONAL DATA PROCESSING POLICIES.

This personal data processing policy shall be in force from the date of its publication and during the time that GUIA SAI S.A.S. carries out the activities of its corporate purpose.

  1. CONTACT WITH THE PERSON IN CHARGE

For any information regarding this Data Protection Policy, please contact or send communication to GUIA SAI S.A.S. E-mail: info@guiasai.com

These policies are effective from the date of their publication on the www.guiasanandresislas.comwebsite.