POLÍTICA DE TRATAMIENTO Y
PROTECCIÓN DE DATOS PERSONALES
Securitas Consulting (hereinafter also the "Firm"), a legal entity duly incorporated in the city of Bogota D.C., Colombia, with Colombian Tax Identification Number (T.I.N.) 900.620.136-8, in compliance with article 15 of the Colombian Constitution, Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014, and other related data protection legislation regarding the collection, processing, and transfer of personal data, established the following Privacy and Data Protection Policy (hereinafter also the "Policy"). This Policy, which is part of the Terms and Conditions published in the website (hereinafter also the "Site") of Securitas Consultingis made known to the Personal Data Holders (in accordance with term defined herunder in Definitions) and visitors of the Site.).
The Personal Data Holders who authorize the processing of their data by Securitas Consulting are important to us, thus we want you to feel safe and to know the rights and assurances set forth in this Policy.
1. Generalidades
〉In compliance with the obligation that Securitas Consulting de garantizar el adecuado tratamiento y protección de los datos personales, la Firma implementa un Sistema de Gestión para el Tratamiento y la Protección de Datos Personales (SG-TDP) y se compromete con esta Política.
〉Corresponde tanto a las directivas de la Firma, como a sus trabajadores y contratistas, observar y cumplir las órdenes e instrucciones que imparta la organización respecto al tratamiento de los datos de carácter personal cuya divulgación o indebido uso pueda generar un perjuicio a los Titulares de Datos Personales (en adelante también «Titulares”).
〉The cooperation between Securitas Consulting and the recipients of this Policy is essential in order to guarantee compliance with the rights to privacy, to hábeas data y a la protección de datos personales.
〉The information security policies in the Firm, particularly regarding employment and service provision, incorporate the protection of personal data regarding human resources management, as well as the rights and assurances of workers and service providers.
〉Securitas Consulting undertakes procedures in order to respond to urgent cases of loss or imminent risks that alter or threaten valuable information and databases, especially those related to personal information kept by the Firm. Consequently, the Firm's employees are committed to provide due cooperation as required to investigate, analyze and capture evidence in case of security breaches.
The general information of the Firm at the date this Policy came into force is as follows:
Business name | City | Address | Telephone | Primary email |
SECURITAS CONSULTING S.A.S. | Bogotá, D.C. | Cra. 13 No. 79 – 30 | +57 313 488 67 71 |
Securitas Consulting is a firm focused on providing high quality legal advice and occupational health and safety (OHS). Collection and processing of personal data by the Firm are exclusively linked to the provision of our services with the main objective of delivering them in an adequate and efficient manner.
Securitas Consulting databases are kept strictly for the time necessary to comply with its corporate aims, legal mandates, and in accordance with document management regulation. Monitoring, handling and updating of the databases kept by the Firm shall be continuous according to the procedures set forth in this Policy, so as to guarantee the quality, security, and confidentiality of personal data.
The area of Compliance The Firm's Compliance Department is in charge of the adequate protection of personal data and, therefore, is responsible for the response of requests, queries, and complaints by Personal Data Holders, who may enforce their rights to know, update, revise, and delete personal data and revoke the authorizations granted to the Firm. For these purposes, they may contact our Compliance at the following email: contacto@securitasconsulting.com..
Con base en las anteriores consideraciones, que fundamentan el tratamiento y la protección de datos personales por la Firma, se formulan las siguientes disposiciones, que son de obligatorio cumplimiento para los destinatarios de esta Política.
2. Definiciones
〉Autorización: Consent granted by Personal Data Holders, which is to be explicit, well-informed, and prior to processing of their personal data.
〉Base de datos personales: The natural or legal entity, either public or private, that collects personal data and decides on the purpose, content, and use of databases. The Data Admin is in charge and liable for the adequate management of personal data.
〉Cesión de datos: Any set of operations and technical procedures of an automated nature or not that are performed on personal data, such as the collection, recording, storage, conservation, use, transfer, modification, blocking, and cancellation of data, among others.
〉Custodio de la base de datos: A person or legal entity, either public or private, which by itself or in association with others, carries out the processing of personal data on behalf of the Data Administrator, which is in charge and liable for the adequate management of personal data.
〉Dato personal: onstitutional remedy made available to every person, which enables them to find out, update, amend, and/or cancel the information, and personal data collected and/or processed in public or private databases, in accordance with the Law and applicable regulations.
〉Dato personal sensible: It is a special category of specially protected personal data, because it is about health, sex, political affiliation, race or ethnic origin, biometric fingerprints, among others, which are part of the personal assets of the person and can be collected. only with the express and informed consent of its Owner and in the cases provided for in the Law.
〉Encargado del tratamiento: It is the natural or legal person, public or private authority, that by itself or in association with others, performs the processing of personal data on behalf of the person in charge.
〉Fuentes accesibles al público: Se refiere a aquellas bases de datos personales cuya consulta puede ser realizada por cualquier persona y que puede incluir o no el pago de una contraprestación a cambio del acceso a tales datos. Tienen esta condición de fuentes accesibles al público las guías telefónicas y los directorios sectoriales, entre otras, siempre y cuando la información se limite a datos personales de carácter general.
〉Hábeas data: Fundamental right of every person to know, update, rectify and/or cancel the information and personal data that has been collected and/or processed in public or private databases, in accordance with the provisions of the Law and other applicable regulations.
〉Principios para el tratamiento de datos: They are the fundamental rules, of a legal and/or jurisprudential nature, that guide the processing of personal data, based on which actions and criteria are determined to solve the possible collision between the right to privacy, the hábeas data, the protection of personal data and the right to information.
〉Responsable del tratamiento: It is the natural or legal person, of a public or private nature, who collects personal data and decides on the purpose, content and use of the database for its treatment.
〉Titular del dato personal: It is the natural person whose data is processed. Regarding legal entities, it is understood that the name is legally protected.
〉Tratamiento de Datos: Any set of operations and technical procedures of an automated or non-automated nature that are carried out on personal data, such as the collection, recording, storage, conservation, use, circulation, modification, blocking and cancellation, among others.
〉Usuario: It is the natural or legal person who has an interest in the use of personal information.
〉Violaciones de las medidas de seguridad de los datos personales: Será considerado incidente de seguridad aquella situación que implique una violación de las medidas de seguridad de la Firma para proteger los datos personales entregados para su custodia, así como cualquier otra conducta que constituya un tratamiento inadecuado de datos personales en contravía de lo dispuesto en esta Política o de lo señalado en la Ley. Todo incidente de seguridad que comprometa los datos personales en poder de Securitas Consulting must be reported to the area of Compliance.
3. Objeto
This Policy establishes the applicable rules in order to guarantee the appropriate management of personal data collected, processed and/or stored by Securitas Consulting as it undertakes its business.
The rules contained in this Policy are in compliance with article 15 of the Colombian Constitution, Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014, and other related data protection legislation, thus guaranteeing the privacy of individuals, hábeas data , and the adequate protection of personal data, in accordance with the right to information.
3.1. Purpose and Processing of Personal Data
In accordance with Securitas Consultingbusiness goals, personal data provided to the Firm is collected, used, stored, and processed, in compliance with the principles and guidelines set forth in this Policy. Therefore the Firm undertakes its due diligence when using your personal data for one of the following business purposes and pursuant to the corresponding legal framework:
〉Human resources management
〉Management of third party suppliers and service providers
〉Marketing and customer relations
3.2. Medidas de seguridad
In order to adequately collect and process personal data in accordance with this Policy, Securitas Consulting adopts physical, technological, information and administrative security measures, according to the risk that may derive from the criticality of the personal data processed.
4. Ámbito de aplicación de esta Política
This Policy shall be observed when processing of personal data is carried out in Colombia and when there is transfer of personal data to countries that provide adequate levels of data protection, as long as there is explicit authorization from the Personal Data Holders for the latter.
The principles and provisions contained in this Policy shall apply to any database in our possession or under control of the Firm. Thus all Securitas Consultingbusiness processes, which incorporate the collection and processing of personal data, shall be subject to this Policy.
5. Destinatarios de esta Política
This Policy shall apply to and therefore is binding to the following addressees:
〉Legal representatives and directors
〉Employees who have access to or are in custody of databases with personal data
〉Third party suppliers and service providers under any type of contract by virtue of which any processing of personal data is carried out
〉Other individuals and legal entities that are required to abide to this Policy according to the Law
Responsibility for the proper processing of personal data within Securitas Consulting it is at the head of all the workers and managers of the organization, in the case of a transversal Policy for the entire Firm.
6. Principios rectores del tratamiento de datos personales
The collection, processing, and transfer of personal data in Securitas Consulting shall be subject to the following principles, which are based on international law, Colombian law, and the decisions of the Colombian Constitutional Court.
6.1. Principio de libertad o de autorización del Titular
The collection, processing, and transfer of personal data can only be done with the prior, explicit, and well-informed consent of Personal Data Holders. Personal data may not be obtained, processed, or disclosed without the authorization of the Personal Data Holders, except when there is a binding legal mandate or court order that requires us to do so.
6.2. Principio de legalidad
The collection, processing, and transfer of personal data in Colombia is regulated and therefore the business processes in which the addresses of this Policy make use of personal data must abide by the law.
6.3. Principio de finalidad
El tratamiento de datos personales debe obedecer a una finalidad legítima, que será informada de manera concreta, precisa y previa al Titular para que este exprese su consentimiento informado.
6.4. Principio de veracidad o calidad
The personal data collected must be complete, accurate, verifiable, comprehensible, and kept up to date. Partial, fragmented, incomplete or misleading data may not be processed.
6.5. Principio de transparencia
En el tratamiento de datos personales se garantizará el derecho del Titular a obtener y conocer del responsable y/o encargado del tratamiento, en cualquier momento y sin restricciones, información acerca de la existencia de datos que le conciernen.
6.6. Principio de pertinencia y proporcionalidad
The collection of personal data must take into account the purpose for which the data is obtained and processed, as well as the databases that have been created. Therefore, personal data obtained must be adequate, relevant, and not excessive or disproportionate in relation to the purpose for which it is obtained. It is thus forbidden to collect personal data that is not linked to a specific objective.
6.7. Principio de acceso y circulación restringida
Personal data will be used only within the scope of the purpose and authorization granted by Personal Data Holders, thus it may not be accessed, transferred, or communicated to third parties.
Los datos personales bajo custodia de la Firma no estarán disponibles en Internet o en cualquiera otro medio de divulgación masiva, salvo que el acceso sea técnicamente controlable y seguro, y para brindar un conocimiento restringido solo a los Titulares o terceros autorizados, conforme a lo dispuesto en la Ley y los principios que gobiernan la materia.
6.8. Principio de limitación temporal del tratamiento
We will retain personal data only for so long as we need it for the purposes it was collected, including for the purposes of satisfying any legal requirements, unless a longer retention period is required under applicable law. To determine the appropriate retention period for personal data, the Firm considers the amount, nature, and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of data, the purposes for which the personal data is processed, and the applicable legal requirements. Once the purpose for which the personal data was collected and/or processed has ceased, the Firm will refrain from using the data and, therefore, will undertake the relevant security measures to achieve the latter.
In the collection and processing of personal data by the Firm, the continuity of the data in its information systems will be determined by the purpose established for the personal data. Consequently, once the purpose for which the data was collected has ceased, it will be destroyed or returned, as the case may be, or it will be kept in accordance with the rules of law.
6.9. Principio de seguridad
La Firma adoptará las medidas de seguridad física, tecnológicas y/o administrativas que sean necesarias para garantizar los atributos de integridad, autenticidad y confiabilidad de los datos personales. Securitas Consulting, according to the classification of personal data, will implement high, medium or low level security measures, applicable as the case may be, in order to avoid adulteration, loss, leakage, consultation, use or unauthorized or fraudulent access.
6.10. Principio de confidencialidad
All addresses of this Policy in charge of collecting, processing, and transferring of personal data have the obligation to maintain the confidentiality of such data. For employees of Securitas Consulting the obligation to keep personal data confidential remains even after their employment contract with the Firm has ceased. It should be noted the Firm makes use of data protection clauses in its employment contracts for that purpose.
7. Derechos de los Titulares de Datos Personales
The Personal Data Holders whose data is kept in the databases stored in the Firm's information technology systems (IT systems) have the rights described below, in compliance with the relevant fundamental rights in the Colombian Constitution and the law.
El ejercicio de estos derechos será gratuito e ilimitado por parte del Titular, sin perjuicio de disposiciones legales que regulen su ejercicio.
El ejercicio del hábeas data, expresado en los siguientes derechos, constituye una potestad personal y será ejercido por el Titular del dato de manera exclusiva.
7.1. Derecho de autorizar el tratamiento de los datos personales
La recolección, tratamiento y circulación de datos personales se llevarán a cabo con estricto cumplimiento de la libertad de los Titulares, entendida como la decisión voluntaria e informada del Titular de permitir que se traten sus datos personales. En desarrollo del principio del consentimiento informado, el Titular tiene derecho a otorgar su autorización, por cualquier medio que pueda ser objeto de consulta posterior, para el trato de sus datos personales por Securitas Consulting.
Due authorization shall not be required in the exceptions established by law, such as any law enforcement, regulatory, or government agency requesting personal information in connection with any inquiry, subpoena, court order, or other legal or regulatory procedures. In these cases, although the authorization by the Personal Data Holder is not required, the principles and rights regarding personal data protection remain applicable.
7.2. Derecho de acceso
Este derecho comprende la facultad del Titular de obtener toda la información respecto de sus propios datos personales, sean parciales o completos, del tratamiento aplicado a los mismos, de la finalidad del tratamiento, la ubicación de las bases de datos que contienen sus datos personales, y sobre las comunicaciones y/o cesiones realizadas respecto de ellos, ya sean estas autorizadas o no.
7.3. Derecho de actualización
Personal Data Holders have the right to to update their personal data, when any changes regarding their data have taken place.
7.4. Derecho de rectificación
Este derecho comprende la facultad del Titular de modificar los datos que resulten ser inexactos, incompletos o inexistentes.
7.5. Derecho de suprimir o cancelar la información
If Personal Data Holders believe that we should not be processing their personal data any more, they may request that we delete it, particularly if they think the information we keep is no longer relevant or when the purpose for the collection of the data has ceased. Please note the latter may not always be possible due to legal obligations.
7.6. Derecho de revocar la autorización del tratamiento de los datos personales
If Personal Data Holders previously gave the Firm their consent in order for us to process their personal data, but they no longer wish to consent to us doing so, they can contact us to let us know that they withdraw their consent. Nevertheless, this will not affect the lawfulness of any processing carried out before the Personal Data Holders withdraw their consent. It should be noted that if a Personal Data Holder withdraws his/her consent, we may not be able to provide certain services to him/her. The Firm will advise the Personal Data Holder if this is the case at the time he/she withdraws their consent.
7.7. Derecho de oposición
Personal Data Holders have the right to object to the processing of their personal data when there is something about their particular situation which makes them want to object to it if they feel it impacts their rights and the freedom warranted to them. Personal Data Holders also have the right to object where we are processing their personal data for marketing purposes. However in certain situations the Firm may override this right to protect the rights of others or for public interests purposes according to the law.
7.8. Derecho a presentar consultas, quejas o reclamos
Personal Data Holders have the right to make a complaint at any time to the competent data protection supervisory authority (in Colombia the Superintendence of Industry and Commerce) if they do not agree with how we have processed their personal data or responded to their queries and complaints. Securitas Consulting is committed to provide timely and adequate responses to the authorities regarding the rights of Personal Data Holders in connection with their personal data.
8. Deberes de la Firma como responsable del tratamiento de datos personales
When Securitas Consulting or any of the addressees of this Policy undertake the processing of personal data, they shall comply with the following duties, without prejudice of other provisions set forth in the law or best practices in the management of personal data.
〉Enable Personal Data Holders full and effective exercise of hábeas data.
〉Request and keep, according to the conditions established by law, a copy of the authorization and the consent granted by Personal Data Holders
〉Duly inform Personal Data Holders about the purpose for which the personal data is collected and the rights they have regarding their data
〉Keep information under the necessary security conditions to prevent its misrepresentation, loss, leakage, consultation, use, and unauthorized or fraudulent access
〉Guarantee that the information provided to data processors, whenever necessary, is truthful, complete, accurate, updated, verifiable, and understandable
〉Update information, communicating to data processors in a timely manner all changes regarding the data previously provided to them
〉Rectify the information when it is incorrect and provide the accurate information to data processors
〉Suministrar al encargado del tratamiento, según el caso, únicamente datos cuyo tratamiento esté previamente autorizado.
〉Require data processors to comply with appropriate security and privacy conditions to safeguard the data
〉Review and answer the queries and claims from Personal Data Holders according to the terms established in this Policy and in the law
〉Implement procedures to ensure proper compliance with the law and, in particular, to ensure adequate management of queries and claims
〉Inform data processors when information from a given Personal Data Holder is revised due to a claim being filed
〉Provide accurate information to Personal Data Holders when they request it
〉Informar a la autoridad de protección de datos cuando se presenten violaciones a los códigos de seguridad y existan riesgos en la administración de la información de los Titulares.
〉Cumplir las instrucciones y requerimientos que imparta la Superintendencia de Industria y Comercio (SIC).
9. Procedimiento de hábeas data so that the Holders can exercise their rights
In development of the constitutional guarantee of hábeas data regarding the rights of access, updating, rectification, cancellation and opposition by the Holder, Securitas Consulting adopta el siguiente procedimiento y establece las siguientes recomendaciones para realizar una solicitud adecuada:
9.1. Procedimiento:
〉El Titular acreditará esta condición mediante el envío de la copia del documento de identidad, que podrá suministrar por medio físico o digital. En caso de que el Titular esté representado por un tercero deberá allegarse el respectivo poder.
〉Exercising any of the aforementioned rights under habeas data must be done in writing, which may be rendered via email. The request may be addressed to the main address of the Firm or to the e-mail enabled by our ComplianceDepartment for that purpose: contacto@securitascosulting.com. Asimismo Securitas Consulting may also enable hard copy or digital formats to expedite this process. hábeas data.
9.2. Solicitud:
The request to exercise any of the aforementioned rights will contain the following information:
〉Nombre del Titular del dato personal y, de ser el caso, de sus representantes.
〉Specific and precise request regarding the information, whether accessing, updating, rectifying or canceling data, or the withdrawal of consent. In each case the request must be reasonably grounded for the Firm to review and solve the request.
〉Address or email for notifications to be promptly delivered
〉Documents supporting the request
〉Signature of the Personal Data Holder
Si faltare alguno de los requisitos aquí indicados, la Firma así lo comunicará al interesado dentro de los cinco (5) días siguientes a la recepción de la solicitud para que los mismos sean subsanados, procediendo entonces a dar respuesta a la solicitud de hábeas data presentada. Si transcurren dos (2) meses sin que presente la información requerida, se entenderá que se ha desistido de la solicitud.
Within two (2) days after receiving an accurate and corrected request from the Personal Data, Securitas Consulting shall indicate that it is a claim in process. The database shall note the status of the proceeding is in progress with the following mark: "request in process".Reclamo en trámite”.
The Firm will answer requests made within ten (10) days if it is a query and within fifteen (15) days if it is a claim.
In case it is not possible to answer a claim within fifteen (15) days, the Personal Data Holder shall be informed of the reasons for the delay and the date on which the claim will be answered. In any case, the term to answer a claim may not exceed eight (8) days after the first fifteen (15) days since the claim was submitted.
Securitas Consulting shall record and store requests made by Personal Data Holders or interested parties exercising any of the rights mentioned herein, as well as the answers provided to such requests.
Para acudir a la Superintendencia de Industria y Comercio (SIC) en ejercicio de las acciones legales contempladas para los Titulares o interesados, se deberá agotar previamente el trámite de consultas y/o reclamos anteriormente descrito.
10. Registro central de bases de datos personales
Securitas Consulting, como responsable del tratamiento de datos personales bajo su custodia, dispone de un registro central en el cual relaciona cada una de las bases de datos contenidas en sus sistemas de información. Y a cada base de datos le asigna un número de registro.
De manera periódica se registran, para efectos de cumplimiento y auditoría, los cambios surtidos en las bases de datos personales. La ocurrencia e historial de los incidentes de seguridad que se presenten contra alguna de las bases de datos personales custodiadas por la Firma son documentados en un registro central.
11. Prohibiciones
In accordance with this Policy, the following prohibitions and sanctions are established in case of non-compliance with the rules and regulations herein.
〉Securitas Consulting prohibits the access, use, management, assignment, communication, storage, and any other processing of personal data without authorization of the Personal Data Holders.
Non-compliance with these prohibitions by the Firm's employees is considered as serious misconduct, which may result in the termination of contact, without prejudice to any applicable legal actions that may be undertaken.
The non-compliance with these prohibitions by contractors and service providers of the Firm, will result in the termination of contract, without prejudice to any applicable legal actions that may be undertaken.
〉Securitas Consulting forbids the use, storage, processing and/or management of personal data of children and minors.
12. Transferencia internacional de datos
The transfer of personal data to countries that do not provide adequate levels of data protection is prohibited. Safe countries are understood as those that comply with the standards set by the Superintendence of Industry and Commerce
Exceptionally and in cases previously informed to Personal Data Holders, the Firm may transfer personal data internationally, prior informed authorization granted by the Personal Data Holders. The purpose of the transfer, linked to Securitas Consultingbusiness activities, shall be previously informed to the Personal Data Holders.
At the time of an international transfer of personal data, prior to sending or receiving the private data, the Firm shall sign the agreements it deems necessary to establish the obligations and duties for the legal entities and their employees undertaking the transfers.
The agreements and contracts shall comply with the provisions of this Policy, as well as with the applicable legislation and jurisprudence on privacy and the adequate protection of personal data.
13. Entrega de datos personales a las autoridades competentes
When authorities request Securitas Consulting el acceso y/o entrega de datos de carácter personal contenidos en cualquiera de sus bases de datos, se verificará la legalidad de la petición, la pertinencia de los datos solicitados en relación con la finalidad expresada por la autoridad y se documentará la entrega de la información personal solicitada. A su vez, se garantizará que la información entregada cumpla con todos sus atributos (autenticidad, confiabilidad e integridad) y se advertirá sobre el deber de protección que se debe cumplir frente a los datos, tanto al funcionario que hace la solicitud, a quien recibe la información, así como a la entidad para la cual estos trabajan. Se prevendrá a la autoridad que requiera la información personal, sobre las medidas de seguridad que aplican a los datos personales entregados y los riesgos que conlleva su indebido uso e inadecuado tratamiento.
14. Régimen sancionatorio
La Firma comunica a los destinatarios de esta Política que Ley 1581 de 2012 en sus artículos 22 y 23 establece un régimen sancionatorio que materializa los riesgos que se asume por un indebido tratamiento de los datos personales.
Taking into account the risks taken by Securitas Consulting, as the legal entity responsible for the adequate processing, treatment, and management of the personal data in its custody, non-compliance with this Policy by its employees, contractors or service providers is considered a serious offense and shall result in the termination of contract, without prejudice of any applicable legal actions that may be undertaken by the Firm.
15. Vigencia
This Policy has been approved and incorporated by Securitas Consulting, el día quince (15) de mayo de dos mil veinticuatro (2024).
Versión: 2.0.
SECURITAS CONSULTING S.A.S.
Tax identification Number (T.I.N.) 900.620.136-8
