Privacy Policy
I. Introduction
The Political Constitution of Colombia enshrines the right of all persons to know, update, and correct information held about them in databases or files of public or private entities. Likewise, it mandates that those who possess the Personal Data of third parties respect the rights and guarantees established in the Constitution when collecting, processing, and circulating this type of information.
Likewise, the Political Constitution of Colombia enshrines the right of any person to information, in such a way that they receive truthful and impartial information.
Inversiones JL LTDA. (hereinafter “The Company”) is committed to complying with regulations regarding the protection of Personal Data and respecting the rights of Data Subjects. For this reason, it adopts this Personal Data Processing Policy (hereinafter, “The Policy”), which is mandatory for all activities involving the Processing of Personal Data and must be complied with by The Company, its Administrators, Employees, and any third parties with whom it has a contractual or commercial relationship.
The Company, within the development of its corporate purpose, receives, transmits and processes Personal Data daily, therefore it is essential to have this policy and to strictly comply with it.
II. Objective
The objective of this Policy, together with the technical, human and administrative measures implemented, is to guarantee the proper compliance with the applicable Personal Data Protection Law, as well as the definition of the guidelines for addressing queries and complaints from the Holders of Personal Data on which the Company carries out some type of Processing.
III. Scope
This Policy is mandatory and must be strictly complied with by the Company, its directors, administrators, collaborators and other third parties who represent it or act on its behalf, or with whom the Company has any type of relationship, whether legal, commercial or conventional.
All Company Employees must observe, respect, comply with and enforce this Policy in the performance of their duties.
IV. Definitions
The words and terms defined below, when written with an initial capital letter as in their respective definitions that follow, whether or not necessary according to the spelling rules of capital letter use, and regardless of the place in the Personal Data Processing Policy in which they are used, or whether they are used in a person, number, mood, tense or grammatical variable, as necessary for the proper understanding thereof, will have the meanings that are ascribed to each of said words or terms below:
• Authorization: means the prior, express and informed consent of the Data Subject to carry out the Processing. This may be i) written; ii) verbal or; iii) unambiguous conduct that reasonably allows the conclusion that the Data Subject accepted the Processing of their data.
• Database: means the organized set of Personal Data that is subject to Processing, electronic or not, whatever the modality of its formation, storage, organization and access.
• Consultation: means the request of the Personal Data Holder, of persons authorized by him, or those authorized by law, to know the information that is held about him in the Company's Databases.
• Personal Data: means any information linked to or that can be associated with one or more natural persons, whether identified or identifiable.
• Private Personal Data: means data that, due to its intimate or confidential nature, is only relevant to the Data Subject. For example: the papers or books of merchants and private documents.
• Public Personal Data: This refers to data classified as such according to the mandates of the law or the Political Constitution, and all data that is not semi-private, private, or sensitive. For example: data contained in public documents, public records, official gazettes and bulletins, and duly executed judicial rulings that are not subject to confidentiality; data relating to a person's marital status, profession or occupation, and their status as a merchant or public servant. Personal Data held in the commercial registry of the Chambers of Commerce is public (Article 26 of the Commercial Code).
Likewise, data that, by virtue of a decision of the Data Subject or a legal mandate, is found in freely accessible and consultable files is considered public data. This data may be obtained and offered without any reservation and regardless of whether it refers to general, private, or personal information.
• Semi-private personal data: This refers to data that is neither intimate, confidential, nor public in nature, and whose knowledge or disclosure may be of interest not only to the data subject but also to a specific sector or group of people, or to society in general. For example: data relating to compliance or non-compliance with financial obligations or data relating to relationships with social security entities.
• Sensitive personal data: This refers to data that affects a person's privacy or whose misuse could lead to discrimination. For example: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, social or human rights organizations, or organizations that promote the interests of any political party or guarantee the rights and protections of opposition political parties; data relating to health, sex life, and biometric data (fingerprints), among others.
• Processor: means the natural or legal person who carries out the processing of data on behalf of the Data Controller.
• Authorized: Means all persons who, under the responsibility of the Company or its Processors, may carry out Personal Data Processing by virtue of the Authorization granted by the Data Subject.
• Complaint: means the request of the Data Subject or persons authorized by him or by law to correct, update or delete his Personal Data or when they notice that there is an alleged breach of the data protection regime, according to Article Art. 15 of Law 1581 of 2012.
• Responsible: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the processing of the data.
• Data subject: means the natural person whose personal data is subject to processing.
• Processing: means any operation or set of operations on Personal Data such as, the collection, storage, use, circulation, transfer, transmission, updating or deletion of Personal Data, among others.
• Transmission:
This means the processing of personal data, which involves the
communication of the same within or outside the territory of the Republic
of Colombia when its purpose is the performance of a Treatment
by the Person in Charge on behalf of the Responsible Party.
• Transfer:
This means the Processing of Personal Data that takes place when the
The Data Controller and/or Processor sends the
Personal Data to a recipient, who in turn is Responsible for
Treatment and is located inside or outside the country.
• Procedural requirement: a preliminary step that the Data Subject must take before filing a complaint with the Superintendency of Industry and Commerce. This consists of a direct claim to the Data Controller or Processor of their Personal Data.