1. DEFINITION 

MARROQUINERA RIVIERA SAS, is a company dedicated to the production and commercialization of leather products and other raw materials, legally constituted by the Colombian norms, identified with the number of NIT 800.025.696-6, located in the street 41 N ° 13ª – 22, with domicile in the city of Bogotá, who acts as responsible and responsible for the processing of personal data of those who in their exercise or any activity, whether permanent or occasional may provide any information or personal data to the entity, reason why will know, update and rectify within the legal framework that requires the subject. 

MARROQUINERA RIVIERA SAS, guarantees the adequate treatment of personal data and the protection of rights such as Habeas Data, privacy, privacy and good name, with the purpose that all the actions carried out are governed by principles of good faith, legality, self-determination IT, freedom and transparency. 

2. OBJECTIVE

Establish the duties and rights that MARROQUINERA RIVIERA SAS has as a processor of personal data in all areas of the business. 

3. LEGAL FRAMEWORK

– Political Constitution, article 15.

– Law 1266 of 2008

– Law 1581 of 2012

– Regulatory Decrees 1727 of 2009 and 2952 of 2010

– Partial Regulatory Decree 1377 of 2013

– Sentences C – 1011 of 2008, and C – 748 of 2011, of the Constitutional Court 

4. CONTENT

MARROQUINERA RIVIERA SAS collects the information and personal data of its employees, customers and suppliers; and may include the following information:

– Names and surnames.

– Type and identification number.

– Nationality and country of residence.

– Fixed or cellular contact phones (personal and / or work).

– Postal and / or electronic addresses (personal and / or work).

– Fax (personal and / or work).

– Profession or occupation.

– Company in which he works and positions.

5. GLOSSARY

– Authorization: Prior, express and informed consent of the owner to carry out the processing of personal data.

– Database: Organized set of personal data that is the object of treatment.

– Personal data: Any information linked or that may be associated with one or several natural persons determined or determinable.

– Responsible for the treatment: Natural or legal person, public or private, that by itself or in association with others, perform the processing of personal data on behalf of the controller.

– Habeas data: Right of any person to know, update and rectify the information that has been collected about them in the database and in files of public and private entities.

– Responsible for the treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data.

– Owner: Natural and legal person whose personal data are subject to treatment.

– Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or suppression.

– Privacy Policy: Refers to this document.

– National Registry of Databases (RNBD): Means the public directory of databases subject to treatment, operating in Colombia. 

6. BASIC PRINCIPLES

For the purpose of guaranteeing the protection of personal data, MARROQUINERA RIVIERA SAS will apply the following principles harmoniously and comprehensively, in light of which the processing, transfer and transmission of personal data must be carried out: 

– Principle of purpose: The use, capture, collection and processing of personal data to which it has access and are collected and collected by MARROQUINERA RIVIERA SAS, will be subordinated and will serve a legitimate purpose, which must be informed to the respective owner of the data personal

– Principle of freedom: the processing of personal data can only be done with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal, statutory, or judicial mandate that relieves consent. 

– Principle of legality: In the use, capture, collection and processing of personal data, will be applied to the current and applicable provisions governing the processing of personal data and other related fundamental rights.

– Principle of truth or quality: the information subject to the processing of personal data must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

– Principle of transparency: In the processing of personal data MARROQUINERA RIVIERA SAS will guarantee the Holder its right to obtain at any time and without restrictions, information about the existence of any type of information or personal data that is of interest or ownership.

– Principle of access and restricted circulation: The processing of personal data is subject to the limits that derive from the nature of these, the provisions of the law and the Constitution. Consequently, the treatment can only be done by persons authorized by the owner and / or by the persons provided by law. Personal data, except public information, may not be available on the Internet or other means of dissemination or mass communication, unless the access is technically controllable to provide restricted knowledge only to holders or authorized third parties in accordance with the law.

– Principle of security: the information subject to treatment by MARROQUINERA RIVIERA SAS, must be handled with technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access .

– Principle of confidentiality: All persons who in MARROQUINERA RIVIERA SAS, manage, manage, update or have access to information of any kind found in Databases, are obliged to guarantee the reservation of information, for which they commit themselves to keep and keep strictly confidential and not disclose to third parties, all the information they come to know in the execution and exercise of their functions; except in the case of activities expressly authorized by the data protection law. This obligation persists and will continue even after the end of its relationship with any of the tasks that comprise the Treatment.

7. SENSITIVE DATA

Sensitive data is understood to be those that affect the privacy of the owner or whose improper use can generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in social organizations of any kind , or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data, the capture of a still or moving image, fingerprints , photographs, iris, voice recognition, facial or palm, among others. 

The treatment of sensitive data is prohibited, except when:

– The Holder has given his explicit authorization to said Treatment, except in the cases that, by law, the granting of said authorization is not required.

– The Treatment is necessary to safeguard the vital interest of the Holder and he is physically or legally incapacitated. In these events, the legal representatives must grant their authorization.

– The Treatment is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or union, provided they refer exclusively to its members or to those who maintain regular contacts for its purpose. In these events, the data can not be provided to third parties without the authorization of the Owner.

– The Treatment refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process.

– The treatment has a historical, statistical or scientific purpose. In this event, the measures to suppress the identity of the Holders must be adopted. 

8. GENERAL RULES 

8.1 Authorization of the Holder

Without prejudice to the exceptions provided for in the law, the prior, clear and informed authorization of the owner is required in the processing, which must be obtained by any means that may be subject to further consultation and verification. 

8.2 Cases in which authorization is not required

The authorization of the Holder will not be necessary in the case of:

– Information required by a public or administrative entity in the exercise of its legal functions or by court order.

– Data of public nature.

– Cases of medical or sanitary emergency.

– Treatment of information authorized by law for historical, statistical or scientific purposes.

– Data related to the Civil Registry of Persons 

8.3 Rights of children and adolescents

MARROQUINERA RIVIERA SAS in the Treatment will ensure respect for the prevailing rights of minors.

 The processing of personal data of minors is prohibited, except for those data that are of a public nature.

You can use the data of minors in order to participate in activities dedicated to them or benefits granted under the company’s generosity on special occasions.

MARROQUINERA RIVIERA SAS, will proceed in accordance with the current regulations and the regulations issued by the National Government for this purpose, to register their databases, before the National Registry of Databases (RNBD) that will be administered by the Superintendency of Industry and Commerce. The RNBD, is the public directory of the databases subject to Treatment that operate in the country; and that will be of free consultation for citizens, in accordance with the regulations issued by the National Government for this purpose.

9. DUTIES

In virtue of this policy of treatment and protection of personal data, the following are the duties of MARROQUINERA RIVIERA SAS, without prejudice to the provisions set forth in the law.

– Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.

– Request and keep, copy of the respective authorization granted by the owner.

– Properly inform the owner about the purpose of the collection and the rights that assist him under the authorization granted.

– Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

– Guarantee that the information is truthful, complete, accurate, updated, verifiable and understandable.

– Update the information, thus taking care of all the news regarding the holder’s data. Additionally, all necessary measures must be implemented so that the information is kept up-to-date.

– Rectify the information when it is incorrect and communicate what is relevant.

– Respect the security and privacy conditions of the holder’s information.

– Process inquiries and claims formulated in the terms indicated by law.

– Identify when certain information is under discussion by the owner.

– Inform at the request of the owner about the use given to their data.

– Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the owners.

– Comply with the requirements and instructions given by the Superintendence of Industry and Commerce on the particular issue.

– Use only data whose treatment is previously authorized in accordance with the provisions of Law 1581 of 2012.

– MARROQUINERA RIVIERA SAS will use the personal data of the owner only for those purposes for which it is duly empowered and respecting in all cases the current regulations on protection of personal data. 

10. AUTHORIZATIONS AND CONSENT 

The collection, storage, use, circulation or suppression of personal data by MARROQUINERA RIVIERA SAS, requires the free, prior, express and informed consent of the owner thereof. 

10.1 Means and manifestations to grant authorization 

The authorization can consist of a physical, electronic, data message, Internet, Websites, in any other format that allows to guarantee its later consultation, or by means of a suitable technical or technological mechanism, that allows to manifest or obtain the consent via click or double click, by means of which it can be concluded unequivocally, that if the behavior of the owner has not been fulfilled, the data has never been captured and stored in the database. The authorization will be generated by MARROQUINERA RIVIERA SAS and will be made available to the owner in advance and prior to the processing of their personal data. For this purpose there will be authorizations for each of the business units or areas that need it. 

11. PRIVACY NOTICE 

The Privacy Notice is the physical document, electronic or in any other known or unknown format, which is made available to the Owner for the processing of their personal data. Through this document the Owner is informed about the existence of the information treatment policies that will be applicable to them, the way to access them and the characteristics of the treatment that is intended to give personal data. 

11.1 Scope and content of the Privacy Notice 

The Privacy Notice, as a minimum, must contain the following information:

– The identity, address and contact information of the Treatment Manager.

– The type of treatment to which the data and the purpose of the data will be submitted.

– The general mechanisms provided by the Responsible for the Owner to know the policy of treatment of the information and the substantial changes that occur in it. In all cases, you must inform the owner how to access or consult the information processing policy.

12. OTHER RIGHTS OF THE INFORMATION HOLDERS 

In attention and in accordance with the provisions of current and applicable regulations on the protection of personal data, the owner of personal data has the following rights:

– Access, know, rectify and update your personal data against MARROQUINERA RIVIERA SAS, in its capacity as responsible and in charge of processing.

– By any valid means, request proof of the authorization granted to MARROQUINERA RIVIERA SAS, in its capacity as Responsible and in Charge of the Treatment.

– To receive information from MARROQUINERA RIVIERA SAS, upon request, regarding the use that has been given to your personal data.

– Appear before the legally constituted authorities, especially before the Superintendency of Industry and Commerce, and file complaints for infractions of the provisions of current regulations in the applicable regulations, prior consultation procedure or requirement before the Responsible and Manager of the Treatment.

– Modify and revoke the authorization and / or request the deletion of the data when the Treatment does not respect the principles, rights and constitutional and legal guarantees in force. 

13. PROCEDURE FOR SUBMITTING CLAIMS FOR UPDATING, CORRECTING, REMOVING OR REVOCATING THE AUTHORIZATION 

The Owner, or his assignees, who consider that the information contained in the Databases of MARROQUINERA RIVIERA SAS must be corrected, updated or deleted, or when they notice the alleged breach of any of the duties of the Company, may present a claim in accordance with the following rules:

– The request will be analyzed to verify the identification of the Holder. If the request is made by a person other than the Holder and it is not proven that it acts on behalf of the Holder in accordance with the laws in force, the request will be rejected.

– The claim must contain the following information:

• The identification of the Holder;
• Contact information (physical and / or electronic address and contact telephone numbers);
• Documents proving the identity of the Holder, or representation;
• The clear and precise description of the Personal Data with respect to which the Owner seeks to exercise any of the rights;
• The description of the facts that give rise to the claim;
• The documents that you want to assert;
• Signature and identification number.

– If the area that receives the claim is not competent to resolve it, it will notify the corresponding party within a maximum period of two (2) business days and inform the interested party of the situation.

– Once the complete claim has been received, a legend that says “claim in process” and the reason for it will be included in the database in a term not exceeding two (2) business days. This legend must be maintained until the claim is decided.

– The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first finished.

– The Holder has the right, at any time, to request the deletion of his Personal Data. The suppression implies the total or partial elimination of the Personal Data of the Databases, in agreement with the requested by the Holder. The right of withdrawal is not absolute and the Company may deny its exercise in the following events:

• The Holder has a legal or contractual duty to remain in the Database or the Responsible has a legal or contractual obligation that requires him to keep the Personal Data;
• The elimination of Personal Data hinders judicial or administrative proceedings linked to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions;
• The Personal Data are necessary to protect the legally protected interests of the Holder, to carry out an action based on the public interest, or to comply with an obligation legally acquired by the Holder or the Responsible.

14. NATIONAL REGISTRY OF DATABASES

In accordance with the provisions of article 25 of Law 1581 of 2012, Chapter 26 of Decree 1074 of 2015 and External Circular No. 02 of 2015 issued by the Superintendency of Industry and Commerce, MARROQUINERA RIVIERA SAS will record the following information in the National Registry of Databases:

– Identification, location and contact information of MARROQUINERA RIVIERA SAS.

– Identification data, location and contact of the Person in Charge of the Processing of Personal Data.

– Channels for the Holders to exercise their rights, that is, through the Area in Charge for the reception of Queries, Complaints and Claims.

– Information stored in the databases, related to the classification of the personal data stored, by categories according to the nature of the same.

– What are the measures that MARROQUINERA RIVIERA SAS or its Managers implement, to guarantee the security of the databases that are subject to registration.

– Name and purpose of each of the databases.

– Form of Treatment of the databases (manual or automated).

– The present Policy of Treatment of personal data.

– What is the origin of the personal data, that is, if MARROQUINERA RIVIERA SAS has collected the data directly from the owners or from a third party, by virtue of a transfer or transmission of personal data, and if the Data Holder has granted the authorization for data collection.

– International transfers of personal data.

– International transmission of personal data.

– National transfer or transfer of personal data.

– News report, that is,

• Registration of all complaints or claims presented by Personal Data Holders.
• Security incidents that are presented on personal databases. 

15. DATA RECTIFICATION AND UPGRADING 

MARROQUINERA RIVIERA SAS has the obligation to rectify and update, at the request of the owner, the information of the latter that is incomplete or inaccurate, in accordance with the procedure and the terms indicated above. In this regard, the following will be taken into account:

• In the requests for rectification and updating of personal data the owner must indicate the corrections to be made and provide the documentation that supports your request.
• MARROQUINERA RIVIERA SAS, has full freedom to enable mechanisms that facilitate the exercise of this right, as long as they benefit the owner. Consequently, electronic or other means may be enabled that you consider pertinent.
• The company may establish forms, systems and other simplified methods, which must be informed in the privacy notice and made available to interested parties.

16. DATA SUPPRESSION

The owner has the right, at all times, to request MARROQUINERA RIVIERA SAS the deletion (deletion) of their personal data when:

1. a) Consider that they are not being treated in accordance with the principles, duties and obligations set forth in the current regulations.
2. b) They have ceased to be necessary or pertinent for the purpose for which they were collected.
3. c) The period necessary to fulfill the purposes for which they were collected has been exceeded.

This suppression implies the total or partial elimination of personal information in accordance with the request by the owner in the records, files, databases or treatments performed by MARROQUINERA RIVIERA SAS. It is important to bear in mind that the right of cancellation is not absolute and the person in charge and in charge can deny the exercise of the same when:

1. a) The holder has a legal or contractual duty to remain in the database.
2. b) The elimination of data hinder judicial or administrative actions linked to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.
3. c) The data are necessary to protect the legally protected interests of the owner; to perform an action based on the public interest, or to comply with an obligation legally acquired by the owner.
4. SECURITY OF INFORMATION AND SECURITY MEASURES

In development of the security principle established in the current regulations, MARROQUINERA RIVIERA SAS will adopt the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

18. POLITICAL VALIDITY 

This Policy, governs from the first (1) of November 2016. 

The Personal Data included in the databases subject to Treatment, will remain and will be treated based on the temporality criterion for the contractual term that the product or service has, during the period in which the purpose for which they were collected persists, plus the term established by law. This Policy may be modified by the Company when it so requires without prior notice, provided it is non-substantial modifications. Only the modifications regarding the purposes of the Treatment and the data of the Person in Charge of the Treatment, or any other substantial modification will be previously communicated to the Owners.