PERSONAL DATA PROCESSING POLICY

OBJECTIVE

Establish the basic procedures to comply with the provisions of Law 1581 of 2012, regarding the processing of personal data, with the intention of avoiding inappropriate or unauthorized uses of the information collected by C&A 6 Sigma Corp. in the exercise of the activities defined in its corporate purpose.

​

DEFINITIONS

​

• Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data.

• Database: Organized set of personal data that is subject to treatment;

• Personal data: Any information linked or that can be associated with one or more specific or determinable natural persons;

• Treatment Manager: Natural or legal person, public or private, that by itself or in association with others, performs the Treatment of personal data on behalf of the Treatment Manager;

• Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of the data;

• Owner: Natural person whose personal data is subject to Treatment;

• Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

APPLICABLE LEGISLATION

  The processing of personal data will be guided for all its purposes, especially by the provisions of this Manual and in general by:      

​​

• Political Constitution articles 15 and 20

• Law 1266 of 2008 "By which the general provisions of habeas data are dictated and the management of the information contained in personal databases is regulated, especially financial, credit, commercial, services and that from third countries and it is dictate other provisions”

• Law 1273 of 2009 "By means of which the Penal Code is modified, a new protected legal right is created - called "information and data protection" - and the systems that use information technologies are fully preserved. information and communications, among other provisions.

• Decree 1727 of 2009 "which determines the way in which the operators of the data banks of financial, credit, commercial, services and information from third countries, must present the information of the holders of the information"

• Decree 2952 of 2010 "By which articles 12 and 13 of Law 1266 of 2008 are regulated"

• Law 1581 of 2012 "By which general provisions are issued for the protection of personal data"

• Decree 1377 of 2013 "By which Law 1581 of 2012 is partially regulated"       

​
 

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
 

•   Principle of legality regarding data processing: Data processing is a regulated activity that must be subject to the provisions of Law 1581 of 2012 and the other provisions that develop and complement it. 

• Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder.

• Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent;

• Principle of veracity or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable.

• Principle of transparency: In the Treatment, the right of the Owner to obtain from the Treatment Manager or the Treatment Manager, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed.

• Principle of restricted access and circulation: Treatment is subject to the limits derived from the nature of personal data, the provisions of Law 1581 of 2012 and the Constitution. In this sense, the Treatment can only be done by persons authorized by the Owner and/or by the persons provided for in the aforementioned law.

• Security principle: The information subject to Treatment by the Treatment Manager or Treatment Manager referred to in Law 1581 of 2012, must be handled with the technical, human and administrative measures that are necessary to grant security to the records, avoiding their unauthorized or fraudulent tampering, loss, consultation, use or access.

• Confidentiality principle: All persons involved in the Processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that the Processing comprises, and may only Carry out supply or communication of personal data when this corresponds to the development of the activities authorized in Law 1581 of 2012 and in the terms thereof.
  
   

PURPOSE OF PERSONAL DATA PROCESSING
 

• The Treatment of personal data of personal data is carried out with the following purposes:
   

• Purpose addressed to employees:

  • Manage the payment of their salaries and social benefits.

  • Development of evaluations and audits.

  • Contact close relatives in an emergency.

  • Participate in benefit programs created by C&A 6 Sigma corp. with the intention of improving their quality of life.

  • Manage monitoring of the Occupational Health and Safety Management System.
     

• Purpose directed to customers

  • Offer services designed specifically for each client.

  • Provide the contracted services.

  • Develop advertising and marketing campaigns.

  • Apply satisfaction surveys to determine the degree of adjustment of the client to the services provided by C&A 6 Sigma corp.

  • Develop auditing and quality control processes.

  • Design studies and statistical tests that allow a precise evaluation of the state of the market.

  • Billing and accounting for the services provided by C&A 6 Sigma corp.

  • Carry out collection and portfolio processes.
     

• Purpose addressed to suppliers

  • Manage the acquisition of goods or services required by the C&A 6 Sigma corp. for your operation.

  • Carry out accounting processes for the payment of goods or services required by the C&A 6 Sigma corp.

  • Perform audit processes and quality control.

​
 

RIGHTS OF THE INFORMATION HOLDER 

In accordance with the established  in  the  Law  1581  from  2012, the  headline  from  the  personal data you have the following rights:

1. Know, update and rectify your personal data in front of the Treatment Managers or Treatment Managers. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Treatment is expressly prohibited or has not been authorized. 

2. Request proof of the authorization granted to the Data Controller except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012. 

3. Be informed by C&A 6 Sigma corp, upon request, regarding the use that has been given to your personal data. 

4. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of this law and the other regulations that modify, add or complement it. 

5. Revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the Treatment. The revocation and/or suppression will proceed when the Superintendency of Industry and Commerce has determined that in the Treatment the Responsible or Person in Charge has incurred in conduct contrary to this law and the Constitution.

6. Free access to your personal data that has been processed.

​

​

DUTIES OF THE INFORMATION RESPONSIBLE

In accordance with the provisions  in  the  Law  1581  from  2012 C&A 6 Sigma duties are as follows:

1. Guarantee the Holder of the information, at all times, the full and effective exercise of the right of habeas data.

2. Keep a copy of the respective authorization granted by the owner.

3. Duly inform the owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

4. preserve the   information  under   the   terms  from   security  necessary  to prevent   his   adulteration, loss,   query,   use   or   access   no   authorized   or fraudulent.

5. Process the queries and claims made by the owners of the information in the terms indicated by articles 14 and 15 of Law 1581 of 2012.

6. Inform at the request of the Owner about the use given to their data.

7. Inform the  Superintendence  from  Industry  Y  Commerce  when  I know  present violations of the security codes and there are risks in the administration of the information of the Holders.

8. follow instructions  Y  requirements  that  impart  the  Superintendence  of Industry and Commerce

9. Identify the holders who are in legal proceedings related to the quality or details of the personal data.

10. Refrain from circulating information that is being controversial by  the  holder and whose   blocking   is   been   organized   for   the   Superintendence   from   Industry   and Trade.

11. Report   to   through   from   the   media   that   consider   relevant      the   new mechanisms  that  implement  for what  headlines  from  the  information  exercise their rights.

12. Adopt an internal manual of policies and procedures to guarantee proper compliance.

​

​

AUTHORIZATION

C&A 6 Sigma corp. will process personal data only with the prior, express and informed consent of the owners of the same, which will be obtained through any means that may be subject to subsequent consultation, authorization will be required from the first moment in the that the data is collected, and in that same act the owner will be informed of the data collected and its purposes.

PROCEDURE FOR THE PROCESSING OF PERSONAL DATA

1. Authorizations: C&A 6 Sigma corp will collect the personal data of its employees, customers and suppliers through a form that will unequivocally state the prior, express, and  informed  from  the  Headlines,  guaranteeing  in  everything  case  that  it is possible to verify the granting of said authorization.

2. Queries: The Holders will be able to consult the personal information that rests in the company's databases, and it will in turn provide them with all the information contained in the individual record or that is linked to the identification of the Holder. The query will be formulated by means of the email cual@cya6sigma.com

The query will be answered within a maximum term of ten (10) business days from the date of receipt of the query. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

1. Claims: The Holder who considers that the information contained in a database should be corrected, updated or deleted, may submit the respective request to the email Calidad@cya6sigma.com , which will be handled as follows:

2. The claim must be sent to the email address Calidad@cya6sigma.com with the information that must be corrected, updated or deleted. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

In the event that C&A 6 Sigma corp receives the claim and is not competent to resolve it, it will transfer it to the appropriate person within a maximum period of two (2) business days and will inform the interested party of the situation.

1. Once the complete claim is received, a legend will be included in the database that says "claim in process" and the reason for it, in a term not exceeding two (2) business days.

2. The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.

3. Revocation of the authorization: The holders of the personal data may revoke the consent to the processing of their personal data at any time, as long as it is not prevented by a legal or contractual provision for which the Holder must send the revocation request to the email quality @cya6sigma.com .