PRIVACY POLICY

PRELIMINARY CONSIDERATIONS

With the firm intention of giving a faithful and strict compliance with the legal provisions for the protection of personal data enshrined in Law 1581 of 2012 and its regulatory Decree 1377 of 2013, PALO ROSA BEACHWEAR S.A.S. (hereinafter PALO ROSA or the Company) in its capacity as administrator and responsible for the treatment of the information of its customers, suppliers and employees, and of the databases in which they are stored, establishes through this document the Policy for the Treatment of Personal Data that governs the interactions between the Company and the holders of the information.
Under the previous understanding, this Personal Data Processing Policy intends to provide a clear overview regarding the personal data that PALO ROSA may eventually collect in the course of its commercial activity, the treatment that will be given to them, the procedures that holders have at their disposal to enforce their rights and, in general, all the guidelines and guidelines that the Company will follow in the handling of the personal data of the holders of the information.

 

I. GENERAL

1.1. Definitions

In accordance with current legislation on the subject, it is understood as:

a) Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data.

b) Database: Organized set of personal data that is the object of Treatment.

c) Personal data: Any information linked or that may be associated with one or more specific or determinable natural persons.

d) Private data: It is the data that due to its intimate or reserved nature is only relevant for the Holder.

e) Public data: The data contained in public documents, duly enforced judicial sentences that are not subject to reservation and those related to the civil status of persons are public, among others.

f) Semi-private data: The data that has no intimate, reserved, or public nature and whose knowledge or disclosure may interest not only its Owner but also a certain sector or group of people or society in general, such as financial data and credit of commercial activity or services referred to in Title IV of Law 1266.

g) Sensitive data: The one that affects the privacy of the Holder or whose improper use can generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.

h) Person in charge of the Treatment: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Person Responsible for the Treatment.

i) Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Data Processing.

j) Owner: Natural person whose personal data is subject to Treatment.

k) Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

 

1.2. General principles

In the development, interpretation and application of these Personal Data Processing Policies, the principles contemplated in article 4 of Law 1581 of 2012. shall be applied in an integral manner: Namely, legality principle, principle of purpose, principle of freedom, principle of truthfulness, principle of transparency, principle of access and restricted circulation, principle of security and principle of confidentiality.
Who in the exercise of any commercial or labor activity – permanent or occasional – provides any personal information to the Company as Responsible for the Treatment, may know, update and rectify it.
The Company will keep in mind, at all times, that the personal data are the property of the people to whom they refer and that only they can decide on them. In this sense, it will use them only for those purposes for which it is duly authorized, and in any case respecting the current regulations on protection of personal data.

 

1.3. Treatment Manager

The person in charge of the processing of personal data will be PALO ROSA BEACHWEAR S.A.S. domiciled in the city of Bogotá, Colombia, and identified with NIT 900887281-4.
The contact details are as follows:

Office Address: Carrera 12ª # 78 – 58.
Phone: (1) 920-6921
Email: info@palorosabeachwear.co

 

1.4. Personal Data Collected

The personal data that will be collected and included in the database will be limited to personal data that are relevant and appropriate for the purpose for which they will be collected, which include, but are not necessarily limited to:

  • Identification data
  • Home
  • Telephones and mail
  • Financial data and tax information
  • Educational level and professional career
  • Data related to affiliation and social security contributions
  • Judicial and / or disciplinary background

In the event that the Company collects and processes sensitive data, such treatment will be done in strict compliance with the requirements of the applicable standards.

 

1.5. Purpose of the Collection of Personal Data.

Personal data will be used by the Company directly or through designated third parties, for those purposes for which it is duly authorized. In the performance of its functions, the Company in its capacity as a commercial company may use the personal data of the owners of the information, among others, for the following purposes, direct and indirect and, related or not related to its corporate purpose:

  • Achieve efficient communication related to the services / products, and other activities related to the Company’s own functions as a commercial company, as well as other companies that have a direct or indirect relationship, and to facilitate general access to information on these;
  • Comply with obligations contracted with contractors, contractors, customers, suppliers, and employees;
  • Comply with the obligations of law;
  • Provide information that may be of interest to customers, employees, suppliers and contractors.
  • Participate in public, private or other contracting processes;
  • Conduct internal studies.
  • Analyze professional profiles for new hires.
  • Evaluate the quality of service, and in general, other activities required for the proper development of the Company’s corporate purpose.

 

II. RIGHTS OF THE HOLDERS

The Holder of the personal data will have the following rights:
a) Know, update and rectify your personal data in front of the Company or those in charge of the processing of your personal data. This right may be exercised, inter alia, against partial, inaccurate, incomplete, fractional data that is misleading, or those whose Treatment is expressly prohibited or has not been authorized.

b) Request proof of the authorization granted to the Company, except in the case of personal data for which Law 1581 of 2012 expressly exempts the authorization as a requirement for the Treatment.
YOUR NAME:

YOUR EMAIL:

POLICY FOR THE PROCESSING OF PERSONAL DATA

c) Be informed by the Company, upon request, regarding the use it has given to your personal data.

d) Revoke the authorization and / or request the deletion of the data when the constitutional and legal principles, rights and guarantees are not respected in the treatment. The revocation and / or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the treatment the Responsible or Responsible have incurred in conduct contrary to the law and the Constitution.

e) Access free of charge to your personal data that have been subject to Treatment.

II.1. Legitimation for the exercise of the rights of the Holders
he rights of the Holders may be exercised by the following persons:
a) By the Holder, who must prove his identity.
b) For their successors, who must prove such quality.
c) By the representative and / or proxy of the Holder, prior accreditation of the representation or empowerment.

 

III. PETITIONS, COMPLAINTS, CLAIMS AND CONSULTATIONS

For the attention of the described consultations, the Administration has been arranged as responsible
PALO ROSA and the following media have been enabled:

Email: info@palorosabeachwear.co
Written communication: Directed or based in the city of Bogota, Carrera 12ª # 78 – 58, Local Palo Rosa.
Phone: (1) 920-6921

Thus, if the Holder of the information wishes to exercise any of the rights that assist him, he may submit a written request, through any of the previously established forms of contact, to the Company. Any request that a holder of the information presented will be processed in accordance with the following:

 

III.1 General Rules

The request must be made in writing, either by email or letter to the physical address, and must be specifically addressed to the Company Administration.
In the application submitted, it must be specified:

  • The full name of the Holder and the ID.
  • A contact address (electronic or physical) to which the response can be sent.
  • The clear and precise description of the personal data in respect of which the Holder seeks to exercise any of the rights.
  • A brief description of the facts that motivate the request.
  • The purpose of the request drafted in a clear and concrete manner, so that it is possible to understand what the final intention is regarding the data – read if you want to process a simple consultation in exercise of the right of access, or if on the contrary It is intended to perform an update, deletion, rectification of personal data and / or revocation of the authorization, among others.
  • When the request is made by a person other than the Holder, the person or mandate to act must be duly accredited. It is important to highlight that in case of not accrediting such quality, the request will be considered as not submitted.
  • Any document that you want to assert as part of the application.

 

III.2 Specific Rules

a) Queries:
The Holders, or their successors may consult the personal information of the Holder that rests in any database of the Company. This last one will guarantee the right of consultation, providing to the holders, all the information stored in the Databases that is related to the Holder.

In the cases of consultations that are carried out in exercise of the right of access, these will be attended in a term not exceeding ten (10) business days counted from the date of receipt. If it is not possible to attend the query within the indicated term, the interested party will be informed of the reason for the delay, also indicating the date on which they will be answered. In any case, the new date shall not exceed five (5) business days following the expiration of the initial term of ten (10) days.

b) Claims:
At any time and for free, the Holder or his successors who consider that the information contained in any of the Company’s databases must be subject to correction, updating or deletion, or when they consider that any of the duties are being breached of the Company as Responsible for the Treatment, may submit their claim either by email or letter to the physical address, specifically addressed to the Company’s Administration area.

The rights of rectification, update or deletion may be exercised by:

  • The Holder or his successors, prior accreditation of his identity, or through electronic instruments that allow him to identify himself; or
  • Your representative, after accreditation of the representation.

If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has given up the claim.

Once the complete claim is received, a legend that says “claim in process” and the reason for it will be included in the database, in a term not exceeding two (2) business days. This legend must be maintained until the claim is decided.

The maximum term to handle the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the term initial of fifteen (15) days.

c) Rectification and Update of Data:
In addition to what is stated in the General Rules, in the case of requests for rectification and updating of personal data, the Holder or applicant must indicate the corrections to be made and provide the documentation that supports their request.

d) Data Deletion:
The Holder has the right, at all times, to request the Company to delete (delete) their personal data when:

  • Consider that they are not being treated in accordance with the principles, duties and obligations set forth in current regulations.
  • They are no longer necessary or relevant for the purpose for which they were collected.
    The period necessary for compliance with the fines for which they were collected has been exceeded.
  • This deletion implies the total or partial elimination of personal information as requested by the Holder in the Company’s databases.
  • Notwithstanding the foregoing, the right of deletion is not absolute and the Company may deny its exercise when:
  • The Holder has a legal or contractual duty to remain in the database.
  • The elimination of data hinders judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes or the update of administrative sanctions.
  • The data is necessary to protect the legally protected interests of the Holder; to carry out an action based on public interest, or to comply with an obligation legally acquired by the Holder.

e) Revocation of the Authorization:
The Holders have the right to revoke the authorization for the Treatment of their data when the constitutional and legal principles, rights and guarantees are not respected, unless by legal or contractual obligation the Company must keep such personal data.
The revocation can be on the totality of the consented purposes, which would imply that the Company must stop treating the Holder’s data completely.
It can also be given on certain types of treatment, in which case it would be a partial revocation. In that case, the authorization will remain firm for all other purposes for which the Holder did not revoke his authorization.

 

IV. CHANGES TO THE PERSONAL DATA PROCESSING POLICY

The Company reserves the right to modify this Personal Data Processing Policy at any time. When substantial modifications are made, this will be communicated to the Holders by sending a notice to the email they have registered, before or at the latest at the time of implementation, informing them where and how they can consult the new Data Processing Policy. This notice will indicate the date from which the new Personal Data Processing Policy will govern. When the change refers to the purposes of the treatment, the Holders will be asked for a new authorization to apply them.

 

V. VALIDITY

This Data Processing Policy will be effective as of October 15, 2016.