POLICIES AND PROCEDURES FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA
PREAMBLE:
Statutory Law 1581 of 2012, by which general provisions are issued for the protection of personal data, aims to develop the constitutional right that all people have to know, update and rectify the information that has been collected about them in databases. data or files, and the other rights, freedoms and constitutional guarantees referred to in article 15 of the Political Constitution; as well as the right to information enshrined in article 20 of the same.
In compliance with the provisions of the aforementioned and its Regulatory Decree 1377 of 2013, GLOBAL STRATEGIES & TOOLS S.A.S. adopts this policy for the processing of personal data, which will be informed to all owners of the data collected or that in the future are obtained in the exercise of economic, commercial or labor activities.
All persons who, in the development of different contractual, commercial, labor activities, among others, whether permanent or occasional, come to supply GLOBAL STRATEGIES & TOOLS S.A.S. any type of information or personal data, you will be able to know it, update it and rectify it.
1. OBJECT. This document of Policies and Procedures for the Protection and Treatment of Personal Data establishes the aspects and instruments outlined to guarantee the right to privacy, intimacy, good name and autonomy as a company, in the treatment of personal data, and in Consequently, all its actions will be governed by the principles of legality, purpose, freedom, veracity or quality, transparency, access and restricted circulation, security and confidentiality. Bearing in mind the provisions contained in articles 15 and 20 of the Political Constitution of Colombia, Law 1581 of 2012, Decree 1377 of 2013 and other regulations that modify, complement, regulate or add to it.
2. RESPONSIBLE FOR THE TREATMENT OF THE INFORMATION. GLOBAL STRATEGIES & TOOLS S.A.S., hereinafter referred to as GST, located at Carrera 18 # 78 – 40 Of 704, Bogotá Colombia. Website: www.globalst.co; Email: global@globalst.co; phone: +57 (1) 508 4959.
3. AREA OF APPLICATION. These policies and procedures apply to the treatment of personal data that the GST firm obtains, manages and manages in any of its databases.
4. DEFINITIONS. In accordance with the provisions of current regulations on the protection of personal data, for the purposes of applying the provisions contained in this document, it is understood as:
a) Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data. b) Privacy Notice: Physical document, electronic or in any other format, generated by the Responsible, which is made available to the Owner for the Treatment of their personal data, which communicates to the Owner the information regarding the existence of the policies Information Processing that will be applicable, the way to access them and the characteristics of the Treatment that is intended to be given to personal data. c) Database: Organized set of personal data that is subject to Treatment. d) Successor in title: person who has succeeded another due to the latter's death (heir). e) Personal data: Any information linked or that can be associated with one or more specific or determinable natural persons. f) Public data: It is the data qualified as such according to the mandates of the law or the Political Constitution and that which is not semi-private, private or sensitive. Data relating to the marital status of individuals, their profession or trade, their status as a merchant or public servant and those that can be obtained without reservation are public, among others. Due to its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, duly enforced judicial decisions that are not subject to reservation. g) Semi-private data: Semi-private data is data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to society in general. h) Private data: Data that, due to its intimate or reserved nature, is only relevant to the owner. i) Sensitive data: Sensitive data is understood to be those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social or human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data. j) Person in Charge of Treatment: Natural or legal person, public or private, that by itself or in association with others, performs the Treatment of personal data on behalf of the Person Responsible for Treatment. k) Responsible for Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of data. l) Holder: Natural person whose personal data is subject to Treatment. m) Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion. n) Transmission: Treatment of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Treatment by the Manager on behalf of the Responsible.
5. PRINCIPLES. In the development, interpretation and application of this document, the following principles must be applied, harmoniously and comprehensively:
a) Principle of legality in terms of data processing: Treatment Data processing is a regulated activity, which must be subject to the current and applicable legal provisions that govern the subject. b) Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution, Statutory Law 1581 of 2012 and Decree 1377 of 2013 which must be informed to the Holder, and other regulations that modify, complement or add . c) Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent. d) Principle of veracity or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited. e) Principle of transparency: In the Treatment, the right of the Owner to obtain from the Treatment Manager or the Treatment Manager, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed. f) Principle of access and restricted circulation: The Treatment is subject to the limits derived from the nature of the personal data, the provisions of the Constitution and the Law. In this sense, the Treatment can only be done by authorized persons. by the Holder and/or by the persons provided for in this policy. Personal data, except for public information, may not be available on the Internet or other means of disclosure or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or third parties authorized by law. For these purposes the GST obligation will be half. g) Principle of security: The information subject to Treatment by the Person Responsible for Treatment or Person in Charge of Treatment referred to in this document must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration. , loss, consultation, use or unauthorized or fraudulent access. h) Principle of confidentiality: All persons involved in the Processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks included in the Processing has ended. For this reason, they undertake to preserve and maintain in a strictly confidential manner and not reveal to third parties, all the information that they come to know in the execution and exercise of their functions; except in the case of activities expressly authorized by the data protection law. This obligation persists and will continue even after the end of their relationship with any of the tasks that the Processing includes.
6. RIGHTS OF THE HOLDERS. The Owner of the personal data will have the following rights:
a) Know, update and rectify your personal data against GST as responsible or in charge of the treatment, or exercise the right against whoever has received the data as a result of their transmission. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Treatment is expressly prohibited or has not been authorized. b) Request proof of the authorization granted to GST as data controller except when expressly excepted as a requirement for Treatment, in cases where authorization is not necessary, in accordance with the provisions of article 10 of Law 1581 of 2012 c) Be informed by GST, upon request, regarding the use that has been given to your personal data. d) Submit to the Superintendence of Industry and Commerce, or the entity acting in its place, complaints for violations of the provisions of Law 1581 of 2012, Decree 1377 of 2013 and other regulations that modify, add or complement it, prior process of consultation or requirement before GST. e) Revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the treatment. f) Free access to your personal data that has been subject to Treatment.
Rights of minors: In the processing of personal data, respect for the prevailing rights of minors will be ensured. The provision of personal data of minors is optional and must be done with the authorization of the parents or legal representatives of the minor.
7. DUTIES OF GST IN RELATION TO THE PROCESSING OF PERSONAL DATA: GST recognizes, at all times, that personal data is the property of the people to whom it refers and that only they can decide on it. In this sense, it will use them only for those purposes for which it is duly empowered, and in all cases respecting current regulations.
In accordance with the provisions of the law, in the treatment and protection of personal data, GST will have the following duties, without prejudice to others provided for in the provisions that regulate or regulate this matter:
a) Guarantee the holder, at all times, the full and effective exercise of the right of habeas data. b) Request and keep a copy of the respective authorization granted by the owner for the processing of personal data. c) Duly inform the owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted. d) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access. e) Guarantee that the information is truthful, complete, exact, up-to-date, verifiable and understandable. f) Update the information in a timely manner, thus attending to all the news regarding the owner's data. Additionally, all necessary measures must be implemented so that the information is kept up to date. g) Rectify the information when it is incorrect and communicate what is pertinent. h) Respect the security and privacy conditions of the holder's information. i) Process queries and claims formulated in the terms indicated by law. j) Identify when certain information is under discussion by the owner. k) Inform at the request of the owner about the use given to their data. l) Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the holders. m) Comply with the requirements and instructions issued by the Superintendency of Industry and Commerce on the particular subject. n) Use only data whose treatment is previously authorized in accordance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013. o) Ensure the proper use of personal data of children and adolescents, in those cases in which the processing of your data is authorized. p) Record in the database the legends "claim in process" in the manner in which it is regulated by law. q) Insert in the database the legend "information under judicial discussion" once notified by the competent authority about judicial processes related to the quality of the personal data. r) Refrain from circulating information that is being controversial by the owner and whose blocking has been ordered by the Superintendency of Industry and Commerce s) Allow access to information only to people who can have access to it.
8. AUTHORIZATION. The collection, storage, use, circulation or deletion of personal data by GST requires the free, prior, express and informed consent of the owner thereof. Except in cases where authorization is not required, namely:
a) Information required by a public or administrative entity in the exercise of its legal functions or by court order. b) Data of a public nature. c) Cases of medical or health emergency. d) Treatment of information authorized by law for historical, statistical or scientific purposes. e) Data related to the Civil Registry of Persons.Means and manifestations to grant the authorization: In accordance with the provisions of articles 3 and 9 of Law 1581 of 2012, the authorization will be issued by GST in a prior, express and informed manner and will be made available to the holder in a physical document. , electronic, or in any other format that guarantees its subsequent consultation. Consent to the authorization shall be understood when unequivocal conduct by the owner allows for the reasonable conclusion that he consented to said authorization. In any case, the way of obtaining the authorization must be adequate for the purpose for which it is requested and must take into account the nature of the information collected.
With the consent authorization procedure it is guaranteed that the owner of the personal data has been guaranteed, both the fact that their personal information will be collected and used for determined and known purposes, such as having the option of knowing any alternation to them and the specific use that has been given. The foregoing so that the holder makes informed decisions regarding your personal data and controls the use of your personal information.
The authorization to GST for the treatment of personal data may be granted by:
- The owner, who must accredit his identity sufficiently by the different means that will give him GST.
- The causes of the owner, who must prove such quality.
- The representative and / or seizure of the owner, after accreditation of representation or empowerment.
- Another in favor or for which the owner has stipulated.
The authorization will be a statement that will inform the owner of personal data:
a) Who collects (responsible or in charge). b) What it collects (data that is collected). c) For what the data collects (the purposes of the treatment). d) How to exercise access rights, correction, update or suppression of the personal data provided. e) If sensitive data is collected.
Proof of the authorization: GST will retain the authorization test granted by the holders of the personal data for their treatment, for which it will use the mechanisms available at its scope at the same time as it will adopt the necessary actions to maintain the registration of when And how he got this one. Consequently, GST will be able to establish physical files or electronic repositories carried out directly or through third parties contracted for that purpose.
9. Privacy Notice. The Privacy Notice is the physical, electronic document or in any other format, which is made available to the owner for the treatment of your personal data. Through this document, the owner is informed of the information regarding the existence of the information treatment policies that will be applicable to him, how to access them and the characteristics of the treatment that is intended to give to personal data.
The Privacy Notice, at a minimum, must contain the following information:
a) The identity, address and contact data of the Responsible for Treatment. b) The type of treatment to which the data will be subjected and the purpose of it. c) The rights of the owner. d) The general mechanisms arranged by the person responsible for the owner to know the policy treatment policy and substantial changes that occur in it. In all cases, the owner must be informed how to access or consult the treatment policy of information. e) The optional nature of the response relating to questions about sensitive data.
Privacy Notice Treatment Policies. GST will use the model of the Privacy Notice that was transmitted to the holders while carrying out personal data processing and lasting the obligations that derive. For storage purposes of the warning model, GST may use computer, electronic means or any other technology.
10. Purposes and treatment to which personal data will be subjected. The treatment of personal data that is provided to GST by any person with which the company has established or established a relationship, permanent or occasional, will be carried out in the legal framework that regulates the subject and by virtue of its status as private company, And they will be all necessary for the fulfillment of the corporate mission.
Develop activities and programs according to the GST mission and its statutes.
- Fulfill all your contractual commitments.
- Make the sending of information related to programs, activities, news, promotions, alliances, studies, offers, events, contents by area of interest, products and other goods or services offered by GST, as well as those of our allied companies.
- Report, provide, evaluate the products, events and / or services of GST.
- Provide the adequate treatment of information against each GST interest group. The above may include, among others: a) versus professional contacts: the treatment of data will be carried out for purposes related to market segmentation and business promotion between businessmen, executives and people; Exchange of information, development of commercial, promotional, administrative, contact, consultation, exchange, supply, and cooperation with private and public entities, national and international. b) Facing employees, service providers, former employees and candidates: The treatment of data will be carried out for purposes related to the selection, linkage, execution and termination of the employment relationship that emerges between the person and GST. Fulfilling the provisions of the Law on labor and social security, among others. c) Facing suppliers: The treatment of data will be carried out in order to contact and contract with suppliers products or services that GST requires for the normal operation of its operation and for the adequate endowment of its facilities or offices. Complying with the rules applicable to suppliers and contractors, including, but not limited to tax and commercial. d) Facing allies and other stakeholders: The treatment of data will be carried out to maintain contact to communicate to its allies and other interested programs, business proposals, activities, news, contents by area of interest, products and other goods or services offered by GST. e) Facing journalists: the treatment of data will be carried out for purposes related to giving information and dissemination of GST activities to strengthen its image and that of its allies before public opinion.
- Consequently, for the purposes described, GST may: a) Know, store and process all the information provided by the holders in one or more databases, in the most convenient estimated format. b) Sort, catalog, classify, divide or separate the information provided by the holders. c) Verify, corroborate, check, validate, investigate or compare the information provided by the holders, with any information that it legitimately arranges. d) Access, consult, compare and evaluate all the information that on the owners is stored in the databases of any credit, financial, judicial history or security, state-of-the-art security, national, national, or private security Foreign e) Analyze, process, evaluate, treat or compare the information provided by the holders. f) study, analyze, customize and use the information provided by the holders for monitoring, development and / or improvement, both individually and general, of conditions of service, administration, safety or care, as well as for the development of academic forums, Commercial promotion meetings, breakfast, lunches and business rounds and commercial missions. GST may share with its business allies that the results of the aforementioned studies, analysis, customizations and uses are submitted to the conditions of this authorization, as well as all the information and personal data supplied by the holders. g) In the event that GST is not found to be able to carry out the treatment by its own means, it may transfer the data collected to be treated by a third party, prior notification to the holders of the data collected, which will be in charge of the Treatment and should guarantee suitable conditions of confidentiality and safety of information transferred for treatment.
Sensitive data: In the case of sensitive personal data, related between others, with data on its racial or ethnic origin, belonging to unions, social organizations or human rights, political, religious, sexual life, biometric or data Health; GST may make use and treatment of them when:
- The owner has given its explicit authorization, except in cases that by law is not required by the granting of such authorization.
- The treatment is necessary to safeguard the vital interest of the owner and this is physically or legally incapacitated. In these events, legal representatives should grant their authorization.
- The treatment is carried out in the course of legitimate activities and due guarantees by a foundation, NGO, Association or any other non-profit body, whose purpose is political, philosophical, religious or union, as long as they refer exclusively To its members or people who maintain regular contacts because of their purpose. In these events, the data can not be supplied to third parties without the authorization of the owner.
- The treatment refers to data that is necessary for the recognition, exercise or defense of a right in a judicial process.
- Treatment has a historical, statistical or scientific purpose. In this event, measures conducive to the suppression of identity of the headlines should be adopted.
- Without prejudice to the exceptions provided for in the law, in the treatment of sensitive data, the prior authorization, express and informed authorization of the owner, which should be obtained by any means that may be subject to consultation and subsequent verification is required.
11. Access, Consultation, Claims, Rectification, update and data suppression procedures.
RIGHT OF ACCESS. The power of disposal or decision that the owner has about the information that concerns him, necessarily entails the right to access and know if his personal information is being treated, as well as the scope, generalities and conditions of such treatment. GST guarantees the owner of the information, its right of access in three ways:
a) The first implies that the owner can know the effective existence of the treatment to which their personal data is submitted. b) The second, that the owner can have access to his personal data that is in Possession of GST. c) The third, it means the right to know the essential circumstances of treatment, which translates into the duty of GST to inform the owner on the type of personal data treated, each and every one of the purposes that justify the treatment.
Paragraph: GST will guarantee the right of access when prior accreditation of the identity, legitimacy, or personality of the representative of the holder will make available to it, free of charge, the detail of the personal data through all types of medium, including the Electronic means that allow the direct access of the owner to these. This access must be offered without any limit and should allow the owner the possibility of knowing them and updating them online.
Consultations: In accordance with the provisions of article 14 of Law 1581 of 2012, the owners or their centers will be able to consult the personal information of the holder that repossess in any database. Consequently, GST will guarantee the right of consultation, supplying the holders, all the information contained in the individual registry or that is linked to the identification of the owner.
For the attention of personal data query requests GST guarantees:
a) Enable electronic means of communication or others that you consider pertinent. b) Establish forms, systems and other simplified mechanisms, which should be informed in the Privacy Notice. c) Use customer service or claim services that has in operation.
Procedure and requirements for consultation care: a) Communication should be sent to be physical or electronic This must contain at least date of application, photocopy of the identification document, contact address (physical or electronics) and telephone for notification purposes; For the representative of the owner, authenticated document that proves representation, if applicable. b) To exercise this right by electronic means, the owner, its dense, third authorized or proxy may formulate the consultation through the email intended by GST: global@globalst.co attaching the information previously related. c) To exercise this right by physical, its dense, authorized third or proxy may file the consultation at the GST Office, attaching the information previously related. d) The person interested in exercising this right, must in any case, use a means that allows you to accredit the shipment and reception of the request. Whatever the means used to exercise this right; GST will attend the request as long as the following requirements are met:
Holder: • Written communication. • Photocopy of the identification document. • Application form for access to personal data.
Third / Representative / Assignment: • Written communication. • Letter of authorization or authenticated document that accredits representation, if applicable. • Application form for access to personal data. • Photocopy of the identification document of the owner and the authorized person.
Terms for consultation care: Independently of the mechanism implemented for the attention of consultation requests, they will be served at a maximum term of ten (10) business days counted from the date of receipt. When it was not possible to attend the consultation within said term, the interested party will be informed before the expiration of the 10 days, expressing the reasons for the delay and pointing out the date on which his consultation will be attended, which in no case may be overcome the five (5) Business Days following the expiration of the first term.
Claims. The owner or its cause that considers that the information contained in a database must be corrected, update or deletion, or when they warn the alleged non-compliance of any of the duties contained in the regulations on personal data protection, they may have a Claim before the Responsible for Treatment.
The claim may submit the owner taking into account the information indicated in Article 15 of Law 1581 of 2012 and these rules:
a) If the claim was incomplete, the owner can complete it within five (5) business days following the receipt of the claim so that it sub-sail the faults. After two (2) months from the date of the requirement, without the applicant present the required information, it will be understood that it has made it desist of the claim. b) In the event that the one who receives the claim is not competent to resolve it, it will give transfer to whom it corresponds at a maximum term of two (2) business days and will inform the situation to the interested party. c) Once the full claim is received, a legend will be included in the database that says "CLAIM IN PROPERTY" and the reason thereof, in a term not greater than two (2) business days.
Likewise, the holder of the information can exercise these rights at any time, after compliance with the requirements established for it by GST. In this regard, GST will take into account the following:
a) In requests for rectification and updating personal data, the owner must indicate the corrections to be made and providing the documentation that supports his request. b) GST, it has full freedom to enable mechanisms that provide you with the exercise of this right, as long as they benefit the owner of the data. Consequently, electronic means or others may be enabled that GST considers relevant. c) GST may establish forms, systems and other methods, which must be informed in the Privacy Notice and will be available to the interested parties when required. d) When the request is formulated per person other than the owner and is not credited that it acts on legitimate representation, it will be taken not presented.
The Holder of Personal Data has the right, at all times, to request GST to suppress (elimination) of your personal data when:
a) Consider that they are not being treated in accordance with the principles, duties and obligations provided for in current regulations. b) They have ceased to be necessary or relevant for the purpose for which they were collected. c) The period has been exceeded for compliance with the purposes for which they were collected.
This data deletion involves the total or partial elimination of personal information in accordance with what is requested by the holder in the records, files, databases or treatments made by GST.
The right of cancellation is not absolute and GST may deny the exercise of it when:
a) The owner has a legal or contractual duty to remain in the database. b) The elimination of data hinders judicial or administrative actions linked to tax obligations, the investigation and persecution of crimes or the updating of administrative sanctions. c) the data is necessary to protect the legally tutored interests of the owner; To perform an action based on the public interest, or to fulfill an obligation legally acquired by the owner.
Procedure and requirements for the attention of claims, rectifications, updating or data deletion: a) The claim was formulated by written request aimed at GST and the Communication must contain at least request date, a clear and detailed description of the facts that give place To the claim, photocopy of the identification document, contact address (physics or electronics) and telephone for notification purposes, it must also be accompanied by the personal data processing claim format; For the representative of the owner, authenticated document that proves representation, if applicable. b) To exercise this right by electronic means, the owner, its cause, third authorized or proxy may formulate the claim by means of the e-mail destined GST: global@globalst.co attaching the information previously related. c) To exercise this right by physical, its dense, authorized third or proxy may file the consultation at the GST Office, attaching the information previously related. d) The person interested in exercising this right, must in any case, use a means that allows you to accredit the shipment and reception of the request. Whatever the means used to exercise this right; GST will attend the request as long as the following requirements are met:
Holder: • Written communication. • Photocopy of the identification document. • Personal data processing claim format.
Third / Representative / Assignment: • Written communication. • Letter of authorization or authenticated document that accredits representation, if applicable. • Personal data processing claim format. • Photocopy of the identification document of the owner and the authorized person.
Terms for claims, rectifications, update or data suppression: The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it was not possible to address the claim within that term, the interested party will be informed of the delay and the date on which their claim will be given, which in no case may exceed eight (8) business days following the expiration of the first finished.
Revoke authorization. The holders of personal data can revoke the consent to the treatment of their personal data at any time, as long as it does not prevent a legal or contractual provision. For this, GST should establish simple and free mechanisms that allow the holder to revoke his consent, at least for the same medium by which he granted him.
The revocation of consent can be: a) Total, that is, on all the consented purposes. b) Partial, that is, on certain types of treatment, being effectively maintained by the treatment for which, or which, the person responsible has not revoked its authorization.
At the time of raising the revocation request, the information holder must indicate whether the revocation it intends to be performed is total or partial. In the second case, it should be indicated with which treatment the owner is not in accordance.
Procedure and Requirements for Revocation Care of Authorizations: e) Communication should be sent to be physical or electronic that must contain at least request date, photocopy of the identification document, contact address (physics or electronics) and telephone for purposes of notification; For the representative of the owner, authenticated document that proves representation, if applicable. f) To exercise this right by means of electronic, the owner, its dense, third authorized or proxy may formulate the consultation through the email intended by GST: global@globalst.co attaching the information previously related. g) To exercise this right by physical, its dense, authorized third or proxy may file the consultation at the GST office, attaching the information previously related. h) The person interested in exercising this right, must in any case, use a means that allows you to accredit the shipment and receipt of the request. Whatever the means used to exercise this right; GST will attend the request as long as the following requirements are met:
Holder: • Written communication. • Photocopy of the identification document. • Application form for access to personal data.
Third / Representative / Assignment: • Written communication. • Letter of authorization or authenticated document that accredits representation, if applicable. • Application form for access to personal data. • Photocopy of the identification document of the owner and the authorized person.
12. SECURITY OF INFORMATION AND SAFETY MEASURES.
In development of the security principle established in Law 1581 of 2012, GST will host the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
13. Use and international transfer of personal data and personal information by GST
In compliance with the institutional mission and the strategic development plan of GST, and attending to the nature of permanent or occasional relationships that any person holder of personal data may have for GST, this may be transferred and transmission, including international, from all of personal data, as long as the applicable legal requirements are met; And consequently the holders with the acceptance of this policy, expressly authorize to transfer and transmit, even at an international level, personal data. The data will be transferred, for all relationships that can be established with GST.
For the International Transfer of Personal Data of the Holders, GST will take the necessary measures so that third parties know and commit themselves to observe this policy, under the understanding that the personal information they receive, can only be used for matters directly related to GST and only while it lasts and can not be used or intended for purpose or purpose. For the International Transfer of Personal Data, the provisions of Article 26 of Law 1581 of 2012 will be observed. International transmissions of personal data that GST will not require to be informed of the owner or consent when medieting a transmission contract of Personal data in accordance with Article 25 of Decree 1377 of 2013.
GST, it will also be able to exchange personal information with other governmental or public authorities (including, among other judicial or administrative authorities, tax authorities and criminal, civil, administrative, disciplinary and fiscal investigation agencies), and third party participants in civil legal proceedings and Its accountants, auditors, lawyers and other advisors and representatives, because it is necessary or appropriate: a) to comply with the laws in force, including laws other than those of their country of residence; b) to comply with legal proceedings; c) to respond to requests from public and government authorities, and to respond to requests from public and government authorities other than those of their country of residence; d) to enforce our terms and conditions; e) to protect our operations; f) to protect our rights, privacy, safety or property, yours or those of third parties; and g) obtain applicable compensation or limit the damages that may affect us.
14. Responsible and in charge of the treatment of personal data. GST will be responsible for the treatment of personal data. The communications area, or whoever does its time, will be responsible for the treatment of personal data on behalf of GST, to process the requests of the holders, for the exercise of access rights, consultation, rectification, update, Suppression and revocation referred to in Law 1581 of 2012.
15. General Regulation of European Personal Data Protection (GDPR). GST undertakes to comply with the rule regarding the treatment and protection of personal data of the European Union, in its capacity as a processor and controller of the personal data provided. The access, consultation, claims, rectification, update and data suppression channels have been designated in this policy for compliance with the GDPR.
16. Validity. This policy and procedures governing from October 14, 2016 and the databases will be maintained by the term that GST develops its object.