The privacy of the data of each client is very important to Tu Taller Design S.A.S., for this reason we want to be transparent regarding the treatment we give to your personal information. This policy describes the type of information we collect, how we treat and protect it, and to whom to direct your inquiries or comments.
TREATMENT POLICY FOR THE PROTECTION OF PERSONAL DATA OF THE HOLDERS TU TALLER DESIGN S.A.S.
In compliance with the provisions of Statutory Law 1581 of 2012 and its Single Regulatory Decree 1074 of 2015, TU TALLER DESIGN S.A.S. adopts this policy for the treatment of personal data, which will be informed to all the holders of the data collected or that will be obtained in the future in the exercise of commercial or labor activities.
In this way, TU TALLER DESIGN S.A.S. declares that it guarantees the rights of privacy, intimacy, good name in the treatment of personal data, and consequently all its actions will be governed by the principles of legality, purpose, freedom, truthfulness or quality, transparency, access and circulation restricted, security and confidentiality.
All persons who in the course of different contractual, commercial, labor activities, among others, whether permanent or occasional, will supply TU TALLER DESIGN S.A.S. any type of information or personal data, you can know, update and rectify it.
IDENTIFICATION OF THE RESPONSIBLE FOR THE TREATMENT NAME OF THE COMPANY
TU TALLER DESIGN S.A.S. which hereinafter will be called THE COMPANY, is dedicated to the Retail trade of other household items in specialized establishments.
ADDRESS AND ADDRESS: THE COMPANY has its domicile in the city of Medellín, and its main headquarters is located at Carrera 36 # 10A- 31.
PHONE: (57-4) 3229589.
Political Constitution, article 15, Law 1266 of 2008, Law 1581 of 2012, Regulatory Decrees 1727 of 2009 and 2952 of 2010, Partial Regulatory Decree 1377 of 2013
Judgments C - 1011 of 2008, and C - 748 of 2011, of the Constitutional Court Single Regulatory Decree 1074 of 2015
AREA OF APPLICATION
This policy will be applicable to the personal data registered in any database of THE COMPANY whose owner is a natural or legal person.
For the purposes of this policy and in accordance with current regulations on the protection of personal data, the following definitions will be taken into account:
Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data.
Privacy notice: Verbal or written communication generated by the Person Responsible, addressed to the Owner for the treatment of their personal data, through which they are informed about the existence of the information treatment policies that will be applicable to them, the way of accessing to them and the purposes of the treatment that is intended to be given to personal data.
Database: Organized set of personal data that is subject to treatment.
Personal data: Any information linked or that may be associated with one or more determined or determinable natural persons.
Public data: It is the data that is not semi-private, private or sensitive. Public data is considered, among others, data related to the civil status of people, their profession or trade and their status as a merchant or public servant. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official gazettes and duly executed judicial decisions that are not subject to reservation.
Sensitive data: Sensitive data is understood to be those that affect the privacy of the Owner or whose improper use may generate its discrimination, such as revealing racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, organizations social, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of the definitions included in this document are taken from the regulations in force in Colombia that regulate the protection of personal data. opposition political parties, as well as data related to health, sexual life, and biometric data.
Treatment Manager: Natural or legal person, public or private, who by himself or in association with others, performs the processing of personal data on behalf of the Data Controller.
Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data.
Owner: Natural person whose personal data is subject to Treatment.
Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
Transfer: the data transfer takes place when the person responsible and / or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is inside or outside from the country.
Transmission: processing of personal data that involves the communication thereof within or outside the territory of the Republic of Colombia when it is intended to carry out a treatment by the person in charge on behalf of the person in charge.
RIGHTS OF THE INFORMATION HOLDER
In accordance with the provisions of the applicable regulations on data protection, the following are the rights of the holders of personal data:
Access, know, update and rectify your personal data in front of the COMPANY in its capacity as data controller. This right may be exercised, among others, against partial, inaccurate, incomplete, fractional data that is misleading, or those whose treatment is expressly prohibited or has not been authorized.
Request proof of authorization granted to THE COMPANY for data processing, by any valid means, except in cases where authorization is not necessary.
Be informed by THE COMPANY, upon request, regarding the use it has made of their personal data.
Submit to the Superintendency of Industry and Commerce, or the entity that takes its place, complaints for infractions of the provisions of Law 1581 of 2012 and the other regulations that modify, add or complement it, after consultation or request before THE COMPANY .
Revoke the authorization and / or request the deletion of the data when the Treatment does not respect the principles, rights and constitutional and legal guarantees.
Free access to your personal data that has been processed, whenever there are substantial changes to this policy that motivate new queries.
These rights may be exercised by:
The owner, who must prove his identity sufficiently by the different means made available to him by THE COMPANY.
The holder's successors, who must prove such quality.
The representative and / or attorney of the owner, after accreditation of the representation or empowerment.
Another in favor or for which the owner has stipulated.
DUTIES OF THE COMPANY AS RESPONSIBLE AND RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
THE COMPANY recognizes the ownership of personal data held by people and therefore they can exclusively decide on it.
Therefore, THE COMPANY will use personal data for the fulfillment of the purposes expressly authorized by the owner or by current regulations.
In the treatment and protection of personal data, THE COMPANY will have the following duties, without prejudice to others provided for in the provisions that regulate or come to regulate this matter:
Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.
Request and keep a copy of the respective authorization granted by the owner for the treatment of sensitive data.
Properly inform the owner about the purpose of the collection and the rights that assist him under the authorization granted.
Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Guarantee that the information is truthful, complete, exact, updated, verifiable and understandable.
Update the information in a timely manner, thus attending to all the news regarding the owner's data. Additionally, all necessary measures must be implemented so that the information is kept up to date.
Rectify the information when it is incorrect and communicate the pertinent.
Respect the security and privacy conditions of the owner's information.
Process inquiries and claims formulated in the terms indicated by law. Identify when certain information is under discussion by the owner. Inform at the request of the owner about the use given to their data.
Inform the data protection authority when there are violations of the security codes and there are risks in the management of the information of the holders.
Comply with the requirements and instructions issued by the Superintendency of Industry and Commerce on the subject in particular.
Refrain from circulating information that is being controversial by the owner and whose blocking has been ordered by the Superintendence of Industry and Commerce
Allow access to information only to people who can access it.
Use the personal data of the owner only for those purposes for which it is duly empowered and in any case respecting current regulations on the protection of personal data.
AUTHORIZATION AND CONSENT OF THE HOLDER
THE COMPANY requires the free, prior, express and informed consent of the owner of the personal data for the treatment thereof, except in cases expressly authorized by law, namely:
Information required by a public or administrative entity in the exercise of its legal functions or by court order.
Data of a public nature.
Cases of medical or sanitary emergency.
Processing of information authorized by law for historical, statistical or scientific purposes.
Data related to the Civil Registry of Persons
Manifestation of authorization
The authorization to THE COMPANY for the processing of personal data will be granted by:
The owner, who must prove his identity sufficiently by the different means made available by THE COMPANY
The representative and / or attorney of the owner, after accreditation of the representation or empowerment.
Another in favor or for which the owner has stipulated.
Means of granting authorization
THE COMPANY will obtain authorization through different means, including the physical, electronic document, data message, Internet, Websites, or in any other format that in any case allows obtaining consent through unequivocal conduct through which it is concluded that if it had not been supplied by the owner or the person authorized to do so, the data would not have been stored or captured in the database. The authorization will be requested by THE COMPANY prior to the processing of personal data.
Proof of authorization
THE COMPANY will keep the proof of the authorization granted by the holders of the personal data for its treatment, for which it will use the mechanisms available at the present time as well as take the necessary actions to maintain the registration of the form and date and where you got this one. Consequently, THE COMPANY may establish physical files or electronic repositories made directly or through third parties contracted for this purpose.
Revocation of authorization.
The holders of personal data may at any time revoke the authorization granted to THE COMPANY for the processing of their personal data or request the deletion of the same, provided that it is not prevented by a legal or contractual provision. THE COMPANY will establish simple and free mechanisms that allow the owner to revoke their authorization or request the deletion of their personal data, at least by the same means by which it was granted.
For the above, it must be taken into account that the revocation of consent can be expressed, on the one hand, in full in relation to the authorized purposes, and therefore THE COMPANY must cease any activity of data processing; and on the other partially in relation to certain types of treatment, in which case it will be those on which the treatment activities will cease, as for advertising purposes, among others. In the latter case, THE COMPANY may continue to process personal data for those purposes in relation to which the owner had not revoked his consent.
TREATMENT TO WHICH THE DATA AND PURPOSE OF THE SAME WILL BE SUBMITTED
The treatment of the personal data of employees, former employees, retirees, suppliers, contractors, customers, or any person with whom THE COMPANY has established or established a relationship, permanent or occasional, will be carried out in the legal framework that regulates the matter. and by virtue of its status as a Decoration and Furniture Store, and will be all necessary for the fulfillment of the corporate mission.
In any case, personal data may be collected and processed to:
Send information related to offers, activities, news, content by area of interest, products and other goods or services offered by THE COMPANY.
Develop the mission of THE COMPANY according to its statutes.
Comply with the rules applicable to suppliers and contractors, including but not limited to tax and commercial.
Comply with the provisions of the Colombian legal system in labor and social security matters, among others, applicable to former employees, current employees and candidates for future employment.
Carry out surveys related to the services or goods of THE COMPANY.
Keep in touch with your customers, suppliers, employees.
Inform about job opportunities, promotions, or information from THE COMPANY.
Comply with all your contractual commitments.
In the case of sensitive personal data, THE COMPANY may use and process them when:
The owner has given his explicit authorization, except in cases where the granting of said authorization is not required by law.
The treatment is necessary to safeguard the vital interest of the Holder and the latter is physically or legally incapacitated. In these events, the legal representatives must grant their authorization.
Without prejudice to the exceptions provided for in the law, in the treatment of sensitive data the prior, express and informed authorization of the owner is required, which must be obtained by any means that may be subject to subsequent consultation and verification.
NOTICE OF PRIVACY
The Privacy Notice is the physical document, electronic or in any other format, made available to the owner to inform them about the treatment of their personal data. Through this document, the owner is informed of the information related to the existence of the COMPANY's information processing policies and that they will be applicable, the way of accessing them and the characteristics of the treatment that is intended to be given to the data. personal.
The privacy notice must contain, as a minimum, the following information:
The identity, address and contact details of the data controller.
The type of treatment to which the data will be submitted and its purpose.
The rights of the owner.
The general mechanisms arranged by the person in charge so that the owner knows the information treatment policy and the substantial changes that occur in it. In all cases, you must inform the owner how to access or consult the information processing policy.
The optional nature of the answer regarding questions about sensitive data.
GUARANTEES OF THE RIGHT OF ACCESS
To guarantee the right of access of the data owner, THE COMPANY will make available to him, after accreditation of his identity, legitimacy, or the personality of his representative, without cost or expense, in detail and detail, the respective personal data through all types of media, including electronic means that allow direct access by the owner to them.
PROCEDURE FOR THE ATTENTION OF CONSULTATIONS, CLAIMS, REQUESTS FOR RECTIFICATION, UPDATING AND DELETING OF DATA
The owners or their successors in title may consult the personal information of the owner that resides in THE COMPANY, who will supply all the information contained in the individual record or that is linked to the identification of the Owner.
Regarding the attention to requests for personal data consultation, THE COMPANY guarantees:
Enable electronic or other means of communication that you consider relevant.
Use the customer service or claims services that you have in operation.
In any case, regardless of the mechanism implemented to attend to consultation requests, they will be answered within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the query within said term, the interested party will be informed before the expiration of 10 days, stating the reasons for the delay and indicating the date on which his query will be answered, which in no case may exceed five (5) business days following the expiration of the first term.
Queries may be made to the email email@example.com
The Holder or his successors in title that consider that the information contained in a database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with THE COMPANY, which will be processed under the following rules:
The Holder's claim will be made by request addressed to THE COMPANY at the email firstname.lastname@example.org or by written communication addressed to the Administrative department, with the owner's identification, the description of the facts that give rise to the claim, the address, and Accompanying the documents that you want to assert. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the failures. If two (2) months have elapsed since the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
In the event that the person who receives the claim is not competent to resolve it, he will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of the situation.
Once the complete claim is received, it will be cataloged with the label "claim in process" and the reason for it, in a term not exceeding two (2) business days. Said label will be kept until the claim is decided.
The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days after the expiration of the first finished.
Request for update, rectification
THE COMPANY will rectify, update, at the request of the owner, the information of the latter that turns out to be incomplete or inaccurate, in accordance with the procedure and the aforementioned terms, for which the following will be taken into account:
The owner must send the request to the email email@example.com or in a physical medium addressed to the Administrative department indicating the update and / or rectification to be made and will provide the documentation that supports your request.
THE COMPANY may enable mechanisms that facilitate the exercise of this right to the owner, as long as they benefit from it. Consequently, electronic or other means deemed pertinent may be enabled, which will be informed in the privacy notice and will be made available to those interested on the website.
Request for deletion of data
The owner of the personal data has the right to request the COMPANY its deletion (deletion) in any of the following events:
Consider that they are not being treated in accordance with the principles, duties and obligations set forth in the current regulations.
They are no longer necessary or relevant for the purpose for which they were collected.
The period necessary for the fulfillment of the purposes for which they were collected has been exceeded. This deletion implies the total or partial elimination of personal information in accordance with what is requested by the owner in the records, files, databases or treatments carried out by THE COMPANY. However, this right of the owner is not absolute and consequently THE COMPANY may deny the exercise of it when:
The owner has a legal or contractual duty to remain in the database.
The deletion of data hinders judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.
The data is necessary to protect the legally protected interests of the owner; to carry out an action based on the public interest, or to fulfill an obligation legally acquired by the owner.
NATIONAL DATABASE REGISTRY
Your Design Workshop reserves, in the events contemplated in the law and in its statutes and internal regulations, the power to maintain and catalog certain information that rests in its databases or databases, as confidential according to current regulations, its statutes The company will proceed in accordance with current regulations and the regulations issued by the National Government for this purpose, to register their databases before the National Registry of Databases (RNBD), which will be administered by the Superintendency of Industry and Commerce. The RNBD., Is the public directory of the databases subject to Treatment that operate in the country; and that it will be of free consultation for the citizens, in accordance with the regulations issued for this purpose by the National Government.
INFORMATION SECURITY AND SECURITY MEASURES
In compliance with the security principle established in the current regulations, THE COMPANY will adopt the technical, human and administrative measures that are necessary to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
INTERNATIONAL USE AND TRANSFER OF PERSONAL DATA AND PERSONAL INFORMATION BY THE COMPANY
In compliance with the corporate mission and the strategic development plan of THE COMPANY, and taking into account the nature of the permanent or occasional relationships that any person holding personal data may have with THE COMPANY, it may carry out the transfer and transmission, including international, of all personal data, as long as the applicable legal requirements are met; and consequently the holders with the acceptance of this policy, expressly authorize to transfer and transmit, even internationally, personal data. The data will be transferred, for all relationships that may be established with THE COMPANY.
For the international transfer of personal data of the holders, THE COMPANY will take the necessary measures so that third parties know and commit to observe this policy, on the understanding that the personal information they receive can only be used for matters directly related to THE COMPANY and only while it lasts and may not be used or destined for a different purpose or purpose. For the international transfer of personal data, the provisions of article 26 of Law 1581 of 2012 will be observed. The international transmissions of personal data carried out by THE COMPANY will not require the owner to be informed or have their consent when a transmission contract is made. of personal data in accordance with article 25 of Decree 1377 of 2013.
THE COMPANY may also exchange personal information with other governmental or public authorities (including, among other judicial or administrative authorities, tax authorities and criminal, civil, administrative, disciplinary and fiscal investigation bodies), and third parties participating in civil legal proceedings. and their accountants, auditors, attorneys, and other advisers and representatives, because it is necessary or appropriate:
- To comply with applicable laws, including laws other than those of your country of residence.
- To comply with legal processes.
- To respond to requests from public and government authorities, and to respond to requests from public and government authorities other than those of your country of residence.
- To enforce our terms and conditions.
- To protect our operations.
- To protect our rights, privacy, security or property, yours or those of third parties.
- Obtain the applicable compensation or limit the damages that may affect us.
RESPONSIBLE AND RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
TU TALLER DESIGN S.A.S will be responsible for the treatment of personal data.