Privacy policy
1. Identification of the Party Responsible for the Processing of Personal Data
INTERPRETING COLOMBIA S.A.S, identified with the Taxpayer Identification Number (NIT, as per the acronym in Spanish) 900562114-7, dedicated to the provision of professional services involved in the interpretation, translation and revision of texts, bilingual accompaniment, rental and leasing of equipment and software for events and meetings, technical support, subtitling, and transcription, with commercial registration in the Chamber of Commerce of Cartagena, under registration number 30682112.
Address: Calle 25 # 24A – 16, Of 1507, Edif. Twins Bay, Cartagena, Colombia
Phone: 605 6421781
E-mail: hello@interpretingCO.com
2. Definitions
Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.
Channels for exercising rights: These are the means for receiving and attending to requests, queries, and claims that the Party Responsible for Processing and the Party in Charge of Processing must make available to the Data Subjects.
Claim: Request made by the Data Subject or the persons authorized by him/her or by the Law to correct, update, or delete his/her personal data or to revoke authorization in the cases established by the Law.
Database: Organized set of personal data that is subject to Processing.
Data subject: Natural person whose personal data is subject to processing.
Habeas Data: The right of Habeas Data is a fundamental right, enshrined in Article 15 of the Political Constitution, that allows all persons to know about, update, and rectify any information that has been collected about them in public and private entities’ data banks.
National Database Registry: The public directory of databases subject to processing that are operating in the country. The registry will be administered by the Superintendence of Industry and Commerce and will be freely available for citizens to consult.
Party in charge: Natural or legal person, public or private, which by itself or in association with others, performs the Processing of personal data on behalf of the Party Responsible for Processing.
Personal data: Any information linked to or that can be associated with one or several determined or determinable natural persons.
Principle of accuracy or quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable, and understandable. The processing of partial, incomplete, fractioned, or misleading data is prohibited.
Principle of confidentiality: All persons involved in the processing of personal data that is not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing and may only provide or communicate personal data when it corresponds to the implementation of the activities authorized by law and under the terms of the same.
Principle of freedom: Processing can only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
Principle of legality: The processing of personal data is a regulated activity that must be subject to the provisions of the law and other related provisions.
Principle of purpose: The Processing must obey a legitimate purpose in accordance with the Constitution and the Law, of which the Data Subject must be informed.
Principle of restricted access and circulation: Processing is subject to the limits deriving from the nature of the personal data, legal provisions, and the Constitution. In this sense, the Processing may only be carried out by persons authorized by the Data Subject and/or by the persons provided for by law. Personal data, except for that which is public information, may not be made available on the Internet or shared via other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to data subjects or authorized third parties in accordance with the law.
Principle of security: The information subject to Processing by the Party Responsible for Processing or Party in Charge of Processing shall be handled with the technical, human, and administrative measures necessary to protect the records and prevent their adulteration, loss, consultation, and unauthorized or fraudulent use or access.
Principle of transparency: The right of the Data Subject to obtain information about the existence of data concerning him/her from the Party Responsible for Processing or the Party in Charge of Processing, at any time and without restrictions, must be guaranteed in the Processing.
Privacy Notice: Verbal or written communication generated by the Responsible Party, addressed to the Data Subject for the Processing of his/her personal data, by means of which s/he is informed about the existence of the information processing policies that will be applicable, the way to access them, and the intended purpose for processing the personal data.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.
Public data: Data that is not semi-private, private, or sensitive. Data related to the marital status of individuals, their profession or trade, and their status as merchants or public servants, among others, is considered public data. Due to its nature, public data may be included, among other sources, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.
Responsible party: Natural or legal person, public or private, who by himself/herself or in association with others, makes decisions about the database and/or the processing of data.
Sensitive data: Sensitive data is understood as that which affects the privacy of the Data Subject or whose improper use may generate discrimination, such as data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, social or human rights organizations, or groups that promote the interests of any political party or that guarantee the rights of opposition political parties, as well as data related to health, sex life, and biometric data.
3. Database content
InterpretingCO will store general information such as full name, ID number and type, gender, and contact details (e-mail, physical address, landline, and cell phone). In addition to this information, in order to properly carry out its commercial activities and strengthen its relationships with third parties, interpretingCO collects, stores, uses, circulates, and deletes Personal Data of natural and legal persons with whom it has or has had a relationship, especially, but not limited to, clients, distributors, providers, creditors, debtors, and employees. Furthermore, depending on the nature of the database, interpretingCO may use this data in cases when it needs to process certain specific information. In the databases with employees and contractors’ information, employment history and sensitive data required due the nature of the contractual relationship is also included. Sensitive information may be stored in the databases with prior authorization of the data subject, in compliance with the provisions of Articles 5 and 7 of Law 1581 of 2012.
4. Uses of Personal Data
InterpretingCO, acting as the Party Responsible for the Processing of Personal Data and in order to carry out its commercial activities and strengthen its relationships with third parties, it collects, stores, uses, circulates, and deletes Personal Data for the following purposes or uses:
The purpose of the information collected by interpretingCO is to allow it to properly carry out its corporate purpose. Information about clients, providers, employees, and users, among others, will be kept for the purpose of facilitating, promoting, enabling, or maintaining labor, civil, and commercial relationships. Information about clients, providers, employees, and users, among others, is stored in order to comply with the activities of its purpose, particularly those related to the development, planning, and implementation of programs, projects, plans, policies, contracts, or agreements necessary to promote and execute interpretingCO’s corporate purpose.
5. Data subject’s rights
In accordance with the provisions of Article 8 of Law 1581 of 2012, data subjects have the following rights:
5. 1. 1. Right of access. The data subject has the right to obtain all the information regarding his/her own personal data, whether partial or complete, information regarding how the data was processed, the purpose of the processing, the location of the databases, and the communications and/or transfers made regarding his/her information, whether authorized or not. In addition to requesting proof of the authorization granted to interpretingCO, except when expressly exempted as a requirement for the Processing, in accordance with the provisions of Article 10 of Law 1581, interpretingCO must guarantee the Data subject free access to the data being processed.
5. 1. 2. Right to update. The data subject will have the right to update his/her personal data when this varies.
5. 1. 3. Right of rectification. This right entitles the data subject to rectify information that proves to be inaccurate, incomplete, or non-existent.
5. 1. 4. Right of cancellation. The holder has the right to cancel, at any time, his/her personal data when this is excessive, not pertinent, or the processing is contrary to regulations.
5. 1. 5. Right to revoke consent. Right to revoke the authorization and/or request the deletion of the data when the processing does not respect constitutional and legal principles, rights, and guarantees. The revocation and/or suppression will proceed when the Superintendence of Industry and Commerce has determined that interpretingCO or the person in charge has engaged in conduct contrary to this law and the Constitution.
5. 1. 6. Right to file complaints and claims or to take legal action. Right to file complaints, before the Superintendence of Industry and Commerce, for violations of the provisions of this law and other regulations that modify, add to, or complement it.
Cases in which authorization by the data subject is not required.
- Information required by a public or administrative entity in the exercise of its legal functions or by court order.
- Databases of a public nature.
- Cases of medical or health emergency.
- Processing of information authorized by law for historical, statistical, or scientific purposes.
- Data related to the Civil Registry.
In these cases, although the authorization of the Data Subject is not required, the other principles and legal provisions on the protection of personal data will apply.
These rights may be exercised by:
- The data subject
- The successors of the data subject
- The representative and/or proxy of the data subject.
- Other parties in favor of the data subject or who the data subject has stipulated.
All the aforementioned parties must prove their status before interpretingCO by the necessary means.
6. InterpretingCO obligations
When interpretingCO, or any of the recipients of this policy, assumes the role of person in charge of the processing of personal data under its custody, it must comply with the following duties without prejudice to other legal provisions.
6.1. Guarantee the data subject, at all times, the full and effective exercise of the right of Habeas Data.
6.2. Inform the data subject of the information, the purpose of the collection, and the rights he/she has by virtue of the authorization. It must be guaranteed that the information provided is fully authorized by the data subject according to the parameters established by law. interpretingCO is committed to respecting the conditions of information security and privacy.
6. 3. Ensure that the information provided to interpretingCO is true, complete, accurate, current, verifiable, or understandable.
6. 4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, or unauthorized or fraudulent use or access.
6. 5. Request and keep a copy of the respective authorization granted by the data subject, following the guidelines of the law.
6. 6. Update, rectify, or delete data in a timely manner and in accordance with the terms of the law.
6. 7. Update the information reported by the Party Responsible for Processing within five (5) business days of receipt.
6. 8. Inform the data protection authority when there are violations of the security codes and risks in the administration of the information.
6. 9. Process the queries and claims formulated by the data subjects in the terms indicated in this Manual and in the law regarding the information that was granted to interpretingCO.
6. 10. Adopt an internal manual of policies and procedures to ensure proper compliance with the law and, in particular, to attend to inquiries and complaints from the Data Subjects. interpretingCO complies with this obligation with the enactment of the following manual.
6. 11. Refrain from circulating information that is being disputed by the Data subject and whose blocking has been ordered by the Superintendence of Industry and Commerce or by another competent authority.
6. 12. Allow access to information only to those who are permitted to access it.
6. 13. Comply with the instructions or requirements given by the Superintendence of Industry and Commerce.
6. 14. Release personal data to the authorities upon verification of the legality of the request and the relevance of the requested data held by interpretingCO. The delivery of the requested personal information shall be documented, providing that it complies with all its attributes (authenticity, reliability, and integrity). The officer who makes the request, the individual who receives it, as well as the entity for which these individuals work must be notified of the duty to protect this data. The authority that requires the personal information shall be notified of the security measures that apply to the personal data provided and the risks involved in its improper use and inappropriate processing.
7. Area responsible for the data processing policy
Any request, complaint, or claim related to the processing of personal data, in enforcement of the regulations in force, Law 1580 of 2012 and Decree 1377 of 2013, should be sent to:
Address: Calle 25 # 24A – 16, Of 1507, Edif. Twins Bay, Cartagena, Colombia
Phone: 605 6421781
E-mail: hola@interpretingCO.com
8. Data protection processing procedure
Any request, complaint, or claim related to the processing of personal information must be made in writing or by e-mail and must include at least the following information.
- Identification of the data subject, where the right over the information is accredited.
- Full name
- Identification number and photocopy
- Address
- Phone
- E-mail address
- Description of the facts giving rise to the claim
- Documentation that serves as proof of the facts
If the claim is incomplete, the interested party will be required to correct the faults within the following five (5) business days. If the interested party does not appear within the month following the request, it will be understood that he/she has abandoned the claim.
InterpretingCO shall respond to the request within fifteen (15) working days from the day following receipt of the request, complaint, or claim. When it is not possible to comply with the request within the aforementioned period, the interested party will be informed of the reasons for the delay and the date on which the request will be answered.
9. Processing of Personal Data
The operations that constitute the processing of personal data by interpretingCO, as the responsible party, shall be governed by the following parameters.
Third parties in contracting processes who have a relationship with interpretingCO and access, use, process, and/or store personal data of any of those who have a relationship with interpretingCO shall adopt the relevant provisions of this manual, as well as the measures that interpretingCO considers relevant according to the type of personal data processed.
For this purpose, the respective verification provision will be included in the contract or document that legitimizes the relationship where the authorization will be requested. Additionally, the requested data will be verified and monitored to ensure that it is necessary, relevant, and not excessive with respect to the purpose of the processing.
In relation to the processing of personal data of the community in general, the collection of data will be subject to the provisions contained in this document, with prior authorization from data subjects so they might enjoy the rights contained in the manual.
In each of the cases described above, the departments of the organization that carry out business processes involving personal data must consider the formulation of rules and procedures in their action strategies to comply with and enforce the provisions adopted herein, in addition to preventing possible legal sanctions.
9. Processing of Personal Data
The operations that constitute the processing of personal data by interpretingCO, as the responsible party, shall be governed by the following parameters.
Third parties in contracting processes who have a relationship with interpretingCO and access, use, process, and/or store personal data of any of those who have a relationship with interpretingCO shall adopt the relevant provisions of this manual, as well as the measures that interpretingCO considers relevant according to the type of personal data processed.
For this purpose, the respective verification provision will be included in the contract or document that legitimizes the relationship where the authorization will be requested. Additionally, the requested data will be verified and monitored to ensure that it is necessary, relevant, and not excessive with respect to the purpose of the processing.
In relation to the processing of personal data of the community in general, the collection of data will be subject to the provisions contained in this document, with prior authorization from data subjects so they might enjoy the rights contained in the manual.
In each of the cases described above, the departments of the organization that carry out business processes involving personal data must consider the formulation of rules and procedures in their action strategies to comply with and enforce the provisions adopted herein, in addition to preventing possible legal sanctions.
10. Prohibitions
10. 1. InterpretingCO prohibits access, use, management, transfer, communication, storage, and any other processing of sensitive personal data without authorization from the data subject of the personal data and interpretingCO.
10. 2. InterpretingCO prohibits the recipients of this policy from processing personal data that may give rise to any of the behaviors described in the data protection law 1273 of 2009, unless authorized by the data subject and/or the interpretingCO, as the case may be.
11. Roles and Responsibilities in Personal Data Protection Compliance
The responsibility for the proper treatment of personal data within interpretingCO is the responsibility of all members.
Consequently, within each department that handles business processes involving the processing of personal data and given interpretingCO employees’ status as custodians of personal information, each must abide by the rules and procedures for the application of and compliance with the Manual.
For more information, please send an e-mail to hola@interpretingCO.com to process the request.
12. Temporality of Personal Data
The processing of personal data carried out by interpretingCO and the time for which this data will be held will be determined by the purpose of such processing. Consequently, once the purpose for which the data was collected has been exhausted, interpretingCO will proceed to destroy or return the data, as the case may be, or keep it according to the provisions of the law, adopting technical measures to prevent inappropriate processing.
13. Sanctions
The sanctions regime will be that contained in Article 23 of Law 1581 of 2012, where the risks assumed by an improper processing of personal data are materialized.
“ARTICLE 23. Sanctions. The Superintendence of Industry and Commerce may impose the following sanctions on Parties Responsible for Processing [Data] and Parties In Charge of Processing [Data]:“(a) Fines of a personal and institutional nature up to the equivalent of two thousand (2,000) legal monthly minimum salaries in force at the time of the imposition of the sanction. Fines may be successive as long as the breach that gave rise to them continues.
“(b) Suspension of Processing-related activities for a term of up to six (6) months. The act of suspension shall indicate the corrective measures to be adopted.
“c) Temporary closure of the operations related to the Processing once the term of suspension has elapsed without the corrective measures ordered by the Superintendence of Industry and Commerce having been adopted.
“(d) Immediate and definitive closure of the operation involving the Processing of sensitive data.”
The notification of any investigation procedure, by any authority related to the processing of personal data, must be immediately communicated to interpretingCO in order to take the necessary defense measures.
14. Validity of the Data Policy
InterpretingCO‘s personal information protection policy will be in effect from January 15, 2020, until its termination.
Any modifications to the same shall be made at the discretion of interpretingCO, being clear that these must be in accordance with the law.
The information collected by interpretingCO will be kept indefinitely as long as it serves a purpose and as long as it is necessary to ensure compliance with legal, labor, and accounting obligations. This does not affect the data subject’s right to request its removal, as long as it does not go against interpretingCO‘s own obligations. This is in accordance with the rights of the data subject.
