ISA/III OC S.A.S • Nit. 900.906.452-1

1. INTRODUCTION

This document contains the parameters and conditions under which the Data Controller will manage the collection, treatment, custody and destruction of the Personal Data that it will learn about in the development of its corporate purpose, as well as the policies and procedures for the Holders to know, update or rectify your Personal Data.

2. DEFINITIONS

For the purposes of this document, the terms with initial capital letters used will have the meaning attributed to them below:

2.1. Shareholder: Legal person holding shares in the Company.
2.2. Databases: Organized set of personal data that is subject to Treatment.
2.3. Customers: Natural or Legal Person with whom the entity has a network use contract.
2.4. Personal information: Any information linked or that may be associated with one or more determined or determinable natural persons and their Sensitive Personal Data when required.
2.5. Sensitive Personal Data: Are those Personal Data that affect the privacy of the Holder or whose improper use can generate discrimination such as racial or ethnic origin, political orientation, religious convictions, membership of unions, social organizations, political parties, sexual orientation and biometric data.
2.6. Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of Personal Data on behalf of the Responsible for the Treatment.
2.7. Officials or Candidates: (*)That natural person working with the entity or in the selection process. (*)
2.8. Providers: Natural or Legal Person that provides services to the company by virtue of a civil or commercial contractual relationship.
2.9. Responsible for the Treatment or Responsible: Natural or legal person, public or private, that by itself or in association with others, decides on the Database and / or the Treatment of Personal Data.
2.10. Holder: Natural person whose Personal Data is subject to Treatment.
2.11. Processing: Any operation or set of operations on Personal Data, such as collection, custody, use, circulation, destruction, transfer, transmission, etc..
2.12. Transfer: This takes place when the Responsible and / or Person in Charge of Treatment, located in Colombia, sends information to a recipient who in turn is Responsible for the treatment and is inside or outside the country.
2.13. Transmission: It is the processing of Personal Data that implies the communication of the same within or outside the Territory of the Republic of Colombia when it is intended to carry out a treatment by the Manager on behalf of the Responsible Party.
2.14. Visitors: Natural person who accesses the company's facilities.

3. RESPONSIBLE FOR THE PROCESSING OF THE INFORMATION

The Data Controller will be ISA/III OC SAS, a commercial company, legally constituted in Colombia, identified with NIT 900.906.452-1, mainly dedicated to commercial activities that allow the carrying out of any commercial or civil activity that is tendered and for this purpose it may celebrate any act, contract or agreement of a civil, commercial, financial, labor nature, among others that allows the optimization of its corporate purpose.

Address: Calle 10 No. 93 A – 57 Apto 301 Bogotá
commutator: (+45) 424 37 793
Email: This email address is being protected from spambots. You need JavaScript enabled to view it. www.isaiiioc.com

4. PURPOSES OF THE PROCESSING OF PERSONAL DATA

The Personal Data that the Responsible person collects, receives, registers, stores, custody, conserves, reports, consults, uses, delivers, shares, circulates, modifies, transfers, transmits, eliminates and deletes, will be used for the following purposes according to the link that the Holder has with the Responsible for the treatment.

4.1. CUSTOMERS
4.1.1 Validation of the information provided at the time of linking.
4.1.2 For statistical purposes, administrative, financial and accounting processes.
4.1.3 Circulation between the companies and / or third parties that participate in the commercial and / or contractual relationship, domiciled in Colombia or outside the country. (*)
4.1.4 Sending of information to Control Bodies.
4.1.5 Storage in servers or repositories of ISA / III OC S.A.S or of third parties located in Colombia or outside the country. (*)
4.2 OFFICIALS OR CANDIDATES. (*)
4.2.1 Carry out interviews and receive the documentation required to outline the position.
4.2.2 Validation of the information provided at the time of linking.
4.2.3 For statistical purposes, payroll, financial and accounting administrative processes.
4.2.4 Payroll payment and discounts that are authorized by the Owner of the information.
4.2.5 Make evaluations in the performance of the position and as well as compliance with the goals and regulations of the Entity.
4.2.6 Request for medical examinations and safety study with the entity designated for this purpose.
4.2.7 Circulation between the companies and / or third parties that participate in the commercial and / or contractual relationship, domiciled in Colombia or outside the country. (*)
4.2.8 Affiliation to the General System of Social Security and Occupational Health, as well as the linking of beneficiaries and other obligations concerning the Responsible in his capacity as Employer.
4.2.9 Sending of information to Control Bodies.
4.2.10 Storage in servers or repositories of ISA / III OC S.A.S. or of third parties located in Colombia or outside the country. (*)
4.3 SUPPLIERS.
4.3.1 Management of risks inherent to the commercial relationship established with the Information Holder, such as Operational Risk and Money Laundering and Terrorism Financing.
4.3.2 For statistical purposes, administrative, financial and accounting processes.
4.3.3 Billing processes.
4.3.4 Circulation between the companies and / or third parties that participate in the commercial and / or contractual relationship, domiciled in Colombia or outside the country (*).
4.3.5 Evaluation of the fulfillment of the obligations acquired with the Company.
4.3.6 Contact you through phone calls, visits or written communications sent by any means, related to the existing commercial and / or contractual relationship and in accordance with current regulations and applicable to the activity of Authorized Persons.
4.3.7 Sending of information to Control Bodies.
4.3.8 Storage in servers or repositories of ISA / III OC S.A or of third parties located in Colombia or outside the country. (*)
4.4 VISITORS
4.4.1 Security of the company's assets and / or people.
4.4.2 Sending of information to Control Bodies.
4.4.3 For statistical purposes.
4.5 SHAREHOLDERS.
4.5.1 Dividend payment.
4.5.2 Risk Management of Money Laundering and Terrorism Financing.
4.5.3 Sending of information to Control Bodies.
4.5.4 Sending of information and communications regarding the company.
4.5.5 Make presentations to entities of the private or public sector in development of the corporate purpose of the entity.
4.5.6 Storage in servers or repositories of ISA / III OC S.A.S or of third parties located in Colombia or outside the country. (*)
4.5.7 Circulation between the companies and / or third parties that participate in the commercial and / or contractual relationship, domiciled in Colombia or outside the country (*).
4.5.8 Make presentations to entities of the private or public sector in development of the corporate purpose of the entity.

5. RIGHTS OF THE HOLDERS

5.1 Know, update and rectify your personal data in front of the Responsible and in Charge of Treatment. This right may be exercised, among others, in the face of partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized..
5.2 Request proof of the authorization granted to the Responsible and in Charge of Treatment, except when expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of Law 1581.
5.3 Be informed by the Treatment Manager and Treatment Manager, upon request, regarding the use that has been given to the Owner's personal data.
5.4 Present before the Superintendency of Industry and Commerce complaints for infractions to the provisions of Law 1581 and other regulations that modify, add or complement it.
5.5 Revoke the authorization and / or request the deletion of personal data when in the Treatment the principles, rights and constitutional and legal guarantees are not respected. The revocation and / or deletion will proceed when the Superintendency of Industry and Commerce has determined that in the Treatment the Responsible or Person in Charge have incurred in conduct contrary to Law 1581 and the Constitution.
5.6 Free access to your personal data that have been subject to Treatment.

6. SENSITIVE DATA

The Holder has the right to choose not to provide any sensitive information requested by the Responsible, related, among others, to data on their racial or ethnic origin, membership in unions, social or human rights organizations, political, religious, or religious beliefs. sex life, biometrics or health data.

7. INFORMATION ON MINORS

The provision of the Personal Data of minors is optional and must be done with the authorization of the parents or legal representatives of the minor.

8. HOLDER'S AUTHORIZATION

Without prejudice to the exceptions provided by law, the Treatment requires the prior, express and informed authorization of the Holder, which must be obtained by any means that may be subject to subsequent consultation and verification.

9. CASES IN WHICH AUTHORIZATION IS NOT REQUIRED

The authorization of the Holder will not be necessary in the case of:
9.1 Data of a public nature.
9.2 Cases of medical or health emergency.
9.3 Processing of information authorized by law for historical, statistical or scientific purposes.
9.4 Data related to the Civil Registry of Persons.

10. ATTENTION OF REQUESTS, CONSULTATIONS AND CLAIMS

To make requests, queries or claims in order to exercise the rights to know, update, rectify, delete the data or revoke the authorization granted, the Owner or his successors in title can use any of the following communication channels:

Physical address: Calle 10 No.93 A – 57 Apto. 301 Bogotá
Conmutator: (+45) 424 37 793
Email: This email address is being protected from spambots. You need JavaScript enabled to view it. www.isaiiioc.com
Responsable: Legal Director

11. MODIFICATIONS:

This data treatment policy may be modified by ISA / III OC S.A.S; when necessary and without prior notification provided that such modifications do not involve substantial matters. In the event that the changes concern substantial aspects, each of the Holders of the personal data will be notified in advance..

12. VALIDITY:

This policy for the Treatment of Personal Data applies as of November 25, 2020. The databases in which the personal data will be registered will have a validity equal to the time that the information is kept and used for the purposes described in the politics. Once these purposes are fulfilled and as long as there is no legal or contractual duty to keep your information, your data will be deleted from our database. The personal data provided will be kept as long as the deletion is not requested by the interested party and as long as there is no legal duty to keep them. The personal data provided is kept for the period necessary to fulfill the activity that is the object of the contract between ISA / III OC S.A.S. and the Owner in accordance with the provisions of this policy and the authorization granted by the Owner.