PRIVACY POLICY STATEMENT

1. General information.

La ASOCIACIÓN AMESE, apoyo a mujeres con enfermedades del seno (la “Asociación”), entidad sin ánimo de lucro constituida y existente conforme a las leyes de la República de Colombia, con NIT 900.076.383-7 domiciliada en Bogotá, D.C., con oficinas principales en Calle 95#13-55 off. 304, teléfono 6103912-6232945, es una entidad comprometida con la protección de la privacidad y de toda información que pueda asociarse o relacionarse con personas naturales determinadas o determinables (los “Datos Personales”), a la cual tenga acceso en el desarrollo de sus actividades mercantiles. 

En este sentido, la Asociación recibe, recolecta, utiliza, administra, procesa, analiza, segmenta, indexa, perfila, transmite, transfiere, compendia, anonimiza, almacena y, en general, procesa Datos Personales tales, como los de identificación (nombre, cédula, edad, género), de contacto (teléfono, correo electrónico, dirección), de preferencias de consumo, de visitas y de comportamiento en internet e información financiera, entre otros, información que podrá ser obtenida en el curso y para la realización de sus actividades mercantiles.

2. Aplication

The present Information Treatment Policy of the Association (the “Policy”) is addressed to business partners, suppliers, customers, workers, collaborators, contractors and, in general, to any person whose Personal Data is being or will be treated by the Association (the "Owners"), and is intended to guarantee the rights of the Owners; publicize the mechanisms and procedures to enforce those rights; inform who is in charge within the Association to attend the queries, questions, claims and complaints, and, finally, to announce what are the purposes and the Treatments (as defined below) to which the Personal Data will be submitted in the development of the commercial activities of the Association.

This Policy will be applied to any Treatment carried out within the territory of the Republic of Colombia by the Association, its workers and, where appropriate, by those third parties with whom the Association agrees all or part of the performance of any activity related to, or in development of, the Processing of Personal Data for which the Association is Responsible (as defined below).

The Policy will be applied to third parties with whom the Association eventually signs Transmission contracts (as defined below), so that such third parties know the obligations that will apply to them, the purposes to which they must be submitted and the standards of security and confidentiality that they must adopt when they carry out the Treatment on behalf of the Association.

3. Contract terms

Words and terms that are in parentheses, underlined and written with initial capital letters in this Policy will have the meaning given to them before parentheses. Undefined terms will have the meaning

that the law or jurisprudence applicable in Colombia grants them. Despite the foregoing, the most relevant terms of this Policy are defined below:

Term
Definition
Autorization

It is the prior, express and informed consent of the Holder to carry out the Treatment.

Authorized personnel

It is the Association and every person under the responsibility of the Association that by virtue of the Authorization and this Policy, have legitimacy to carry out the Treatment.

Form of Autorization

It is the verbal or written communication generated by the Responsible, be it the Association or a third party, addressed to the Holder, through which their prior, express and informed consent is obtained, as long as they are informed about the existence of the Policy (according to defined below), how to access it, your rights, the contact details of the person responsible for the Treatment and the purposes thereof.

Data Base

It is in fact the organized set of Personal Data that is the object of Treatment, electronic or not, whatever the modality of its training, storage, organization and access.

Personal information

It is information of any kind, linked or not, that can be associated with one or several determined or determinable natural persons, such as identification data (name, ID, age, gender), contact information (telephone, email, address), of consumption preferences, visits and behavior on the internet, financial information and other data.

Públic data

Means the Personal Data qualified as such according to the law and the Constitution also comprehend that information which is not semi-private, private or sensitive. Public data, among others, are the data related to the marital status of people, their profession or trade, their status as merchant or public servant and those that can be obtained without reservation. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official gazettes, duly enforced judicial sentences that are not subject to reservation.

Sensitive information

It is the Personal Data that could affect the privacy of the Holder with those personal details considered private which improper use could generate their discrimination, such as those that reveal union affiliations, racial or ethnic origin, political orientation, religious, moral or philosophical convictions, union membership , social, human rights organizations or any of those that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life, and biometric data.

Personnel in charge

It is the natural or legal person, public or private, that by itself or in association with others, performs the Treatment on behalf of the Responsible.

Legitimized

Those whom can exercise the rights of the Holder, such as the same Holder, their successors, representatives and such and those who, by stipulation in favor of another or for another, are accredited, provided they can prove their condition.

Law

It is the legal frame, Law 1581 of 2012, Decree 1377 of 2013 (25, Title 2, Part 2, Book 2 of Decree 1074 of 2015), Constitutional court ruling C-748 of 2011, the jurisprudence of the Constitutional Court stablished to personal data that It sets precedents and any regulation issued by the competent authorities regulating the legal precepts, which are in force at the time the Treatment begins by the Association, as said Law is modified from time to time and those modifications applies to the Treatment performed by the Association.

Manual

It is the document in which the policies and procedures to ensure proper compliance with the Law are consigned.

Policy

It is this actual document, in which the policy of treatment of the information required by the Law is consigned and that contains the orientations and guidelines in relation to the protection of personal data and that includes, among other things, (i) full identification of the Responsible (name, business name, address, address, email and telephone); (ii) the forms of Treatment; (iii) the purposes of this document; (iv) the rights of the Owners; (v) the procedures for inquiries, claims and complaints and for the exercise of the rights that are in the head of the Holders, and (vi) the person or agency responsible for attending all the inquiries of the Holders.

Responsable

It is every person who is the recipient of this Policy and subject to compliance with it for carrying out Treatment activities on behalf of and on their own.

Holder

It is the natural person to whom the Personal Data belongs, whose information may be placed in a Database for habeas data purposes.

Transfer, to transfer

It is the Treatment that involves sending the information or Personal Data to a recipient, who is Responsible and is located outside or within the territory of the Republic of Colombia. In the Transfer, the recipient will act as Responsible and will not be subject to the terms and conditions of this Policy.

Transmission

It is the Treatment that involves the communication of Personal Data inside or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Person in Charge on behalf of the Responsible. In the Transmission the receiver will act as Manager and will be subject to the Policy or to the terms established in the contract through which the Transmission is instructed.

Treatment

It is any operation and systematic procedure, electronic or not, even through tools such as web bugs, cookies, spiders, web crawlers and web beacons, which allows the collection, conservation, ordering, storage, modification, indexing, profiling, relationship, use , circulation, analysis, segmentation, anonymization, compendium, evaluation, blocking, destruction and, in general, the processing of Personal Data, as well as its delivery to third parties through communications, consultations, interconnections, assignments, data messages and others means that serve the purpose.

4. Principios

En todo Tratamiento realizado por la Asociación, los responsables, encargados y/o terceros a quienes se les transfieran y/o transmitan

Datos Personales, se dará cumplimiento a los principios establecidos en la Ley y en esta Política, con el fin de garantizar el derecho al habeas data de los Titulares. Estos principios son:

Principles
Definition
Restricted access

The Association may not make Personal Data available for access through the Internet or other means of communication, unless technical and security measures are established to control access and restrict it only to Authorized personnel.

Restricted storage

Personal Data can only be processed by those Association staff who have authorization for it in accordance with the provisions of this, or who within their functions are responsible for carrying out such activities. Personal Data may not be delivered to third parties, inside or outside the territory of the Republic of Colombia, without the Authorization or without the signing of a contract, in case there is Transmission.

Confidentiality

The Treatment must be submitted to strict confidentiality requirements and, therefore, the people who intervene in it, must keep the reservation of the information, even after the event that was the main reason to the Treatment has been terminated.

Consent

The data handling requires Authorization, by all means, that those protocols must be able to confirm it even in further consultation, including through unequivocal methods, as established by Law.

Sensitive data and due diligence

Sensitive data collected during the Association operations must be handled with due diligence in order to protect and preserve its integrity and safety.

Purpose

Every activity regarding private data must be according to its legitimate purposes metioned and detailed in this policy contract, which also must be informed to he holder before sign in the informed consent.

Integrity

The Personal Data submitted to Treatment must be true, complete, accurate, updated, verifiable and understandable. When it is in the possession of partial, incomplete, fractional or misleading Personal Data, the Association must refrain from processing them or requesting the Holder to complete or correct the information. The Association must make its best efforts to maintain the integrity of the Personal Data that is contained in its Databases and the veracity of the same, implementing measures to verify and update the Personal Data.

Safety

To carry on with the data treatment, the Association must have the necessary technical and human security measures in order to maintain the confidentiality and security of Personal Data. The foregoing in order to prevent personal data from being adulterated, modified, consulted, used, accessed, deleted or known by unauthorized third parties. The Association will adjust the Processing of Personal Data to the security standards that will be regulated by the competent authorities in the future.

Data Clasification

The Association will maintain separately the Databases in which it has the quality of Manager, from those in which it has the status of Responsible.

Temporality

The Association will not use the Personal Data beyond the reasonable period required by the purpose that was informed to the respective holder and will apply measures aimed at guaranteeing the deletion of the Personal Data when they cease to fulfill the purpose for which they were collected.

Clean Hands

In any event that the Holder requests it, the Association must give the information about the existence of Personal Data that concerns them or any other kind of information that could be Legitimized to request. The response to the eventual request must be granted by the same means or, at least, by a similar mean to that used by the Holder to request information and within the terms established by Law.

Effects in time

All Personal Data that is not Public Data must be treated by the Responsible as confidential and under the safety protocols given by the Superintendence of Industry and Commerce (national authority). Upon termination of such binding relationship, such Personal Data must continue to be treated in accordance with the Policy, the Manual and the Law.

5. Sorts of personal data and how do we to collect them

The Association obtains Personal Data and information that does not allow individualization of the individual, and processes the information that might come from the combination of these two types of data, as joint information.

The association obtains and processes the following categories considered personal data:

• Information obtained from register of new contractors, including but not limited to name and lastname, address, email, phone number, fax number, among other contact information.
• Register information given by the web visitors as well as the other social media accounts of the Association including but not limited

to full name, id number, phone number and email address.
• Information from the employees and collaborators, including but not limited to full name, address, country of origin, gender, email, phone number, and/or fax number.
• Information of clients and/or potential clients given by theirselves for example when they are requiring prices of our products or services including but not limited to full name, name of the business they are requiring the information, including but not limited to full name, address, email, phone number, fax number.
• Information obtained by the registration of new patients and donors, including but not limited to full name, address, email, phone number and fax number.

6. Treatment and storage of the information.

Personal data might be saved in Colombia as well as overseas. This Personal data storage could be in hands of a third party, whom

might be in a different country other than Colombia; in any case, the Association will guard the personal data and the guaranties according to the present policy draft and by the law.

7. Personal data and purposes.

The Association, in the course of its commercial activities, will collect, use, manage, store, analyze, index, segment, perform profiles, summarize, process, transmit, transfer and carry out different operations related to Personal Data. In accordance with the above, the Personal Data processed by the Association must be 

submitted only to the purposes indicated below or those accepted by the Holders at the time of the collection of the Personal Data. Likewise, the Managers or third parties that have access to the Personal Data under the Law, contract or other binding document, will perform the Treatment for the achievement of the following purposes:

Purposes
I. Purposes for all collected data.
Comply with tax, contractual and legal obligations.
To Protect the rights of the Association, in accordance with legal dispositions.
To Perform the analysis for the control and prevention of fraud and money laundering, including, but not limited to consulting and reporting to restrictive lists and financial risk information centers.
To Complete transactions, to obtain and to be able to have complete billing information
To Send communications and request new authorizations for the Processing of Personal Data.
Transfer, transmit, transfer, share, deliver, and / or disclose Personal Data to third parties, inside and outside the national territory, even to countries that do not provide adequate levels of Personal Data protection.
Statistical and scientific purposes could use personal data, within the framework of the development of research projects of the Association for the generation and impact of public policies and academic studies.

8. Holders rights

According to legal dispositions on the matter, every holder has the right to:
Right
Definition
Actualization

To keep Updated Personal Data collected by the Association to maintain its integrity and veracity.

Knowledge and Acces

To know and to Access to their personal data through association employees or delegated personnel, this Access could be asked once every month for free

Test

Request proof of the Authorization granted to the Association, unless the Law indicates that such Authorization is not necessary or that it has been validated in accordance with the provisions of article 10 of Decree 1377 (article 2.2.2.25.2.7 of Decree 1074 from 2015).

Complains

File complaints before the Superintendence of Industry and Commerce for violations of the Law when the procedural requirement has been exhausted and go to the Association in the first instance.

Validation

Rectify the information and Personal Data collected by the Association.

Withdraw

Request the revocation of the Authorization, as long as there is no legal duty or obligation of a contractual nature in the head of the Holder with the Association, according to which the Holder does not have the right to request the deletion of his Personal Data.

Request

Submit applications to the Association or the Person in Charge regarding the use that they have given to their Personal Data, including the right to have them provide such information.

Suppression

Request the deletion of Personal Data from the Databases of the Association, as long as there is no legal duty or obligation of a contractual nature at the head of the Holder with the Association, according to which the Holder does not have the right to request the Deletion of your Personal Data.

The Holders may exercise their rights given by Law and perform the procedures established in this Policy by presenting their citizenship card or any identification document. Minors may exercise their rights personally or through their parents or adults who hold parental rights, who must prove it through the relevant documentation. Likewise, all the Legitimates may exercise the rights of the Holder by presenting the respective documentation.

9. Sensitive data

In the development of its activities the Association might collect and handle sensitive data including but not limited to:

Sensitive Data
Regarding
Health

Health history, medical charts of workers, collaborators, associates and patients and volunteers of the association.

Sensitive Data will be treated as diligently as possible and with the highest security standards. Limited access to Sensitive Data will be a guiding principle to safeguard their privacy, so that only authorized personnel may have access to that type of information.

The Authorization for the Treatment of Sensitive Data is optional and optional for the Holder, so that no activity will be restricted or conditioned to the supply of the same, so that the Holder may not authorize the Treatment of his Sensitive Data and the Association will respect that decision.

10. Personal data regarding minors.

The Treatment of Personal Data of children and adolescents by the Association may only be done in compliance with the provisions of article 7 of Law 1581 of 2012 and other concordant or replacing regulations, and subject to the requirements established by the applicable regulations.

When handling personal data of minors the dispositions are as follows:

• Notification to the parents (or legal guardian) about the practices that the Association implements regarding Personal Data of children and adolescents, including the types of Personal Data

that will be collected, the forms of Treatment, the purposes that will be pursued with the Treatment and if the Information will be shared and to whom.
• The Association will obtain the authorization of minors and their parents orguardians to carry out the Processing of Personal Data storage.
• The Association will only require strictly the necessary information of minors to be collected or processed, according to the respective purpose that is intended to be achieved for.
• Parents will have the prerogative to access or the possibility of requesting access to the Personal Data of children and adolescents, as well as the possibility of requesting that they can be changed or deleted.

11. Autorization

All data handling must be preceded by obtaining the Authorization. Furthermore, the Association, its workers and Authorized third parties must refrain from collecting and processing Personal Data 

if the Holder has not signed the respective Authorization. In addition, they must keep a copy of the Authorization for future reference.

12. Personal Data Protection

In the event of petitions, Complaints and Claims related to Personal Data, if it is for suppliers and customers, it will be the person in charge of the Financial Department also the are the personnel responsible for Human Resources, the one whom specifically will process the claims regarding Personnel data according to the Law, the Manual and this Policy. Some of the responsibilities of dependence are as follows:

• Address and receive all requests from the Holders, process and respond to requests such as:

(i) Data update requests;
(ii) Data knowledge requests;
(iii) Data suppression requests
(iv) Data Withdraw requests, when available;

(v) Data treatment and privacy policies requests;
(vi) solicitudes de información sobre las finalidades del Tratamiento; y (vii) solicitudes de obtener la prueba de la Autorización otorgada, cuando ella hubiere procedido según la Ley.

• Respond to the Holders about those requests that do not proceed in accordance with the Law.
• To assure to the holders their data protection by policy.
• To keep as a top priority a good practice regarding personal data handling and storage inside the Association.
• To keep the record of every database managed by the Association in the national database system and to keep it updated.

Contact data are as follows:

Contact information of collaborators and or associates
Department and/or person in charge of data protection issues
Administrative department
Address
Calle 95 #13-55 / office 304
Email address
direccion.administartiva@amese.org
Phone number/ land line
310 3912 – 623 2945
Position to the person in charge
Administrative professional
Contact details of the person and / or area in charge for Association staff
Department and/or person in charge of data protection issues
Administrative department
Address
Calle 95 #13-55 / office 304
Email address
subdireccion@amese.org
Phone number/ land line
310 3912 – 623 2945
Position to the person in charge
Assistant manager

13. Procedures to demand holders rights

13.1. Inquiries

The Association has different channels for the holder, representative, or legal guardian in the minors case can effectively access or ask about any other subjects such as:
• ¿Which personal data has had the association on its database?
• ¿What treatment policy is applied to the collected data?
¿What are the purposes of collecting such data?

This tools could be either by the phone, written or at the office by the very own holders, in any case the Association will keep a record of the request.
Before giving answer to the request the responsible in charge will check:

a) The identity of the Holder or the Legitimate. For this purpose, the association will require the citizenship card or any original identification document of the Holder and the warrant, as the case may be.
b) The Authorization or contract with third parties to support the collected data by the Association.

If the holder has the capacity to formulate the consultation, the person in charge of attending it will gather all the information about the Holder that is contained in the individual record of that person

 

or that is linked to the identification of the Holder within the Association's Databases. Once the information is collected, it will be provided to the Holder so that he has access and can know it.

The person in charge of attending the consultation will respond to the applicant as long as the latter has the right to do so because they are the Holder of the Personal Data, Legitimized, or the legal responsible in the case of minors. This response will be sent within ten (10) business days from the date on which the request was received by the Association. In the event that the request cannot be answered within ten (10) business days, the applicant will be contacted to inform him of the reasons why the status of his application is being processed and indicating the date on which the consultation will be attended, which in no case may exceed five (05) business days following the expiration of the first term. For this, the same or similar means will be used to which the query was presented.

The final response to all requests may not take more than fifteen (15) business days from the date on which the initial request was received by the Association.

Even when the applicant does not have the capacity to lodge the consultation, the Association will have to inform the applicant of this circumstance and respond within the terms established above.

13.2. Claims.

The Association will have mechanisms for the Holder, Legitimates or representatives of Minors Holders, to make CLAIMS regarding:

• Personal data handled by the association in case of update, suppression or correction;
• The alleged breach of some of the duties of the Association Legal obligations.

These mechanisms may be physically done by the holder, or by electromagnetic means, such as procedures through e-mail or telephone calls made to call centers responsible for receiving requests, complaints and claims. Whatever the case, the Association will keep a record of the query and its response.

The Holder, the Legitimates, or their representatives must fill the CLAIM, in case the Holder is a minor, thus:

• Should go directly to the Association head offices: Calle 95#13-55 office 304, or through email subdireccion@amese.org if it is a contractor or associate, administartiva@amese.org if it is Association staff.
• The claim must have full name and id number.
• The claim must have a brief with the reasons why is there a nonconformity and what the pretentions are of what it is required (update, correction or deletion, or compliance with obligations).

• It must indicate the address and contact details and identification of the claimant (holder).
• It must have support documentation if there is any document or proof of any kind.

If the claim or additional documentation is incomplete, the Association will require the claimant only once within five (05) days following receipt of the claim to complete it or fix the failures. If the claimant does not submit the required documentation and information within two (02) months following the date of the initial claim, it will be taken as if the claim is withdrawn.

Once the claim has been received with the complete documentation, it will be included in the Association Database where the Personal Data of the Holder labeled with a “claim in process” pin, and the reason for it, in a term no longer to two (02) business days. This label must be kept on until the claim is decided.

The maximum term to solve the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which under no circumstances may exceed eight (08) business days following the expiration of the first given period.

The Association will keep proof of the consultation, the complaint and your response in case your subsequent consultation is necessary.

14. Validity

This Policy will be effectively applied from July 2, 2019. The Personal Data that is stored, used or transmitted will remain in the Association's Database, based on the temporality criteria, for as long as it is necessary to comply with the purposes mentioned in

this Policy, for which they were collected. Thus, the validity of the Database is closely related to the purposes for which the Personal Data were collected.

15. Modifications.

This Policy may be modified from time to time by the Association and will be part of the contracts entered into by the Association, where appropriate. Any substantial modification of this Policy will have to be previously communicated to the Holders through efficient mechanisms, such as the Association's website and / or emails. Substantial modification means, among others, the following situations:

a) Modification in the identification of the area, dependency or person in charge of attending the queries and complaints.

 

b) Obvious modification of the purposes that may affect the Authorization. In this case, the Association will seek a new Authorization. The modifications will be informed on the website of the Association and / or by email that will be sent to the Personal Data Holders, as long as the Association has that information.

The modifications will be informed on the Association's website and / or by email that will be sent to the Personal Data Holders, as long as the Association has that information in their possession.

WhatsApp Contact us now!