1. General information.
AMESE association, hereinafter called the Association, a non profit organization constituted according to Colombian law (NIT 900.076.383-7) with its head office based at Bogotá, D.C (Calle 95#13-55 of. 304, phone number:+571 6103912-6232945, is an organization fully comitted with privacy rights and any kind of information related with people and their identity data (personal information), to it can get acces during any of its commerce development,
The present Information Treatment Policy of the Association (the “Policy”) is addressed to business partners, suppliers, customers, workers, collaborators, contractors and, in general, to any person whose Personal Data is being or will be treated by the Association (the "Owners"), and is intended to guarantee the rights of the Owners; publicize the mechanisms and procedures to enforce those rights; inform who is in charge within the Association to attend the queries, questions, claims and complaints, and, finally, to announce what are the purposes and the Treatments (as defined below) to which the Personal Data will be submitted in the development of the commercial activities of the Association.
The Policy will be applied to third parties with whom the Association eventually signs Transmission contracts (as defined below), so that such third parties know the obligations that will apply to them, the purposes to which they must be submitted and the standards of security and confidentiality that they must adopt when they carry out the Treatment on behalf of the Association.
3. Contract terms
It is in fact the organized set of Personal Data that is the object of Treatment, electronic or not, whatever the modality of its training, storage, organization and access.
En todo Tratamiento realizado por la Asociación, los responsables, encargados y/o terceros a quienes se les transfieran y/o transmitan
Datos Personales, se dará cumplimiento a los principios establecidos en la Ley y en esta Política, con el fin de garantizar el derecho al habeas data de los Titulares. Estos principios son:
5. Sorts of personal data and how do we to collect them
The Association obtains Personal Data and information that does not allow individualization of the individual, and processes the information that might come from the combination of these two types of data, as joint information.
The association obtains and processes the following categories considered personal data:
• Information obtained from register of new contractors, including but not limited to name and lastname, address, email, phone number, fax number, among other contact information.
• Register information given by the web visitors as well as the other social media accounts of the Association including but not limited
to full name, id number, phone number and email address.
• Information from the employees and collaborators, including but not limited to full name, address, country of origin, gender, email, phone number, and/or fax number.
• Information of clients and/or potential clients given by theirselves for example when they are requiring prices of our products or services including but not limited to full name, name of the business they are requiring the information, including but not limited to full name, address, email, phone number, fax number.
• Information obtained by the registration of new patients and donors, including but not limited to full name, address, email, phone number and fax number.
6. Treatment and storage of the information.
Personal data might be saved in Colombia as well as overseas. This Personal data storage could be in hands of a third party, whom
might be in a different country other than Colombia; in any case, the Association will guard the personal data and the guaranties according to the present policy draft and by the law.
7. Personal data and purposes.
The Association, in the course of its commercial activities, will collect, use, manage, store, analyze, index, segment, perform profiles, summarize, process, transmit, transfer and carry out different operations related to Personal Data. In accordance with the above, the Personal Data processed by the Association must be
submitted only to the purposes indicated below or those accepted by the Holders at the time of the collection of the Personal Data. Likewise, the Managers or third parties that have access to the Personal Data under the Law, contract or other binding document, will perform the Treatment for the achievement of the following purposes:
8. Holders rights
9. Sensitive data
The Authorization for the Treatment of Sensitive Data is optional and optional for the Holder, so that no activity will be restricted or conditioned to the supply of the same, so that the Holder may not authorize the Treatment of his Sensitive Data and the Association will respect that decision.
10. Personal data regarding minors.
The Treatment of Personal Data of children and adolescents by the Association may only be done in compliance with the provisions of article 7 of Law 1581 of 2012 and other concordant or replacing regulations, and subject to the requirements established by the applicable regulations.
When handling personal data of minors the dispositions are as follows:
• Notification to the parents (or legal guardian) about the practices that the Association implements regarding Personal Data of children and adolescents, including the types of Personal Data
that will be collected, the forms of Treatment, the purposes that will be pursued with the Treatment and if the Information will be shared and to whom.
• The Association will obtain the authorization of minors and their parents orguardians to carry out the Processing of Personal Data storage.
• The Association will only require strictly the necessary information of minors to be collected or processed, according to the respective purpose that is intended to be achieved for.
• Parents will have the prerogative to access or the possibility of requesting access to the Personal Data of children and adolescents, as well as the possibility of requesting that they can be changed or deleted.
All data handling must be preceded by obtaining the Authorization. Furthermore, the Association, its workers and Authorized third parties must refrain from collecting and processing Personal Data
12. Personal Data Protection
In the event of petitions, Complaints and Claims related to Personal Data, if it is for suppliers and customers, it will be the person in charge of the Financial Department also the are the personnel responsible for Human Resources, the one whom specifically will process the claims regarding Personnel data according to the Law, the Manual and this Policy. Some of the responsibilities of dependence are as follows:
• Address and receive all requests from the Holders, process and respond to requests such as:
(i) Data update requests;
(ii) Data knowledge requests;
(iii) Data suppression requests
(iv) Data Withdraw requests, when available;
(v) Data treatment and privacy policies requests;
(vi) Data purposes requests; and
(vii) Proof of the authorization granted by law when required.
• Respond to the Holders about those requests that do not proceed in accordance with the Law.
• To assure to the holders their data protection by policy.
• To keep as a top priority a good practice regarding personal data handling and storage inside the Association.
• To keep the record of every database managed by the Association in the national database system and to keep it updated.
Contact data are as follows:
13. Procedures to demand holders rights
The Association has different channels for the holder, representative, or legal guardian in the minors case can effectively access or ask about any other subjects such as:
• ¿Which personal data has had the association on its database?
• ¿What treatment policy is applied to the collected data?
¿What are the purposes of collecting such data?
This tools could be either by the phone, written or at the office by the very own holders, in any case the Association will keep a record of the request.
Before giving answer to the request the responsible in charge will check:
a) The identity of the Holder or the Legitimate. For this purpose, the association will require the citizenship card or any original identification document of the Holder and the warrant, as the case may be.
b) The Authorization or contract with third parties to support the collected data by the Association.
If the holder has the capacity to formulate the consultation, the person in charge of attending it will gather all the information about the Holder that is contained in the individual record of that person
or that is linked to the identification of the Holder within the Association's Databases. Once the information is collected, it will be provided to the Holder so that he has access and can know it.
The person in charge of attending the consultation will respond to the applicant as long as the latter has the right to do so because they are the Holder of the Personal Data, Legitimized, or the legal responsible in the case of minors. This response will be sent within ten (10) business days from the date on which the request was received by the Association. In the event that the request cannot be answered within ten (10) business days, the applicant will be contacted to inform him of the reasons why the status of his application is being processed and indicating the date on which the consultation will be attended, which in no case may exceed five (05) business days following the expiration of the first term. For this, the same or similar means will be used to which the query was presented.
The final response to all requests may not take more than fifteen (15) business days from the date on which the initial request was received by the Association.
Even when the applicant does not have the capacity to lodge the consultation, the Association will have to inform the applicant of this circumstance and respond within the terms established above.
The Association will have mechanisms for the Holder, Legitimates or representatives of Minors Holders, to make CLAIMS regarding:
• Personal data handled by the association in case of update, suppression or correction;
• The alleged breach of some of the duties of the Association Legal obligations.
These mechanisms may be physically done by the holder, or by electromagnetic means, such as procedures through e-mail or telephone calls made to call centers responsible for receiving requests, complaints and claims. Whatever the case, the Association will keep a record of the query and its response.
The Holder, the Legitimates, or their representatives must fill the CLAIM, in case the Holder is a minor, thus:
• Should go directly to the Association head offices: Calle 95#13-55 office 304, or through email firstname.lastname@example.org if it is a contractor or associate, email@example.com if it is Association staff.
• The claim must have full name and id number.
• The claim must have a brief with the reasons why is there a nonconformity and what the pretentions are of what it is required (update, correction or deletion, or compliance with obligations).
• It must indicate the address and contact details and identification of the claimant (holder).
• It must have support documentation if there is any document or proof of any kind.
If the claim or additional documentation is incomplete, the Association will require the claimant only once within five (05) days following receipt of the claim to complete it or fix the failures. If the claimant does not submit the required documentation and information within two (02) months following the date of the initial claim, it will be taken as if the claim is withdrawn.
Once the claim has been received with the complete documentation, it will be included in the Association Database where the Personal Data of the Holder labeled with a “claim in process” pin, and the reason for it, in a term no longer to two (02) business days. This label must be kept on until the claim is decided.
The maximum term to solve the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which under no circumstances may exceed eight (08) business days following the expiration of the first given period.
The Association will keep proof of the consultation, the complaint and your response in case your subsequent consultation is necessary.
This Policy will be effectively applied from July 2, 2019. The Personal Data that is stored, used or transmitted will remain in the Association's Database, based on the temporality criteria, for as long as it is necessary to comply with the purposes mentioned in
this Policy, for which they were collected. Thus, the validity of the Database is closely related to the purposes for which the Personal Data were collected.
This Policy may be modified from time to time by the Association and will be part of the contracts entered into by the Association, where appropriate. Any substantial modification of this Policy will have to be previously communicated to the Holders through efficient mechanisms, such as the Association's website and / or emails. Substantial modification means, among others, the following situations:
a) Modification in the identification of the area, dependency or person in charge of attending the queries and complaints.
b) Obvious modification of the purposes that may affect the Authorization. In this case, the Association will seek a new Authorization. The modifications will be informed on the website of the Association and / or by email that will be sent to the Personal Data Holders, as long as the Association has that information.
The modifications will be informed on the Association's website and / or by email that will be sent to the Personal Data Holders, as long as the Association has that information in their possession.