Complying with the law 1581 of 2012, Regulatory Decree 1377 of 2013, Sole Regulatory Decree number 1074 of 2015 and the regulations that repeal it modify or complement, IP ACCESS TELECOMUNICACIONES S.A.S. Its purpose is to guarantee an adequate treatment of personal data and inform the owner how the company collects, stores, uses, promotes, suppresses and manages their personal data.
1. REACHThe Personal Data Protection and Protection Policy presented below will be applied to all Databases and / or Files containing personal data and which are the object of treatment by the organization IP ACCESS TELECOMUNICACIONES SAS, whose designee is responsible for the treatment of personal data is the area of OPERATIONS MANAGEMENT
2. ORGANIZATIONAL GUIDELINEThe management of IP ACCESS TELECOMUNICACIONES SAS, where the FINANCIAL AND ADMINISTRATIVE PLANNING area acts as responsible for the personal data stored in the organization, is committed to supporting the continuity processes of the company, assigning qualified managers for the processing of personal data and establishing protection strategies based on effective and efficient risk management. For this purpose, permanent monitoring will be carried out seeking the protection and assurance of the information assets related to the personal data, which allow to maintain and guarantee the integrity, confidentiality and availability of the information, fulfilling the purposes related to the authorizations expressed by the holders of personal data and ensure in this way for the proper implementation of the current regulations.
3. IDENTIFICATION OF THE PERSON RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA Business Name: IP ACCESS TELECOMUNICACIONES S.A.S. Type of Document: NIT Document number: 800.044.547 Nature: Privada Department: Valle del Cauca City: Santiago Cali Address: Avenida 4 N 7N 46 LC 335 BRR CENTENARIO Telephone: (2) 4899445 Mail: jdflorez@ipatelecom.com WEB Site (si aplica): www.ipatelecom.com Name of the Legal Representative: JUAN DIEGO FLOREZ 4. DEFINITIONSArchives: Set of documents kept by the company where personal information is regulated by the Law. Authorization: Prior, express and informed consent of the Holder to carry out the processing of personal data. Privacy notice: Verbal or written communication generated by the person in charge, addressed to the owner for the treatment of personal data, by means of which information is given about the existence of the information treatment policies that will be applicable to them, the way to access these and the purpose of the tartamiento that pretends to give to the personal data. Database: Organized set of personal data that is subject to Treatment. Personal data: Any information linked to or associated with one or several natural persons determined or determinable. When we talk about personal data, we refer to all the information associated with a person that allows their identification. For example, the identity document, place of birth, marital status, age, place of residence, academic, work, or professional career. There is also more sensitive information such as their health status, their physical characteristics, political ideology, sexual life, among other aspects. Private Data: It is the data that due to its intimate or reserved nature is only relevant for the owner of the information. Public Data: It is the data that the law or the Political Constitution determines as such, as well as all those that are not semi-private or private. Sensitive Data: Sensitive data is understood to be those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, union membership, social organizations, of human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties as well as the data related to health, sexual life and biometric data. Semiprivate Data: It is the data that does not have an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but to a certain sector or group of people Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, perform the processing of personal data on behalf of the Treatment Manager. Habeas data: It is the right that every information owner has to know, update, rectify or oppose the information concerning their personal data. Integrity: Characteristic of the assets information that safeguards the accuracy and completeness of these. Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data. Types of data: The provisions on data protection establish data typologies according to the greater or lesser degree of acceptability of the disclosure; These data can be Public, Semiprivate, Private and Sensitive. Owner: Natural person whose personal data is subject to Treatment. Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion. Transfer: The transfer of data takes place when the person in charge and / or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a receiver, who in turn is responsible for the treatment and is inside or outside from the country. Transmission: Treatment of personal data that implies the communication of the same inside or outside the territory of the Republic of Colombia when it has for its object the performance of a treatment by the Manager on behalf of the person in charge. 5. TREATMENT AND PURPOSES OF DATA
You as the owner of personal data, through your prior express and informed consent or through unambiguous conduct, accept that your data is collected, stored, used, circulated, deleted and in general treated for the following purposes.
- Inform about the substantial changes in the information handling policy of IP ACCESS TELECOMUNICACIONES S.A.S.
- Establish controls at the home and / or headquarters of IP ACCESS TELECOMUNICACIONES S.A.S. in order to maintain the security of the physical and logical infrastructure.
- Respond to requests, queries and complaints made through any of the channels made available by IP ACCESS TELECOMUNICACIONES S.A.S., to make effective the exercise of the right of habeas data of the holders of the data.
- Properly manage pre-contractual and commercial, labor, civil and any other contractual relationship derived from compliance with a law or by IP ACCESS TELECOMUNICACIONES S.A.S. and. Confront the personal information provided by the owner with public databases, central and risk prevention systems, specialized companies, references and contacts in order to carry out confirmation activities.
- Confrontar la información personal entregada por el titular con bases de datos públicas, centrales y sistemas de prevención de riesgo, compañías especializadas, referencias y contactos en aras de realizar actividades de confirmación.
- Consult your information in lists for the prevention of money laundering and financing of terrorism.
- Transfer or transmit the personal data to entities and / or judicial and / or administrative authorities, when these are required in relation to their purpose and necessary for the fulfillment of their functions.
- Establish logical and physical access controls to maintain security in the physical infrastructure of the installations and applications of IP ACCESS TELECOMUNICACIONES S.A.S (as applicable). Personal data in the databases and / or files, strictly observing the security and confidentiality duties ordered by Law 1581 of 2012 and Decree 1377 of 2013.
- In the development of the principles of purpose and freedom, the collection of personal data by IP ACCESS TELECOMUNICACIONES SAS (as applicable), will be limited to those personal data that are relevant and appropriate for the original purpose, for which they are collected or required in accordance with current regulations. Except as expressly provided in the Law, personal data may not be collected without the Holder's authorization. IP ACCESS TELECOMMUNICATIONS S.A.S (as applicable).
IP ACCESS TELECOMUNICACIONES S.A.S. has the obligation to maintain the confidentiality of personal data, object of treatment and may only disclose them at the express request of the monitoring and control entities and / or authorities that have the legal power to request it and will allow at any time and free of charge to know, update and correct the personal information of the Holder in accordance with article 8 of Law 1581 of 2012.
6. RIGHTS OF THE PERSONAL DATA HOLDERS As the owner of the personal data, you will have the right to:- Access free of charge the data provided to the organization IP ACCESS TELECOMUNICACIONES S.A.S that have been the object of treatment.
- Know, update and rectify your information in front of those responsible and / or responsible for the treatment; this right may be exercised against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is prohibited or has not been authorized.
- Request proof of the authorization granted to the person responsible for the Treatment, except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012.
- Be informed by the person in charge of the Treatment or the Person in Charge of the Treatment, upon request, regarding the use that has been given to their personal data.
- Be informed by the person in charge of the Treatment or the Person in Charge of the Treatment, upon request, regarding the use that has been given to their personal data.
- Submit a complaint to the Superintendency of Industry and Commerce for infractions of the provisions of Law 1581 of 2012 and the other rules that modify, add or complement it, once the claim process has been exhausted before the person in charge or in charge of processing personal data .
- Request the revocation of the authorization and / or deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees, which will proceed when the Superintendence of Industry and Commerce has determined that the organization IP ACCESS TELECOMUNICACIONES S.A.S. in the treatment has incurred in conduct contrary to the Constitution and current regulations.
The organization IP ACCESS TELECOMUNICACIONES S.A.S., is in charge of the development, implementation, socialization, monitoring and updating of this Policy.
THE MANAGER OF OPERATIONS of the organization IP ACCESS TELECOMUNICACIONES S.A.S, is the one that has been designated by the person in charge of the treatment of the personal data. As a designee, it handles requests, queries, complaints and claims, before which the owner of personal data may exercise his rights to know, update, rectify, delete data and / or revoke the authorization. To this end, all servers and contractors (as applicable) that perform the Processing of Personal Data, are required to transfer to the Head of Financial and Administrative Planning, all responses to requests, complaints or claims received by part of the Personal Data Holders in the times established by law.
8. PROCEDURE FOR THE HOLDERS TO EXERCISE THE RIGHT TO KNOW, UPDATE, RECTIFY AND DELETE INFORMATION AND REVOKE THE AUTHORIZATIONThe Owners of the Personal Data that are being collected, stored, processed, used and transmitted or transferred (as applicable) by the organization IP ACCESS TELECOMUNICACIONES SAS, may at any time exercise their rights to know, update, rectify, delete the data and revoke the authorization; in addition to making the petitions, consultations, complaints and associated claims. For this purpose, the following procedure will be followed, in accordance with the Personal Data Protection Law: Service channels enabled The organization IP ACCESS TELECOMUNICACIONES S.A.S., has arranged the following means for the reception and attention of requests, queries, complaints and claims that allow to keep proof of these:
- Application via email: habeasdata@ipatelecom.com
The Owner or his agent may request the organization IP ACCESS TELECOMUNICACIONES S.A.S., everything described in section 6 of this policy for the treatment and protection of personal data through the related service channels.
- Attention and response to requests, queries, complaints and claims
The Holder or his agent may make requests, queries, complaints and claims using the channels already indicated by the organization IP ACCESS TELECOMUNICACIONES S.A.S. The request must contain at least the description of the facts that give rise to the request, consultation, complaint and / or claim, the address and contact details of the owner and / or agent, as appropriate and the respective documents supporting the ownership of the applicant and / or his agent.
If the petition, inquiry, complaint and / or complaint are incomplete, the organization IP ACCESS TELECOMUNICACIONES S.A.S., must request the interested party within five (5) days after receiving it to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the request, consultation, complaint and / or claim has been abandoned.
The unit that receives the request, consultation, complaint and / or claim, will transfer to the Office of Financial and Administrative Planning of the organization IP ACCESS TELECOMUNICACIONES SAS, so that within a maximum term of two (2) working days it will be informed of what happened to the interested The petitions, consultations, complaints and claims will be answered within a maximum term of ten (10) working days from the date of receipt of the same. When it is not possible to attend within that term, the interested party will be informed, stating the reasons for the delay and indicating when their request, inquiry, complaint and / or claim will be addressed, which in no case may exceed five (5) days Skillful following the expiration of the first term.
9. REQUIREMENTS THAT WILL HAVE IN MIND IP ACCESS TELECOMMUNICATIONS S.A.S, FOR THE TREATMENT OF SENSITIVE PERSONAL DATA.For the purposes of this PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA, should be understood by sensitive data those that affect the privacy of the owner of the data or whose misuse may lead to discrimination. Within the sensitive data are those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data on health, to IP ACCESS TELECOMUNICACIONES S.A.S., as RESPONSIBLE FOR THE TREATMENT, will identify the sensitive data that it eventually collects or stores in order to meet the following objectives
a. Implement special attention and reinforce their responsibility regarding the treatment of this type of data, which translates into a greater requirement in terms of compliance with the principles and duties established by the current regulations on data protection. b. Establish the levels of technical, legal and administrative security to deal with that information in an appropriate manner. c. Increase restrictions on access and use by IP ACCESS TELECOMUNICACIONES S.A.S staff in their capacity as EMPLOYER and third party contractors or suppliers of it.SHAREHOLDERS, EMPLOYEES, PRACTITIONERS, VACANT ASSOCIATES, SUPPLIERS AND THEIR WORKERS, CONTRACTORS AND CUSTOMERS, natural or physical persons, in accordance with current regulations on the protection of personal data, are not obliged to authorize the processing of their sensitive data; however, in those cases in which said data are necessary to comply with a legal or contractual obligation that is in charge of IP ACCESS TELECOMUNICACIONES SAS, as the RESPONSIBLE FOR THE TREATMENT, specific consent models will be used where the owner must consent explicitly, express, prior and informed the treatment of said data.
PERSONAL DATA OF CHILDREN AND ADOLESCENTSThe processing of personal data of children and adolescents carried out by IP ACCESS TELECOMUNICACIONES S.A.S will always take place the following requirements:
a. Always respond and respect the best interests of children and adolescents. b. Always ensure the responsible party respect for their fundamental rights. c. That, as far as possible, such treatment is carried out taking into account the opinion of the minor holders of personal information, considering the following factors:- Maturity.
- Autonomy.
- Ability to understand the purpose of said treatment.
- Explain the consequences of the treatment.
The valuations of the above characteristics will not be carried out by IP ACCESS TELECOMUNICACIONES S.A.S in general. Any manager or third party involved in the processing of personal data of minors, should always ensure the proper use of this type of personal data.
10. VALIDITYThis Policy of Treatment and Protection of the information related to the Personal Data has come into effect since the fifteenth (1) of September of the two thousand and ten and eight (2018) and until the issuance of others or substantial changes of the same. It is suggested that the policy be reviewed each year by a committee, or that the rule present changes that imply changes in the policy.
11. SECURITY OF INFORMATIONIP ACCESS TELECOMUNICACIONES SAS, has technological and human tools to control and guarantee access to the corporate databases where the information of our employees, customers and suppliers rests, avoiding their adulteration, loss, consultation or unauthorized or fraudulent access, we have of a data processing center, with servers, network equipment and transmission and operate 24 hours 365 days a year.
12. CONFIDENTIALITYThe company guarantees the reservation of the information, even after the work comprising the treatment has been completed. The employees of the company responsible for the treatment of personal information undertake to comply with the provisions of the policy and procedure of this document.