Personal data

VERONORTE S.A.S, (hereinafter “Veronorte”), committed to the security of personal information of its users, customers, suppliers, contractors, employees and the general public, and in order to strictly comply with current regulations on the protection of Personal Data, through this document establishes the policy of treatment in the field of protection of Personal Data (hereinafter “Policy”) in relation to the collection, use and transfer of the same, under the authorization that has been granted by the owners of the information.

i) Legal framework

The legal framework of the Personal Data Processing Policies is developed in the Colombian Political Constitution, specifically in:
– Articles 15 and 20; in Law 1581 of 2012.
– Decree 1377 of 2013.
– Other provisions that modify, add or complement them.

The definitions to be taken into account for this Policy are those currently included in Article 3 of Law 1581 of 2012 and Decree 1377 of 2013.

Also, the principles governing the Policy are set forth in Article 4 of Law 1581 of 2012, which will be applied comprehensively by Veronorte. Any matter not expressly regulated in the Policy, shall be deemed regulated in accordance with the provisions of the aforementioned rules, so that the same, as far as they are not contrary to the provisions herein, are an integral part of the Policy.

ii) Definitions

  • Personal Data: personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • Data controller: the data controller determines the purposes for which and the means by which personal data is processed. So, Veronorte is the data controller
  • Holder / Data subject: data holder means a legal person or data subject who has the right to grant access to or to share certain personal or non-personal data under its control.
  • Data Treatment / Processing: Data Treatment means the access, collection, use, processing, storage, sharing, distribution, transfer, disclosure, security, destruction, or disposal of any personal, sensitive, or confidential information or data (whether in electronic or any other form or medium).
  • Consent: ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
  • Database: A database is an organized collection of structured information, or data, typically stored electronically in a computer system
  • Sensitive Data: Sensitive data is defined as any information that is protected against unwarranted disclosure.

iii) Objetive

The objective of the Policy of Treatment and Protection of Personal Data is to detail the guidelines that Veronorte takes into account to protect the Personal Data of the Data Controllers as well as the procedures to be carried out to know, update, rectify and delete the information by the Data Controller.

Veronorte collects and manages the Personal Data of third parties who voluntarily, previously, and expressly authorize such collection to jointly carry out the different programs or projects that are consistent with its corporate purpose and to maintain direct and assertive contact with the Holders. This information will never be used for illicit purposes, commercialization, or in any way that has the purpose of harming the interests of the Holders.

iv) Term

The Personal Data provided or Databases subject to Treatment, will be valid for the term of duration of the different programs or projects that are carried out in the development of the corporate purpose of Veronorte, or during the period in which subsists the purpose for which they were collected.

v) Personal data included in the database

The Personal Data of the Holders that are collected by Veronorte in the development of its corporate purpose, and included in its database are the following: i. Type of identity document; ii. Identity document number; iii. Names and Surnames; iv. Address; v. Telephone number(s); vi. E-mail; vii. City; viii. Country.

Veronorte’s employees will have access to Veronorte’s Databases in the exercise of their functions and for the purpose of its collection, or for the cases in which the law expressly authorizes it.

v) Privacy policies and personal data protection

The personal data that users provide on the Site, will be incorporated into a database owned by VERONORTE. Registered users automatically consent unconditionally that the data provided will be used and processed for research, promotion and marketing of services and products offered by VERONORTE.

VERONORTE undertakes to maintain in absolute privacy the data provided by the Users, and that are classified as “Personal Data” according to Colombian Law 1581 of 2012 (Personal Data Protection Act) Regulatory Decree 1377 of 2013, except: (i) when there is an express authorization by the User, (ii) in those cases where they are considered “Public Personal Data”, (iii) where any judicial authority or State Entity requires them or, (iv) in those cases where expressly stated by law.

vi) Rights of the holders

In addition to the rights contained in Law 1581 of 2012 and Decree 1377 of 2013, the Holders of the information may make complaints, claims, queries, delete data, add or modify existing data. Likewise, they will have the right to accept or deny that their information is included in Veronorte’s Databases. These rights may be exercised through the forms indicated in this document, or by the procedures established in the legal framework referred to.

vii) Sensitive data

For the Policy, sensitive data are understood as those that affect the privacy of the Data Subject or whose improper use can generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as data relating to health, sex life, and biometric data.

Veronorte may make use of the treatment of data classified as sensitive if the Holder has explicitly given his authorization personally or through his legal representative, or in any of the events provided for in Article 6 of Law 1581 of 2012, and in any case in cases expressly permitted by law.

viii) Treatment of personal data of children and adolescents

The treatment will ensure respect for the rights of children and adolescents and will only be treated in those and the manner authorized by law.

It is the task of the State and educational entities to provide information and train legal representatives and guardians on the possible risks faced by children and adolescents concerning the improper processing of their data in addition to providing knowledge about the responsible and safe use by children and adolescents of their data, their right to privacy and protection of their personal information and that of others.

By Veronorte’s policies, no information of minors will be requested or collected in the databases in order not to violate the fundamental rights with which they are protected.

ix) Authorization by the holder

The collection, storage, use, and circulation of Personal Data by Veronorte needs the free, prior, and express consent of the Holder through the web forms that must be expressly accepted, or through any other means permitted by Law 1581 of 2012.

Veronorte reserves the right to delete Personal Data at any time and without the need for authorization by the Holder.

x) Area responsible for the processing of personal data

The area responsible for the treatment of the databases will be Office Management, which will be responsible for the internal management of Personal Data and ensure efficient responses to requests made by the holders of the rights.

xi) Compaints or claims

If the Data Holder considers that the information contained in the Database should be corrected, updated, or deleted, or when he/she notices that there may be a breach of the duties set forth in Law 1581 of 2012 and Decree 1377 of 2013, and other regulations that modify or add to them, they could write to the e-mail info@veronorte.com.

xii) Consultation process

Veronorte will respond to inquiries, complaints, or claims of the Holder within a maximum period of fifteen (15) working days from the day after receiving the complaint, claim, or inquiries. In case of failure to do so, the applicant will receive an explanation, and the response is a maximum of eight (8) business days.

xiii) Revocation of authorization

The Holder of the Personal Data may revoke -totally or partially- at any time, the consent on the use of their personal data initially conferred to Veronorte, as long as it is not prevented by a legal or contractual provision. The revocation may be made to the area responsible for the processing of personal data, giving priority processing to these cases.

xiv) Security of the information

Veronorte will adopt the necessary measures to prevent loss of information, access by unauthorized persons for that purpose, adulteration of the information provided, and any other modality that may endanger the Holder.

xv) Use and international transfer of personal data

Veronorte will not transfer the Personal Data of the Holder to another company in another country that does not comply with the guidelines of Data Protection established by the Superintendence of Industry and Commerce, unless there is prior and express authorization of the Holder for that purpose, or in those cases where the law authorizes such transfer.

xvi) National registry of databases

Veronorte reserves the power to maintain and catalog certain information contained in its databases as confidential in the events contemplated in the law and in its statutes and internal regulations.

Veronorte will register its databases in the National Registry of Databases (RNBD), according to the regulations in force and any regulation issued by the National Government for that purpose.

The RNBD is administered by the Superintendence of Industry and Commerce and can be freely consulted by citizens, according to the regulations issued by the National Government for such purpose.

This document was last updated on January 18, 2022