Web treatment policies

1. Legal basis and scope of application

The information processing policy is developed in compliance with articles 15 and 20 of the Political Constitution; of articles 17 literal k) and 18 literal f) of Statutory Law 1581 of 2012, which establishes general provisions for the Protection of Personal Data (LEPD); and article 13 of Decree 1377 of 2013, which partially regulates the previous Law.

This policy will be applicable to all personal data registered in databases that are processed by the controller.

2. Definitions

According to article 9 of the LEPD, the prior and informed authorization of the Owner is required for the processing of personal data. By accepting this policy, any Owner that provides information related to their personal data is consenting to the treatment of their data by ASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA SA in the terms and conditions contained therein.

The authorization of the Holder will not be necessary in the case of:

  • Información requerida por una entidad pública o administrativa en ejercicio de sus funciones legales o por orden judicial.
  • Data of a public nature.
  • Cases of medical or sanitary emergency.
  • Information processing authorized by law for historical, statistical or scientific purposes. Data related to
  • Civil registry of persons.

3. Authorization of the treatment policy

According to article 9 of the LEPD, the prior and informed authorization of the Owner is required for the processing of personal data. By accepting this policy, any Owner who provides information regarding their personal data is consenting to the processing of their data by ASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA S.A. in the terms and conditions contained therein.

The authorization of the Holder will not be necessary in the case of:

  • Information required by a public or administrative entity in the exercise of its legal functions or by court order.
  • Data of a public nature.
  • Cases of medical or sanitary emergency.
  • Processing of information authorized by law for historical, statistical or scientific purposes. Data related to the civil registry of people.

4. Responsible for the treatment

The person responsible for the treatment of the databases subject to this policy is ASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA S.A., whose contact information is as follows:

  • Address: calle 77 # 13 47 office 303 BOGOTÁ D.C.
  • email : servicioalcliente@asertempocolombia.com
  • phone: 6401300

5. Treatment and purposes of the databases

ASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA S.A., In the development of its business activity, it carries out the treatment of personal data relating to natural persons that are contained and processed in databases intended for legitimate purposes, in compliance with the Constitution and the Law.

In “Annex 1. Database Information” the different databases that the company manages, the information and characteristics of each one are presented.

6. Rights of the holders

The navigation system and software necessary for the operation of this website collect some personal data, the transmission of which has been implicit in the use of Internet communication protocols.

By its very nature, the information collected could allow the identification of users through their association with third-party data, even if it is not obtained for that purpose. This category of data includes the IP address or domain name of the computer used by the user to access the web page, the URL, the date and time, and other parameters related to the user’s operating system.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website or to check its correct technical operation, and are canceled immediately after being verified.

7. Coolies or web bugs

This website does not use cookies or web bugs to collect personal data from the user, but its use is limited to providing the user with access to the website. The use of session cookies, not permanently memorized on the user’s computer and which disappear when you close the browser, are only limited to collecting technical information to identify the session in order to facilitate safe and efficient access to the website. If you do not want to allow the use of cookies, you can reject or delete existing cookies by configuring your browser, and disabling the Java Script code of the browser in the security settings.

8. Procedures to exercise the rights of the owner

In accordance with article 8 of the LEPD and articles 21 and 22 of Decree 1377 of 2013, the Data Holders may exercise a series of rights in relation to the treatment of their personal data. These rights may be exercised by the following people.

  1. By the Holder, who must prove their identity sufficiently by the different means made available by the person responsible.
  2. For their successors in title, who must prove such quality.
  3. By the representative and / or attorney of the Holder, after accreditation of the representation or empowerment.
  4. By stipulation in favor of another and for another.

The rights of children or adolescents will be exercised by the people who are empowered to represent them.

The Holder’s rights are as follows:

Right of access or consultation: This is the Owner’s right to be informed by the data controller, upon request, regarding the origin, use and purpose that they have given to their personal data.

Complaints and claims rights: The Law distinguishes four types of claims:

-Claim for correction: It is the right of the Owner to update, rectify or modify those partial, inaccurate, incomplete, fractional, misleading data, or those whose treatment is expressly prohibited or has not been authorized.

-Suppression claim: It is the Holder’s right to have data that is inadequate, excessive or that does not respect constitutional and legal principles, rights and guarantees deleted.

Revocation claim: It is the Holder’s right to withdraw the authorization previously provided for the processing of their personal data.

-Infringement claim: It is the right of the Owner to request that the breach of the regulations on Data Protection be rectified.

-Right to request proof of authorization granted to the controller: Except when expressly excepted as a requirement for treatment in accordance with the provisions of article 10 of the LEPD.

-Right to file complaints with the Superintendency of Industry and Commerce for infractions: The Holder or successor in title may only raise this complaint once he has exhausted the process of consultation or claim before the person responsible for the treatment or person in charge of the treatment

9. Attention to Data Holders

The Data Protection Officer ofASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA S.A. will be in charge of attending to requests, queries and claims before which the Data Holder can exercise their rights

  • phone: 6401300
  • Email: servicioalcliente@asertempocolombia.com

10. Procedures to exercise the rights of the owner

10.1 Right of access or consultation

According to article 21 of Decree 1377 of 2013, the Holder may consult his personal data free of charge in two cases:

  • At least once every calendar month.
  • Whenever there are substantial modifications to the information processing policies that motivate new consultations.

For inquiries whose frequency is greater than one for each calendar month,ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA S.A.You can only charge the Holder the shipping, reproduction and, where appropriate, certification of documents. The reproduction costs cannot be higher than the recovery costs of the corresponding material. For this purpose, the person responsible must demonstrate to the Superintendency of Industry and Commerce, when the latter so requires, the support of said expenses.

The Owner of the data can exercise the right of access or consultation of their data by writing to ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA S.A. sent, by email to: servicioalcliente@asertempocolombia.com, indicating in the Subject “Exercise of the right of access or consultation”, or by post sent to calle 77 # 13 47 oficina 303 BOGOTÁ D.C., BOGOTÁ. The request must contain the following information:

  • Name and surname of the principal.
  • Photocopy of the Certificate of Citizenship of the Holder and, where appropriate, of the person representing him, as well as the document accrediting such representation.
  • Request in which the request for access or consultation is specified. Address for notifications, date and signature of the applicant.
  • Documents accrediting the request made, when appropriate.

The Holder may choose one of the following forms of consultation of the database to receive the requested information:

  • On screen display.
  • In writing, with a copy or photocopy sent by certified mail or not.
  • Telecopy.
  • Email or other electronic means.
  • Another system adapted to the configuration of the database or the nature of the treatment, offered byASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA S.A.

Once the request is received,ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA S.A. will resolve the request for consultation within a maximum period of ten (10) business days from the date of receipt. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which his query will be answered, which in no case may exceed five (5) business days following the expiration of the first term. These deadlines are set in article 14 of the LEPD.

Once the consultation process is exhausted, the Holder or successor in title may file a complaint with the Superintendence of Industry and Commerce.

10.2Rights of complaints and claims

The Owner of the data can exercise the rights of claim on their data by writing to ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA. Sent by email servicioalcliente@asertempocolombia.com indicating in the subject “Exercise of the right of access or consultation”, or by mail sent tocalle 77 # 13 47 oficina 303 BOGOTÁ D.C., BOGOTÁ. The request must contain the following information:

  • Name and surname of the principal.
  • Photocopy of the Certificate of Citizenship of the Holder and, where appropriate, of the person representing him, as well as the document accrediting such representation.
  • Description of the facts and request in which the request for correction, suppression, revocation or inflation is specified.
  • Address for notifications, date and signature of the applicant.
  • Documents accrediting the request made that they want to assert, when appropriate.

Once the complete claim has been received, a legend will be included in the database that says “claim in process” and the reason for it, within a term not exceeding two (2) business days. Said legend must be kept until the claim is decided.

ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA S.A. will resolve the request for consultation within a maximum period of fifteen (15) business days from the date of receipt. When it is not possible to attend to the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days after the expiration of the first finished.

Once the claim process is exhausted, the Holder or successor in title may file a complaint with the Superintendence of Industry and Commerce.

11. Security measures

ASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA SA, In order to comply with the security principle enshrined in Article 4 literal g) of the LEPD, it has implemented the necessary technical, human, and administrative measures to guarantee the security of the records, avoiding their adulteration, loss, consultation, use, or access. authorized or fraudulent.

On the other hand, ASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA SA, By signing the corresponding transmission contracts, it has required the data processors with whom it works to implement the necessary security measures to guarantee the security and confidentiality of the information in the treatment of personal data.

Below are the security measures implemented byASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA SA, that are collected and developed in its Internal Security Manual (I, II, III, IV).

 

TABLE I: Common security measures for all types of data
(public, semi-private, private, sensitive) and databases (automated, non-automated)

Document and media management Access control Incidents Personal Internal Security Manual
1. Measures that prevent undue access or recovery of data that has been discarded, deleted or destroyed.

2. Restricted access to the place where the data is stored.

1. Limited user access to the data necessary for the development of its functions.

2. Updated list of users and authorized accesses.

1. Incident register: type of incident, moment in which it was produced, issuer of the notification, receiver of the notification, effects and corrective measures.

2. Procedure for notification and incident management.

1. Definition of the functions and obligations of users with access to data.

2. Definition of the control functions and authorizations delegated by the controller.

1. Preparation and implementation of the Manual of mandatory compliance for staff.

2. Minimum content: scope, security measures and procedures, staff functions and obligations, description of databases, procedure for incidents, procedure for copying and retrieving data, security measures for transport, destruction and reuse of documents, identification of those in charge of the treatment.

3. Authorization of the person responsible for the exit of documents or media by physical or electronic means.

4. Labeling system or identification of the type of information.
5. Inventory of supports.

3. Mechanisms to prevent access to data with rights other than those authorized.
4. Granting, alteration or cancellation of permits by the authorized person
3. Disclosure among the staff of the standards and of the consequences of their compliance

TABLE II: Common security measures for all types of data (public, semi-private, private, sensitive) according to the type of databases

Non-automated databases
Archive
Document storage
Custody of documents
1. Documentation file following procedures that guarantee correct conservation, location and consultation and allow the exercise of the rights of the Holders.
1. Storage devices with mechanisms that prevent access to unauthorized persons.
1. Deber de diligencia y custodia de la persona a cargo de documentos durante la revisión o tramitación de los mismos.
Automated databases
Identification and authentication
Telecommunication
  1. Personalized identification of users to access the information systems and verification of their authorization.
  2. Identification and authentication mechanisms; Passwords: allocation, expiration and encrypted storage.
1. Access to data through secure networks.

TABLE III: Security measures for private data according to the type of databases

Automated and non-automated databases
Audit
Responsible for security
Internal Security Manual
  1. Ordinary audit (internal or external) every two months.
  2. Extraordinary audit for substantial modifications in the information systems.
  3. Report of detection of deficiencies and proposal of corrections.
  4. Analysis and conclusions of the person responsible for security and the person responsible for the treatment.
  5. Conservation of the report at the disposal of the authority.
  1. Appointment of one or more security officers.
  2. Appointment of one or more controllers and coordinators of the measures of the Internal Security Manual.
  3. Prohibition of delegating the responsibility of the data controller to the security manager.
1. Regular compliance checks
Automated databases
Document and media management
Access control
Identification and authentication
Incidents
1. Check-in and document output and

supports: date, issuer andreceiver, number, type of
information, shipping method, responsible for the reception or delivery.

1. control ofaccess to the site or

places whereinformation systems are located.

1. Mechanism that limit the number of repeated unauthorized access attempts
1. Record of data recovery procedures, person running them, restored data and manually recorded data.

2. Authorization of thedata controller forthe execution of the recoveryprocedures.

TABLE IV: Security measures for sensitive data according to the type of databases

Non-automated databases
Access control
Document storage
Copy or reproduction
Documentation transfer
  1. Access only for authorized personnel.
  2. Access identification mechanism.
  3. Access log of unauthorized users.
1. File cabinets, cabinets or others located in access areas protected with keys or other measures.
  1. Only by authorized users.
  2. Destruction that prevents access or recovery of data.
1. Measures that prevent access or manipulation of documents.
Automated databases
Document and media management
Access control
Telecommunication
  1. Confidential labeling system.
  2. Data encryption.
  3. Encryption of portable devices when they are outside.
  1. Access log: user, time, database you are accessing, type of access, registry you are accessing.
  2. Control of the access log by the security officer. Monthly report.
  3. Data retention: 2 years.
1. Data transmission through encrypted electronic networks.

12. Transfer of data to third countries

In accordance with Title VIII of the LEPD, the transfer of personal data to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendency of Industry and Commerce on the matter, which in no case may be lower than those required by this law for its recipients. This prohibition will not apply in the case of:

  • Information with respect to which the Holder has granted his express and unequivocal authorization for the transfer.
  • Exchange of medical data, when the Holder’s treatment requires it for reasons of health or public hygiene.
  • Bank or stock transfers, in accordance with the applicable legislation.
  • Transfers agreed in the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
  • Transfers necessary for the execution of a contract between the Owner and the data controller, or for the execution of pre-contractual measures, provided that the Holder has the authorization.
  • Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial process.

In cases not contemplated as an exception, the Superintendency of Industry and Commerce shall issue the declaration of conformity regarding the international transfer of personal data. The Superintendent is empowered to request information and carry out the steps aimed at establishing compliance with the budgets that the viability of the operation requires.

The international transmissions of personal data that are made between a person in charge and a person in charge to allow the person in charge to carry out the treatment on behalf of the person in charge, will not need to be informed to the Owner or have his consent, provided there is a contract for the transmission of personal data. . “

13. Validity

The databases under the responsibility of ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA will be processed for as long as is reasonable and necessary for the purpose for which the data is collected. Once the purpose or purposes of the treatment have been fulfilled, and without prejudice to legal regulations that provide otherwise. ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA will delete the personal data in its possession unless there is a legal or contractual obligation that requires its conservation. For all these reasons, said database has been created without a defined period of validity.

“This treatment policy remains in force from 2016-11-25.”

INTERNAL DOCUMENT OF POLICIES AND PROCEDURES

1. Legal basis and scope of application

The information processing policy is developed in compliance with articles 15 and 20 of the Political Constitution; of articles 17 literal k) and 18 literal f) of Statutory Law 1581 of 2012, which establishes general provisions for the Protection of Personal Data (LEPD); and article 13 of Decree 1377 of 2013, which partially regulates the previous Law.

This policy will be applicable to all personal data registered in databases that are processed by the controller.

2. Definitions

Established in article 3 of Law 1581 of 2012 and in article 3 of Decree 1377 of 2013

Authorization: Prior, express and informed consent of the Owner to carry out the processing of personal data.

Notice of Privacy: Verbal or written communication generated by the person in charge, addressed to the Owner for the treatment of his personal data, by means of which he is informed about the existence of the information treatment policies that will be applicable to him, the way of accessing them and the purposes of the treatment that is intended to be given to personal data.

Database Organized set of personal data that is subject to treatment.

Personal data: Any information linked or that may be associated with one or more determined or determinable natural persons.

Public data: It is the data that is not semi-private, private or sensitive. Public data is considered, among others, data related to the civil status of people, their profession or trade and their status as a merchant or public servant. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official gazettes and duly executed judicial decisions that are not subject to reservation.

Sensitive data: Sensitive data is understood to be those that affect the privacy of the Holder or whose improper use may generate its discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, of human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

Responsible for the treatment: Natural or legal person, public or private, who by himself or in association with others, performs the processing of personal data on behalf of the person responsible for the treatment.

Responsible for the treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data.

Owner: Natural person whose personal data is processed.

Transfer: The data transfer takes place when the person responsible and / or in charge of the treatment of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is inside or outside from the country.

Transmission: Processing of personal data that involves the communication thereof within or outside the territory of the Republic of Colombia when it is intended to carry out a treatment by the person in charge on behalf of the person in charge.

Treatment:Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.

3. Authorization of the treatment policy

According to article 9 of the LEPD, the prior and informed authorization of the Owner is required for the processing of personal data. By accepting this policy, any Owner that provides information related to their personal data is consenting to the treatment of their data by ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA in the terms and conditions contained therein.

The authorization of the Holder will not be necessary in the case of:

  • Information required by a public or administrative entity in the exercise of its legal functions or by court order.
  • Data of a public nature.
  • Cases of medical or sanitary emergency.
  • Information processing authorized by law for historical, statistical or scientific purposes. Data related to the civil registry of people.

4. Responsible for the treatment

The person responsible for the treatment of the databases subject to this policy is ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA, whose contact details are as follows:

  • Dress calle 77 # 13 47 oficina 303 BOGOTÁ D.C.,
  • Email: servicioalcliente@asertempocolombia.com
  • phone: 6401300

5. Treatment and purposes of the databases

ASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA SA, In the development of its business activity, it carries out the treatment of personal data relating to natural persons that are contained and processed in databases intended for legitimate purposes, in compliance with the Constitution and the Law.

In “Annex 1. Database Information” the different databases that the company manages, the information and characteristics of each one are presented.

6. Rights of the Holders

In accordance with article 8 of the LEPD and articles 21 and 22 of Decree 1377 of 2013, the Data Holders may exercise a series of rights in relation to the treatment of their personal data. These rights may be exercised by the following people.

  1. By the Holder, who must prove their identity sufficiently by the different means made available by the person responsible.
  2. For their successors in title, who must prove such quality.
  3. By the representative and / or attorney of the Holder, after accreditation of the representation or empowerment.
  4. By stipulation in favor of another and for another.

The rights of children or adolescents will be exercised by the people who are empowered to represent them.

The Holder’s rights are as follows:

Right of access or consultation: This is the right of the Owner to be informed by the person responsible for the treatment, upon request, regarding the origin, use and purpose that they have given their personal data.

Complaints and claims rights: The Law distinguishes four types of claims:

  • Claim for correction: It is the right of the Owner to update, rectify or modify those partial, inaccurate, incomplete, fractional, misleading data, or those whose treatment is expressly prohibited has not been authorized.
  • Claim for deletion: It is the right of the Owner to have the data that is inadequate, excessive or that does not respect the principles, rights and constitutional and legal guarantees deleted.
  • Revocation claim: It is the Holder’s right to withdraw the authorization previously given for the treatment of their personal data.
  • Infringement claim: It is the right of the Owner to request that the breach of the regulations on Data Protection be rectified.

Right to request proof of authorization granted to the controller: Except when expressly excepted as a requirement for treatment in accordance with the provisions of article 10 of the LEPD.

Right to file complaints with the Superintendency of Industry and Commerce for infractions: The Holder or successor in title may only raise this complaint once he has exhausted the process of consultation or claim before the person responsible for the treatment or person in charge of the treatment.

7. Attention to Data Holders

The Data Protection Officer of ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SAwill be in charge of attending to requests, queries and claims before which the Data Holder can exercise their rights.

  • phone: 6401300
  • Email: servicioalcliente@asertempocolombia.com

8. Procedures to exercise the Holder’s rights

8.1 Right of access or consultation

According to article 21 of Decree 1377 of 2013, the Holder may consult his personal data free of charge in two cases:

  1. At least once every calendar month.
  2. Whenever there are substantial modifications to the information processing policies that motivate new consultations.

For inquiries whose frequency is greater than one for each calendar month, ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA may only charge the Holder shipping, reproduction and, where appropriate, certification of documents. The reproduction costs cannot be higher than the recovery costs of the corresponding material. For this purpose, the person responsible must demonstrate to the Superintendency of Industry and Commerce, when the latter so requires, the support of said expenses.

The Owner of the data can exercise the right of access or consultation of their data by writing to ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA sent, by email to: servicioalcliente @ asertempocolombia.com, indicating in the Subject “Exercise of the right of access or consultation”, or by mail sent to calle 77 # 13 47 office 303 BOGOTÁ D.C., BOGOTÁ. The request must contain the following information:

  • Name and surname of the principal.
  • Photocopy of the Certificate of Citizenship of the Holder and, where appropriate, of the person representing him, as well as the document accrediting such representation.
  • Request in which the request for access or consultation is specified. Address for notifications, date and signature of the applicant.
  • Documents accrediting the request made, when appropriate.

The Holder may choose one of the following forms of consultation of the database to receive the requested information:

  • On screen display.
  • In writing, with a copy or photocopy sent by certified mail or not. Fax.
  • Email or other electronic means.
  • Another system adapted to the configuration of the database or the nature of the treatment, offered by ASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA SA

Once the request is received, ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SAwill resolve the request for consultation within a maximum period of ten (10) business days from the date of receipt of the request. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which his query will be answered, which in no case may exceed five (5) business days following the expiration of the first term. These deadlines are set in article 14 of the LEPD.

Once the consultation process is exhausted, the Holder or successor in title may file a complaint with the Superintendence of Industry and Commerce.

8.2 Right to complaints and claims

The Owner of the data can exercise the rights of claim on their data by writing to ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA sent, by email to servicioalcliente @ asertempocolombia.com, indicating in the Subject “Exercise of the right of access or consultation”, or by mail sent to calle 77 # 13 47 office 303 BOGOTÁ D.C., BOGOTÁ. The request must contain the following information:

  • Name and surname of the principal.
  • Photocopy of the Certificate of Citizenship of the Holder and, where appropriate, of the person representing him, as well as the document proving such representation.
  • Description of the facts and request in which the request for correction, suppression, revocation or infringement is specified.
  • Address for notifications, date and signature of the applicant.
  • Documents accrediting the request made that they want to assert, when appropriate.

If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the failures. If two (2) months have elapsed from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

Once the complete claim is received, a legend will be included in the database that says “claim in process” and the reason for it, in a term no longer than two (2) business days. Said legend must be kept until the claim is decided.

ASESORIAS Y SERVICIOS TEMPORALES DE COLOMBIA SA will resolve the request for consultation within a maximum period of fifteen (15) business days from the date of receipt. When it is not possible to attend to the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days after the expiration of the first finished.

Once the claim process is exhausted, the Holder or successor in title may file a complaint with the Superintendence of Industry and Commerce.

9. Security measures

ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA, In order to comply with the security principle enshrined in Article 4 literal g) of the LEPD, it has implemented the necessary technical, human, and administrative measures to guarantee the security of the records, avoiding their adulteration, loss, consultation, use, or access. authorized or fraudulent.

On the other hand, ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA, By signing the corresponding transmission contracts, it has required the data processors with whom it works to implement the necessary security measures to guarantee the security and confidentiality of the information in the treatment of personal data.

Below are the security measures implemented by ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA that are collected and developed in its Internal Security Manual (Tables I, II, III and IV).

TABLE I: Common security measures for all types of data
(public, semi-private, private, sensitive) and databases (automated, non-automated)

Document and media management Access control Incidents Personal Internal Security Manual
1. Measures that prevent undue access or recovery of data that has been discarded, deleted or destroyed.

2. Restricted access to the place where the data is stored.

1. Limited user access to the data necessary for the development of its functions.

2. Updated list of users and authorized accesses.

1. Incident register: type of incident, moment in which it was produced, issuer of the notification, receiver of the notification, effects and corrective measures.

2. Procedure for notification and incident management.

1. Definition of the functions and obligations of users with access to data.

2. Definition of the control functions and authorizations delegated by the controller.

1. Preparation and implementation of the Manual of mandatory compliance for staff.

2. Minimum content: scope, security measures and procedures, staff functions and obligations, description of databases, procedure for incidents, procedure for copying and retrieving data, security measures for transport, destruction and reuse of documents, identification of those in charge of the treatment.

3. Authorization of the person responsible for the exit of documents or media by physical or electronic means.

4. Labeling system or identification of the type of information.
5. Inventory of supports.

3. Mechanisms to prevent access to data with rights other than those authorized.

4. Granting, alteration or cancellation of permits by the authorized person

3. Disclosure among the staff of the standards and of the consequences of their compliance

TABLE II: Common security measures for all types of data (public, semi-private, private, sensitive) according to the type of databases

Non-automated databases
Archive
Document storage
Custody of documents
1. Documentation file following procedures that guarantee correct conservation, location and consultation and allow the exercise of the rights of the Holders.
1. Storage devices with mechanisms that prevent access to unauthorized persons.
1. Deber de diligencia y custodia de la persona a cargo de documentos durante la revisión o tramitación de los mismos.
Automated databases
Identification and authentication
Telecommunication
  1. Personalized identification of users to access the information systems and verification of their authorization.
  2. Identification and authentication mechanisms; Passwords: allocation, expiration and encrypted storage.
1. Access to data through secure networks.

TABLE III: Security measures for private data according to the type of databases

Automated and non-automated databases
Audit
Responsible for security
Internal Security Manual
  1. Ordinary audit (internal or external) every two months.
  2. Extraordinary audit for substantial modifications in the information systems.
  3. Report of detection of deficiencies and proposal of corrections.
  4. Analysis and conclusions of the person responsible for security and the person responsible for the treatment.
  5. Conservation of the report at the disposal of the authority.
  1. Appointment of one or more security officers.
  2. Appointment of one or more controllers and coordinators of the measures of the Internal Security Manual.
  3. Prohibition of delegating the responsibility of the data controller to the security manager.
1. Regular compliance checks
Automated databases
Document and media management
Access control
Identification and authentication
Incidents
1. Check-in and document output and

supports: date, issuer and receiver, number, type of
information, shippingmethod, responsible for the reception or delivery.

1. control ofaccess to the site or

places where information systems are located.

1. Mechanism that limits the numberof repeated unauthorized attempts to access.
1. Registro de losprocedimientos derecuperación de los datos,persona que los ejecuta,datos restaurados y datos grabados manualmente.

2. Autorización delresponsable del tratamientopara la ejecución de losprocedimientos derecuperación.

TABLE IV: Security measures for sensitive data according to the type of databases

Non-automated databases
Access control
Document storage
Copy or reproduction
Documentation transfer
  1. Access only for authorized personnel.
  2. Access identification mechanism.
  3. Access log of unauthorized users.
1. File cabinets, cabinets or others located in access areas protected with keys or other measures.
  1. Only by authorized users.
  2. Destruction that prevents access or recovery of data.
1. Measures that prevent access or manipulation of documents.
Automated databases
Document and media management
Access control
Telecommunication
  1. Confidential labeling system.
  2. Data encryption.
  3. Encryption of portable devices when they are outside.
  1. Access log: user, time, database you are accessing, type of access, registry you are accessing.
  2. Control of the access log by the security officer. Monthly report.
  3. Data retention: 2 years.
1. Data transmission through encrypted electronic networks.

10. Transfer of data to third countries

In accordance with Title VIII of the LEPD, the transfer of personal data to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendency of Industry and Commerce on the matter, which in no case may be lower than those required by this law for its recipients. This prohibition will not apply in the case of:

  • Information with respect to which the Holder has granted his express and unequivocal authorization for the transfer.
  • Exchange of medical data, when the Holder’s treatment requires it for reasons of health or public hygiene.
  • Bank or stock transfers, in accordance with the applicable legislation.
  • Transfers agreed in the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
  • Transfers necessary for the execution of a contract between the Owner and the data controller, or for the execution of pre-contractual measures, provided that the Holder has the authorization.
  • Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial process.

In cases not contemplated as an exception, the Superintendency of Industry and Commerce shall issue the declaration of conformity regarding the international transfer of personal data. The Superintendent is empowered to request information and carry out the steps aimed at establishing compliance with the budgets that the viability of the operation requires.

The international transmissions of personal data that are made between a person in charge and a person in charge to allow the person in charge to carry out the treatment on behalf of the person in charge, will not need to be informed to the Owner or have his consent, provided there is a contract for the transmission of personal data. . “

11. Validity

The databases under the responsibility of ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA will be processed for as long as is reasonable and necessary for the purpose for which the data is collected. Once the purpose or purposes of the treatment have been fulfilled, and without prejudice to legal regulations that provide otherwise. ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA will delete the personal data in its possession unless there is a legal or contractual obligation that requires its conservation. For all these reasons, said database has been created without a defined period of validity.

“This treatment policy remains in force from 2016-11-25.”

NOTICE OF PRIVACY

In compliance with Statutory Law 1581 of 2,012 on Data Protection (LEPD) and the regulations that regulate it, this Privacy Notice aims to obtain the express and informed authorization of the Owner for the treatment and transfer of your data to third parties. . The treatment conditions are as follows:

1. ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA Identified with the NIT No. 900007583, it will be responsible for the treatment of your personal data.

2. In order to receive comprehensive care as a customer, the personal data collected will be processed for the following purposes:

Perform customer loyalty, internal statistics management, marketing, opinion polls, commercial prospecting, own advertising, market segmentation, distance selling, electronic commerce and sending commercial communications about our products and / or services, Perform administrative management, management collections and payments, billing management, economic and accounting management, tax management, payroll management, personnel management, social benefits, prevention of occupational risks, promotion and management of employment, promotion and selection of personnel

3. It is optional to provide information to be seen on Sensitive Data, understood as those that affect privacy or generate some type of discrimination, or on minors.

4. The Policy of treatment of the Data of the Holder, as well as the substantial changes that occur in it, may be consulted in the following email: servicioalcliente@asertempocolombia.com

The Owner can exercise the rights of access, correction, deletion, revocation or claim for infringement of their data with a letter addressed to ASESORÍAS Y SERVICIOS TEMPORALES DE COLOMBIA SA to the email address servicioalcliente@asertempocolombia.com indicating in the subject the right that you want to exercise; or by post sent to 77 street # 13 47 office 303

Prepared by: www.protecdatacolombia.com