Our Office

Calle 10 A # 34 11 Hotel Diez Categoría, office 4014

WhatsApp

+57 318 5324130

TREATMENT AND PROTECTION OF PERSONAL DATA POLICY CLQ GROUP S.A.S. – LEGAL INFORMATION

INTRODUCTION

CLQ GROUP S.A.S. (CUADRO LEGAL), a company legally incorporated and identified with NIT 901.263.543 – 4whose address is located at 10A Street #34 – 11 Office 4014, in the municipality of Medellin – Antioquia, with telephone 318 812 42 07 and email contact info@cuadrolegal.com; based on the provisions of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012, the Single Decree 1074 of 2015 and other rules that develop, complement, modify, replace or add to them, hereby and in its capacity as responsible for the information, discloses the Policy of Treatment and Protection of Personal Data of CLQ GROUP S.A.S. (LEGAL CHART).

OBJECTIVE

The purpose of this document is to establish the principles, terms and conditions for the treatment of personal data, an activity that includes the collection, storage, processing, updating, use, circulation, transmission, transfer and suppression of the information provided to CLQ GROUP S.A.S. (CUADRO LEGAL) in the development of its corporate purpose. Additionally, the Processing and Protection of Personal Data Policy establishes the rights of the Information Holders, the procedures to make them effective and the company’s internal procedures to guarantee its obligation to protect the personal data provided.

LEGAL FRAMEWORK

In accordance with Article 15 of the Colombian Constitution, individuals have the right to know, update and rectify the information collected about them in databases or files of both public and private entities. In 2008, Law 1266 was issued, a special and sectorial law that regulates the so-called “financial habeas data” according to which every person has the right to know, update and rectify the information that has been collected about him/her in data banks, particularly in relation to financial and credit, commercial and service information, as well as information from third countries. Subsequently, the Statutory Law 1581 of 2012 was issued, which was the subject of a prior pronouncement by the Constitutional Court in Ruling C-748 of 2011, which clarified the nature and scope of such regulation. This Law regulates the protection of personal data in a general manner. Taking into account the regulatory framework described above, financial, credit, commercial, service and third country information will be processed in accordance with the provisions of Law 1266 of 2008 and the regulations that complement, develop, modify and/or replace it. According to the provisions of article 3, paragraph j) of the aforementioned Law, the information regulated by the Law refers to the creation, execution and extinction of monetary obligations, regardless of the nature of the contract that gives rise to them. Other information not included within the scope of Law 1266 of 2008 will be treated in accordance with Law 1581 of 2012, the Single Decree 1074 of 2015 and the rules that complement, develop, modify and/or replace it.

SCOPE

This policy shall apply to all holders of the information that provide and authorize the processing of their data to CLQ GROUP S.A.S. (CUADRO LEGAL) either expressly or through unequivocal actions.

PRINCIPLES

In all processing of personal data carried out by CLQ GROUP S.A.S. (CUADRO LEGAL), its delegates, agents and/or third parties to whom personal data is transferred must comply with the principles and rules set forth in the Law and in this Policy, in order to guarantee the right to habeas data of the owners and comply with the obligations of law. The principles to be taken into account when carrying out a treatment:

  1. Legality of data processing: CLQ GROUP S.A.S. (LEGAL BOX). shall be subject to the provisions of the law and the provisions that regulate it.
  2. Purpose: All personal data processing activities carried out shall obey the purposes mentioned in this policy or in the authorization granted by the owner of the personal data, or in the specific documents where each type or process of personal data processing is regulated. The purpose of the processing of personal data must be informed to the owner of the personal data at the time of obtaining his or her authorization. Personal data may not be processed for purposes other than those informed and consented to by the owners of the data. The purpose for which the personal data was collected obeys a legitimate purpose in accordance with the constitution and the law.
  3. Freedom: The processing of personal data is carried out with the prior express and informed authorization of the Data Subject by the Data Subject or taking into account the grounds that relieve the consent of the Data Subject and that are enshrined in the law.
  4. Veracity or quality of the data: The personal data subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. CLQ GROUP S.A.S. (CUADRO LEGAL) does not process personal data that is partially or fractioned and that its processing may lead to an error that may be detrimental to the holder of the information processing, when these cases occur, CLQ GROUP S.A.S. (CUADRO LEGAL) will ask the holder to correct and update necessary to prevent this situation from occurring, in case of not being able to update the information, it will refrain from processing this data.
  5. Transparency: Upon request of the holder, a solution shall be given to the request made by the holder regarding the information contained in the database. The response to this request will be carried out by the area in charge within the company. The unit in charge of information processing will accompany the response process in the necessary cases.
  6. Restricted access and circulation: Personal data may only be processed by those personnel authorized to do so, or those who, as part of their duties, are in charge of carrying out such activities and have been authorized to do so. Personal data may not be provided to those who do not have authorization or have not been authorized to carry out the processing.
  7. Temporality: As a general rule, the holder’s information will not be used beyond the reasonable period of time required by the purpose for which the holder of the personal data was informed.

Paragraph. In cases where there is special legislation on the subject, the information shall be kept for the term indicated by the special law.

  1. Restricted access: except for expressly authorized data, personal data may not be made available for access through the Internet or other mass media, unless technical and security measures are put in place to control access and restrict it to authorized persons only.
  2. Security: CLQ GROUP S.A.S. (CUADRO LEGAL) must always carry out the processing of information by providing the technical, human and administrative measures necessary to maintain the confidentiality of the data and to prevent it from being adulterated, modified, consulted, used, accessed, deleted, or known by unauthorized persons or by authorized and unauthorized persons in a fraudulent manner, or that the personal data is lost. Any new project involving the processing of personal data must consult this processing policy to ensure compliance with this rule.
  3. Confidentiality and further processing: All personal data that is not public data must be treated as confidential by those responsible, even if the contractual relationship or the link between the owner of the personal data and CLQ GROUP S.A.S. (CUADRO LEGAL) has ended. Upon termination of such relationship, such personal data must continue to be processed in accordance with this policy and the law.
  4. Individuality: CLQ GROUP S.A.S. (CUADRO LEGAL) shall maintain separately the databases for which it is or may become the data processor from the databases for which it acts as data controller. CLQ GROUP S.A.S. (CUADRO LEGAL) shall harmoniously apply, taking into account the nature of the data and the above principles.

MAIN DEFINITIONS

For the following information treatment policy, the parameters established in Law 1581 of 2012 and the Single Decree 1074 of 2015, in which the general provisions for data protection are dictated and the definitions provided by the same will be taken into account, seeking to grant a more complete protection of the personal data that the database possesses: “Article 3°. Definitions. For the purposes of this law, the following is understood as:

  1. Authorization: prior, express and informed consent of the holder to carry out the processing of personal data;
  2. Database: organized set of personal data that is subject to processing;
  3. Personal Data: any information linked or that may be associated to one or several determined or determinable natural persons;
  4. Data Processor: natural or legal person, public or private, that by itself or in association with others, carries out the processing of personal data on behalf of the data controller;
  5. Data Controller: natural or legal person, public or private, who alone or in association with others, decides on the database and/or the processing of data;
  6. Data subject: natural person whose personal data is the object of processing;
  7. Processing: any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
  8. Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Data Subject for the Processing of his personal data, by means of which he is informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the Processing that is intended to be given to the personal data.
  9. Public data: Data that is not semi-private, private or sensitive. Data related to the marital status of individuals, their profession or trade and their status as merchants or public servants, among others, are considered public data. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality.
  10. Sensitive data: Sensitive data are understood as those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
  11. Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.
  12. Transmission: Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia when its purpose is the performance of a Processing by the processor on behalf of the Controller.

PROCESSING OF PERSONAL DATA

The treatment of information includes the collection, storage, processing, updating, use, circulation, transfer and deletion of personal data provided to CLQ GROUP S.A.S. (CUADRO LEGAL), in accordance with the provisions of Law 1266 of 2008, Law 1581 of 2012, the Single Decree 1074 of 2015 and other regulations that modify, replace, develop and / or complement them. For the processing of information CLQ GROUP S.A.S. (CUADRO LEGAL) may:

  1. Manage the information collected in one or several databases according to the form and organization you deem convenient;
  2. Verify, corroborate, check, validate, investigate or compare the information provided by the Holders, with any information that is legitimately available;
  3. To consult and evaluate any information about the Holders that is stored in the databases of any credit, financial, judicial or security risk center legitimately constituted, of state or private, national or foreign nature;
  4. To carry out the activities corresponding to the purposes indicated in the previous section of this Personal Data Processing Policy and all those related to them;
  5. Share the studies carried out on the basis of the information collected with business partners and with those who establish commercial and/or legal relationship for the development of its corporate purpose. CLQ GROUP S.A.S. (CUADRO LEGAL), is committed to the proper handling of information provided by its customers, suppliers, employees and others who have a relationship with it. For this purpose, it shall ensure the preservation of the confidentiality of information of a confidential nature. In order to comply with the contractual obligations and service levels offered, CLQ GROUP S.A.S. (CUADRO LEGAL) may need to transmit personal data to a service operator to fulfill the purposes for which they were requested, such operator may be in-house or external, in which case it will have its respective process of protection of personal data, to ensure at all times the protection of personal data under the regulatory guidelines. The transfer of information is carried out based on confidentiality agreements through which the confidentiality of the information is protected and the due compliance with the present Policy and Manual for the Treatment of Personal Data and the respective data treatment policies of each of these entities that participate in this process, which may be verified directly on their corresponding web pages or in the media enabled for consultation. Prior to the processing of personal data, CLQ GROUP S.A.S. (CUADRO LEGAL) shall request the corresponding authorization from the Data Controllers in accordance with the provisions of this Personal Data Processing Policy, using for this purpose the authorization form or the tools designed to request, collect and keep the respective authorization for the processing of personal data. CLQ GROUP S.A.S. (CUADRO LEGAL) is obliged to provide personal data of the Information Holders to judicial or administrative entities and to control entities, upon request by them. Likewise, the personal data of the owners may be known due to external audit processes and by the statutory auditors, who have the legal obligation to maintain their confidentiality. The information collected by CLQ GROUP S.A.S. (CUADRO LEGAL) is kept for the time required to fulfill the purpose for which it was requested or for the time indicated by the special applicable regulations.

COLLECTION OF PERSONAL DATA

CLQ GROUP S.A.S. (CUADRO LEGAL), collects the personal data of the Data Controllers that are required for the development of its corporate purpose and gives them the necessary treatment to fulfill the purposes stated in this Policy for the Treatment of Personal Data. For the collection of personal data, CLQ GROUP S.A.S. (CUADRO LEGAL), will request the authorization of the owners of the information in accordance with the authorization form. The data controller, at the time of requesting the authorization to the data subject, shall clearly and expressly inform him/her of the following:

  1. The treatment to which your personal data will be subjected and the purpose of this.
  2. The optional nature of the response to the questions asked, when they deal with sensitive data or with the data of children and adolescents.
  3. The rights you have as Holder.
  4. The identification, physical or electronic address and telephone number of the data controller. The data controller shall keep proof of the authorization and of the information provided to obtain it. Likewise, a copy of the authorization must be given to the holder upon request. In order to keep the information in its databases up to date, CLQ GROUP S.A.S. (CUADRO LEGAL) may consult, complement and/or update personal data through databases managed by different operators in compliance with the applicable regulations.

PURPOSE OF THE PROCESSING OF PERSONAL DATA

The personal data of the holders of the Information will be collected, stored, processed, used, circulated, transferred, transmitted, shared and/or deleted, in accordance with the contractual link that has been established, in the following database and with the purpose indicated for it.

PURPOSES

This information is collected through physical, digital or virtual channels provided by CLQ GROUP S.A.S. (CUADRO LEGAL), and which is treated in accordance with the following purposes:

  1. Manage all the information necessary for the fulfillment of the obligations with the holders of the information, both marketers and clients.
  2. Issue the respective invoices or equivalent documents and make the respective collections in the necessary cases, both for customers and marketers.
  3. Comply with the company’s internal processes for customer and marketer management.
  4. Fulfill the contracts entered into with customers.
  5. The process of archiving, updating systems, protection and custody of information and databases of the web page.
  6. Processes within the company, for development or operational purposes and/or systems administration.
  7. The transmission of data to third parties with whom contracts have been entered into for this purpose, for commercial, administrative, marketing and/or operational purposes, including, but not limited to, the issuance of cards, personalized certificates and certifications to third parties, in accordance with the legal provisions in force.
  8. Maintain and process by computer or other means, any type of information related to the database record.
  9. Collect, share and distribute the information of potential customers with third parties, to offer information about products, promotions, discounts, changes and modifications in the products and services offered.
  10. Conduct studies on consumption habits of current and potential customers to offer personalized information on current and future products.
  11. This information may be used, analyzed, crossed, processed and transmitted, stored, sold, etc. with advertisers, collaborators, sponsors, suppliers and strategic and commercial allies of CLQ GROUP S.A.S. (LEGAL BOX).
  12. The other purposes determined by those responsible in processes of obtaining personal data for processing, which are communicated to the holders at the time of collection of personal data, in order to comply with legal and regulatory obligations, as well as company policies.

DATA ON CHILDREN AND ADOLESCENTS

CLQ GROUP S.A.S. (CUADRO LEGAL), will not process data of children and adolescents, in the extreme case that such information may enter the database the company will proceed in accordance with the provisions of the Statutory Law 1581 of 2012 and the Regulatory Decree 1377 of 2013 compiled in the Single Decree 1074 of 2015.

SENSITIVE DATA

The company will not process sensitive data. In the extreme case that such information may enter the database, the owner of the data will be informed that the answers to the questions asked about sensitive personal data are optional, so the owner of the information will always be able to provide or not the answer, in these cases the company will proceed in accordance with the provisions of the Statutory Law 1581 of 2012 and the Regulatory Decree 1377 of 2013 compiled in the Single Decree 1074 of 2015.

PRIVACY OFFICER.

CLQ GROUP S.A.S. (CUADRO LEGAL) will designate the ADMINISTRATION team of the company, who will be in charge of receiving and answering requests, complaints, claims and queries that the owners of the information have about the treatment of their information. Among the functions of the privacy officer are the following, although this is not an exhaustive list of their functions, which may increase in order to protect the rights of the owners of the information.

  1. Receive requests from the holders of personal data, process and respond to those that are based on the law or these policies, such as: requests to update personal data; requests to know the personal data; requests for deletion of personal data when the holder freely requests the deletion or when the holder submits a copy of the decision of the Superintendence of Industry and Commerce in accordance with the provisions of the law, requests for information on the use given to their personal data, requests to update personal data, requests for proof of the authorization granted, when it has proceeded according to the law.
  2. To respond to the holders of personal data on those requests that do not proceed in accordance with the law.
  3. To serve as a link between the regulatory organizations on issues related to privacy, confidentiality and security of information, in this case the Superintendence of Industry and Commerce.
  4. Conduct periodic assessments of compliance with privacy, confidentiality and security policies.
  5. Comply with the legal obligations that are dictated in the rules on the treatment of personal data, especially what is enshrined in Law 1581 of 2012 and its regulatory decrees.
  6. To orient the personnel on the subject of information treatment and privacy.
  7. Control and verify access to personal data handled by CLQ GROUP S.A.S. (LEGAL BOX).

RIGHTS OF THE OWNERS

The Data Subject has the following rights:

  1. To know, update and rectify their personal data before the data controllers. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized;
  2. Request proof of the authorization granted to CLQ GROUP S.A.S. (CUADRO LEGAL), except when expressly exempted as a requirement for treatment in accordance with the provisions of applicable law;
  3. Be informed by the data controller, upon request, regarding the use that has been made of their personal data;
  4. To file before the Superintendence of Industry and Commerce the complaints for the infringement of the applicable regulations;
  5. To revoke the authorization and/or request the deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees. The revocation and/or suppression will proceed when the Superintendence of Industry and Commerce has determined that the data controller has incurred in conducts contrary to the regulations in force. The request for deletion of the information and the revocation of the authorization will not proceed when the Data Subject has a legal or contractual duty to remain in the database. Treatment authorizations granted for purposes other than the execution of the contract or the legal or commercial relationship you have with CLQ GROUP S.A.S. (CUADRO LEGAL), may be revoked at any time;
  6. Access free of charge to your personal data that has been processed. The Data Subject may consult his or her personal data free of charge: (i) at least once in each calendar month and (ii) each time there are substantial modifications to the Information Processing Policies that motivate new consultations, being understood as substantial when the change refers to the purpose of the processing;
  7. The others provided for in Law 1266 of 2008 and Law 1581 of 2012 and the rules that modify, replace, develop and/or complement them.

PROCEDURE FOR THE EXERCISE OF THE RIGHTS OF THE HOLDERS OF THE INFORMATION

The procedures and rules for the exercise of the rights in favor of the Information Holders are described below. Channels and Timetables For the exercise of the rights to know, update, rectify and delete information, as well as to revoke the authorization, the Information Holders can make their requests through the e-mail info@cuadrolegal.com.

Authorized Persons: The rights of the Owners of the Information may be exercised by the following persons, accrediting the corresponding capacity:

  1. By the Holder, who must present an identity document.
  2. By their successors, who must present the identity document, civil registry of death of the Beneficiary, document that accredits the capacity in which they act and the number of the Beneficiary’s identity document.
  3. By the representative and/or attorney-in-fact of the Holder, who must present a valid identity document, a document proving the capacity in which he/she is acting (power of attorney) and the Holder’s identity document number.
  4. Applicants must attach the documents that accredit their condition to act before CLQ GROUP S.A.S. (LEGAL BOX)

CONSULTATION PROCEDURE

Inquiries will be answered within a maximum term of ten (10) business days from the date of filing. When it is not possible to attend a consultation within said term, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) working days following the expiration of the first term.

PROCESSING OF PETITIONS OR CLAIMS

The Data Subject or his assignees who consider that the information contained in the databases managed by CLQ GROUP S.A.S. (CUADRO LEGAL) should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the applicable law, may file a petition or complaint with the Data Controller, which shall be processed under the following rules:

  1. The claim shall be formulated by means of a request addressed to the Data Controller, with the identification of the Data Subject, the description of the facts that give rise to the claim, the address, and accompanied by the documents to be asserted. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, if the applicant does not submit the required information, it will be understood that the claim has been abandoned. In the event that the person who receives the claim is not competent to resolve it, he/she will transfer it to the corresponding person within a maximum term of two (2) business days and will inform the interested party of the situation.
  2. Once the completed claim has been received, a legend will be included in the database stating “claim in process” and the reason for the claim, within a term not exceeding two (2) business days. Such legend shall be maintained until the claim is decided.
  3. The maximum term to address the claim shall be fifteen (15) business days from the day following the date of its receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which the claim will be attended, which in no case may exceed eight (8) working days following the expiration of the first term. The maximum term to respond to a request or claim will be fifteen (15) business days from the day following the date of its receipt. When it is not possible to attend the request within said term, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the request will be attended, which in no case may exceed eight (8) working days following the expiration of the first term.

COMPLAINTS TO THE SUPERINTENDENCE OF INDUSTRY AND COMMERCE

The holder, assignee or attorney-in-fact must first exhaust the consultation or claim process before addressing the Superintendence of Industry and Commerce.

SECURITY MEASURES

CLQ GROUP S.A.S. (CUADRO LEGAL) has procedures and technological tools that allow a secure administration of the information collected and the operation of controls to verify compliance with this Policy and Manual of Treatment and Protection of Personal Data. Likewise, it has contingency plans aimed at maintaining the continuity of the operation and that allow it to manage situations that may jeopardize the information collected. In this regard it is pertinent to note that CLQ GROUP S.A.S. (CUADRO LEGAL), has reasonable security to prevent unauthorized access to their information systems, so that, without proper permission, third parties may not access the information provided, collected and stored by CLQ GROUP S.A.S. (CUADRO LEGAL) Only authorized persons may access the information in accordance with the provisions of this Processing Policy and protection of Personal Data.

The virtual databases managed by CLQ GROUP S.A.S. (CUADRO LEGAL), are stored on its own server where only authorized personnel have access and who have their own data processing and protection policies. The information can only be consulted by persons with assigned security passwords, which are given exclusively to those authorized in the responsible areas. Notwithstanding the foregoing, CLQ GROUP S.A.S. (CUADRO LEGAL) shall not be liable for computer attacks and, in general, for any action aimed at infringing the security measures established for the protection of personal data, by us or by third parties with whom we have the respective contractual relationship.

SECURITY MEASURES FOR DATA PROCESSED BY THE COMPANY.

  1. Measures to prevent improper access to or recovery of data that has been discarded, erased or destroyed.
  2. Restricted access to the location where the data is physically stored or to the servers where the data is digitally stored.
  3. Authorization of the person responsible for managing the databases for the output of documents or media by physical or electronic means.
  4. Labeling system or identification of the type of information.
  5. Inventory of supports.
  6. User access limited to the data necessary for the development of their functions.
  7. Updated list of authorized users and accesses.
  8. Mechanisms to prevent access to data with rights other than those authorized.
  9. Granting, alteration or cancellation of permits by authorized personnel.
  10. Incident log indicating the type of incident, time of occurrence, sender of the notification, recipient of the notification, effects and corrective measures.
  11. Incident notification and management procedure.
  12. Definition of the roles and obligations of users with access to the data.
  13. Definition of the control functions and authorizations delegated by the data controller.
  14. Dissemination among personnel of the rules and the consequences of non-compliance.
  15. Archiving of documentation following procedures that guarantee correct conservation, location and consultation, allowing the exercise of the rights of the owners.
  16. Storage devices with mechanisms to prevent access by unauthorized persons.
  17. Duty of care and custody of the person in charge of documents during their review or processing.
  18. Personalized identification of users to access information systems and verification of their authorization.
  19. Identification and authentication mechanisms such as passwords that require minimum parameters for their assignment and that have a periodic expiration that requires their change.
  20. Data access through secure networks.
  21. Ordinary audit, which may be internal or external periodically in order to comply with the obligations of personal data protection.
  22. Extraordinary audit due to substantial modifications in the information systems.
  23. Deficiency detection report and proposed corrections.
  24. Analysis and conclusions of the security officer and the data controller.
  25. Designation of one or more database administrators.
  26. Designation of one or more persons in charge of the control and coordination of the measures of the personal data processing policy.
  27. Prohibition of delegation of the controller’s responsibility to database administrators.
  28. Periodic compliance controls.
  29. Access only by authorized personnel
  30. Access identification mechanism.
  31. Logging of unauthorized user access.
  32. Destruction that prevents access to or recovery of data.
  33. File cabinets, lockers or other cabinets located in access areas protected by keys or other measures.
  34. Measures to prevent access to or manipulation of documents stored in physical form.
  35. Confidential labeling system.
  36. Data encryption mechanisms for transmission and storage.
  37. Access log indicating the time, database accessed, what type of access was presented and what information was accessed.
  38. Control of the access log by the security manager.
  39. Access and transmission of data through secure electronic networks.
  40. Data transmission through encrypted networks, where VPN systems can be used.

INCIDENT NOTIFICATION, MANAGEMENT AND RESPONSE PROCEDURE.

The company has an established procedure for the notification, management and response to incidents in order to guarantee the confidentiality, availability and integrity of the information contained in the databases under our responsibility.

The steps to be followed by the company are as follows:

  1. We are aware of the incident, which may consist of: loss, theft and/or unauthorized access, which affect or may affect the confidentiality, availability and integrity of the protected information of the company or any of the persons in charge. The area in charge of personal data protection must be informed immediately. The type of incident that occurred must be described in detail, indicating the persons who may have been involved in the incident, the date and time it occurred, the person notifying the incident, the person to whom it is communicated and the effects it has produced.
  2. Once the incident is reported, the area in charge of personal data protection will be asked to issue the receipt stating that the incident was reported with all the requirements indicated above.
  3. The area in charge will create a record of incidents that will contain the type of incident, date and time of the incident, person notifying the incident, person communicating the incident, effects generated by the incident and the corrective measures to be applied according to the case.
  4. When allowed, the procedure for data recovery must be implemented, stating and stating who executes the process, the data to be restored and, depending on the case, the data that had to be manually recorded during the recovery process.
  5. Under the obligation stipulated in Law 1581 of 2012, the company will proceed to inform the Superintendence of Industry and Commerce within 15 business days following the detection of the incident, this process will be carried out through the National Database Registry and following the guidelines established by the SIC in its guidelines.
  6. The company will communicate to the owners of the information that may have been affected by the incident, so that they can take the respective protection measures.
  7. After the respective study of the incident, the company will implement the corrections according to the incident presented.

VALIDITY AND MODIFICATIONS.

This version of the Personal Data Processing Policy will be published in the physical headquarters of CLQ GROUP S.A.S. (LEGAL BOX) . In order to inform the public about the processing policy and other persons who have any responsibility in the processing of personal data. CLQ GROUP S.A.S. (CUADRO LEGAL) reserves the right to modify this Personal Data Processing Policy at any time. Any change will be informed and published in a timely manner by sending the respective email to the owners of the information. CLQ GROUP S.A.S. (CUADRO LEGAL), is committed to the timely implementation of dissemination and training campaigns for the proper understanding and implementation of this Policy for the Treatment of Personal Data.

This is the first version which is effective as of July 8, 2022, for up to 10 years.

Scroll to Top