PRIVACY POLICIES
LEGAL BASIS AND SCOPE OF APPLICATION
The information processing policy is developed in compliance with Articles 15 and 20 of the Political Constitution; Articles 17, letter k), and 18, letter f), of Statutory Law 1581 of 2012, which establishes general provisions for the Protection of Personal Data (LEPD); Article 2.2.2.25.1.1, section 1, chapter 25 of Decree 1074 of 2015, which partially regulates Law 1581 of 2012 (Article 13 of Decree 1377 of 2013).
This policy will be applicable to all personal data registered in databases that are subject to processing by the data controller.
Scope
The present document applies to all personal data or any other type of information used or stored in the databases and files of HURBAN@ INNOVA S.A.S. It respects the criteria for obtaining, collecting, using, processing, sharing, transferring, and transmitting personal data, as well as establishing the responsibilities of HURBAN@ INNOVA S.A.S. and its employees in the handling and processing of personal data stored in their databases and files.
Applicable Regulations
Political Constitution of Colombia
Law 1581 of 2012
Decree 1074 of 2015 Chapter 25 and Chapter 26 compilation of the decrees:
Decree 1377 of 2013
Decree 886 of 2014
Circular 01 of November 08, 2016
DEFINITIONS
The following definitions are established in article 3 of the LEPD and article 2.2.2.25.1.3 section 1 Chapter 25 of decree 1074 of 2015 (Article 3 of decree 1377 of 2013).
Authorization
Prior, express and informed consent of the Owner to carry out the processing of personal data.
Database
Organized set of personal data that is subject to treatment.
Personal Data
Any information linked or that can be associated with one or several determined or determinable natural persons.
Public Data
It is the data that is not semi-private, private or sensitive. Public data is considered, among others, data related to the marital status of people, their profession or trade and their status as merchants or public servants. Due to its nature, public data may be contained, among others, in public registries, public documents, gazettes and official bulletins, duly executed judicial sentences that are not subject to confidentiality.
Semi-private data
It is one that does not have an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but to a certain sector or group of people or to society in general, such as: Databases that contain financial, credit information , commercial, service and from third countries.
Private Data
It is personal data that, due to its intimate or reserved nature, is only of interest to its owner and for its treatment requires their prior, informed and express authorization. Databases containing data such as telephone numbers and personal emails; labor data, on administrative or criminal offenses, administered by tax administrations, financial institutions and managing entities and common Social Security services, databases on financial solvency or credit, databases with sufficient information to evaluate the personality of the holder, databases of those responsible for operators that provide electronic communication services.
Sensitive Data
Sensitive data is understood to be those that affect the privacy of the Owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, of human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
Treatment Manager
Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the Data Controller.
Responsible for the Treatment
Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the treatment of the data.
Responsible for Managing the Databases
Collaborator in charge of controlling and coordinating the proper application of data processing policies once stored in a specific database; as well as to put into practice the guidelines issued by the Data Controller and the Data Protection Officer.
Data Protection Officer
It is the natural person who assumes the function of coordinating the implementation of the legal framework for the protection of personal data, which will process the requests of the Holders, for the exercise of the rights referred to in Law 1581 of 2012.
Headline
Natural person whose personal data is processed.
Treatment
Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
Notice of Privacy
Verbal or written communication generated by the Responsible, addressed to the Owner for the processing of their personal data, by which they are informed about the existence of the information processing policies that will be applicable to them, the way to access them and the purposes of the treatment that is intended to be given to personal data.
Transfer
The transfer of data takes place when the person in charge and/or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is the person in charge of the treatment and is located inside or outside the country. .
Transmission
Treatment of personal data that implies the communication of the same inside or outside the territory of the Republic of Colombia when its purpose is to carry out a treatment determined by the person in charge on behalf of the person in charge.
PRINCIPLES OF DATA PROTECTION
Article 4 of the LEPD establishes principles for the processing of personal data that must be applied, in a harmonious and comprehensive manner, in the development, interpretation and application of the Law. The legal principles of data protection are the following:
Principle of Legality
Data processing is a regulated activity that must be subject to the provisions of the LEPD, Decree 1377 of 2013 Compiled in Chapter 25 of Decree 1074 of 2015 and the other provisions that develop it.
Principle of Finality
The treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Owner.
Principle of Freedom
The treatment can only be exercised with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that reveals consent. The treatment of the data requires the prior and informed authorization of the Holder by any means that allows it to be consulted later.
Principle of veracity or quality
The information subject to treatment must be true, complete, exact, updated, verifiable and understandable. The processing of partial, incomplete, fractional or misleading data is prohibited.
Principle of Transparency
In the treatment, the right of the Holder to obtain from the person in charge of the treatment or the person in charge of the treatment, at any time and without restrictions, information about the existence of data that concerns him must be guaranteed. At the time of requesting authorization from the owner, the data controller must clearly and expressly inform him of the following, keeping proof of compliance with this duty:
The treatment to which your data will be submitted and the purpose thereof.
The optional nature of the Owner's response to the questions that are asked when they deal with sensitive data or data of children or adolescents.
The rights that assist you as Owner.
The identification, physical address, email and telephone number of the data controller.
Principle of restricted access and circulation
The treatment is subject to the limits that derive from the nature of the personal data, the provisions of the LEPD and the Constitution. In this sense, the treatment can only be done by persons authorized by the Owner and/or by the persons provided for in the Law. Personal data, except for public information, may not be available on the Internet and other means of dissemination or mass communication, unless the access is technically controllable to provide restricted knowledge only to the Owners or authorized third parties in accordance with the Law.
Safety Principle
The information subject to treatment by the person in charge of the treatment or in charge of the treatment must be handled with the technical, human and administrative measures that are necessary to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. The Data Controller is responsible for implementing the corresponding security measures and informing all personnel who have direct or indirect access to the data. Users who access the information systems of the Data Controller must know and comply with the regulations and security measures that correspond to their functions. These rules and security measures are included in the PL-02 Internal Security Policies, which are mandatory for all users and company personnel. Any modification of the rules and measures regarding the security of personal data by the data controller must be made known to the users.
Principle of confidentiality
All persons involved in the processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the treatment, and may only supply or communicate of personal data when it corresponds to the development of the activities authorized in the LEPD and in its terms.
AUTHORIZATION OF THE PROCESSING POLICY
According to article 9 of the LEPD, the prior and informed authorization of the Owner is required for the processing of personal data. By accepting this policy, any Owner who provides information regarding their personal data is consenting to the processing of their data by HURBAN@ INNOVA S.A.S. in the terms and conditions contained therein.
The authorization of the Holder will not be necessary in the case of:
Information required by a public or administrative entity in the exercise of its legal functions or by court order.
Data of a public nature.
Cases of medical or health urgency.
Treatment of information authorized by law for historical, statistical or scientific purposes.
Data related to the Civil Registry of people.
RESPONSIBLE FOR THE TREATMENT
The person responsible for the treatment of the databases object of this policy is HURBAN@ INNOVA S.A.S. , whose contact details are as follows:
Address: carrera 14 No 85-68 office 604
Email: hurban.col-@hurbanco.com
Telephone: (+57) 317 677 0224
TREATMENT AND PURPOSES OF THE DATABASES
HURBAN@ INNOVA S.A.S., in the development of its business activity, carries out the processing of personal data relating to natural persons that are contained and processed in databases for legitimate purposes, complying with the Constitution and the Law.
Annex 1 PL-01 called Organization of Databases, contains the information related to the different databases under the responsibility of the company and the purposes assigned to each of them for their treatment.
RIGHTS OF HOLDERS
In accordance with article 8 of the LEPD, article 2.2.2.25.4.1 section 4 chapter 25 of Decree 1074 of 2015 (Articles 21 and 22 of Decree 1377 of 2013), the Data Holders can exercise a series of rights in relation to to the processing of your personal data. These rights may be exercised by the following persons.
By the Owner, who must sufficiently prove their identity by the different means made available by the Responsible.
By their successors in title, who must prove such quality.
By the representative and/or attorney of the Holder, prior accreditation of the representation or empowerment.
By stipulation in favor of another and for another.
The rights of children or adolescents will be exercised by the persons who are empowered to represent them.
The rights of the Holder are the following:
Right of access or consultation
This is the right of the Owner to be informed by the person responsible for the treatment, upon request, regarding the origin, use and purpose that they have given to their personal data.
Rights of petition, complaints and claims
The Law distinguishes four types of claims:
Correction claim: It is the Owner's right to update, rectify or modify those partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is expressly prohibited or has not been authorized.
Deletion claim: It is the Owner's right to delete the data that is inadequate, excessive or that does not respect the principles, rights and constitutional and legal guarantees.
Revocation claim: It is the right of the Owner to revoke the authorization previously provided for the processing of their personal data.
Claim of infringement: It is the right of the Owner to request that the breach of the regulations on Data Protection be corrected.
Right to request proof of the authorization granted to the Data Controller
Except when expressly excepted as a requirement for treatment in accordance with the provisions of article 10 of the LEPD.
Right to file complaints for infractions with the Superintendence of Industry and Commerce
The Holder or successor in title may only submit the request (complaint) to the SIC - Superintendence of Industry and Commerce, once the consultation or claim procedure has been exhausted before the person in charge of the treatment or person in charge of the treatment.
REQUEST FOR AUTHORIZATION TO THE HOLDER OF PERSONAL DATA
In advance and/or at the time of collecting personal data, HURBAN@ INNOVA S.A.S. will request the Data Owner's authorization to carry out its collection and treatment, indicating the purpose for which the data is requested, using for these purposes automated technical means, written or oral, that allow proof of authorization and/or conduct to be preserved. unambiguous described in article 2.2.2.25.2.2. Section 2 of Chapter 25 of Decree 1074 of 2015 (Article 7 of Decree 1377 of 2013).
PROCESSING OF DATA OF MINORS
In accordance with article 7 of Law 1581 of 2012, the Processing of personal data of children and adolescents is prohibited, except as provided in article 2.2.2.25.2.9 section 2 of chapter 25 of Decree 1074 of 2015 ( Article 12 of Decree 1377 of 2013) and in compliance with the following parameters and requirements:
That responds to and respects the best interest of children and adolescents.
That the respect of their fundamental rights be ensured.
Once the above requirements have been met, HURBAN@ INNOVA S.A.S., will request the legal representative of the child or adolescent for prior authorization by the minor to exercise his or her right to be heard, an opinion that will be assessed taking into account maturity, autonomy and ability to understand the matter. . The person in charge and in charge involved in the treatment of the personal data of children and adolescents, must ensure their proper use, applying the principles and obligations established in Law 1581 of 2012 and regulatory norms.
ATTENTION TO DATA HOLDERS
The Data Protection Officer of HURBAN@ INNOVA S.A.S. will be in charge of the attention of requests, queries and claims before which the Owner of the data can exercise their rights. Telephone: (+57) 317 677 0224.
Email: hurban.col-@hurbanco.com
PROCEDURES TO EXERCISE THE RIGHTS OF THE HOLDER
Right of access or consultation
According to article 2.2.2.25.4.2. section 4 chapter 25 of Decree 1074 of 2015 (Article 21 of Decree 1377 of 2013), the Owner may consult their personal data free of charge in two cases:
At least once every calendar month.
Whenever there are substantial modifications to the information treatment policies that
prompt new inquiries.
For inquiries whose periodicity is greater than one per calendar month, HURBAN@ INNOVA S.A.S. You can only charge the Owner shipping, reproduction and, where appropriate, certification of documents. The reproduction costs may not be greater than the costs of recovery of the corresponding material. For this purpose, HURBAN@ INNOVA S.A.S. will demonstrate to the Superintendence of Industry and Commerce, when it so requires, the support of said expenses.
The Owner of the data can exercise the right of access or consultation of their data by writing to HURBAN@ INNOVA S.A.S. sent, by email to: hurban.col-@hurbanco.com indicating in the Subject "Exercise of the right of access or consultation", or by postal mail sent to carrera 14 No 85-68 office 604. The request must contain the Following data:
Name and surname of the principal.
Photocopy of the Holder's Citizenship Certificate and, where appropriate, of the person representing him, as well as the document accrediting such representation.
Petition in which the request for access or consultation is specified.
Address for notifications, date and signature of the applicant.
Supporting documents of the request made, when applicable.
The Holder may choose one of the following forms of consultation of the database to receive the requested information:
On screen display.
In writing, with a copy or photocopy sent by certified mail or not.
Email or other electronic means.
Another system adapted to the configuration of the database or the nature of the treatment, offered by HURBAN@ INNOVA S.A.S. .
Once the request is received, HURBAN@ INNOVA S.A.S. will resolve the consultation request within a maximum period of ten (10) business days from the date of receipt thereof. When it is not possible to respond to the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be addressed, which in no case may exceed five (5) business days following the expiration of the first term. These deadlines are set in article 14 of the LEPD.
Once the consultation process has been exhausted, the Owner or successor in title may file a complaint with the Superintendence of Industry and Commerce.
11.2. Rights of complaints and claims
The Owner of the data can exercise the rights of claim on their data by means of a letter addressed to HURBAN@ INNOVA S.A.S. sent, by email to hurban.col-@hurbanco.com indicating in the Subject "Exercise of the right of access or consultation", or by postal mail sent to carrera 14 No 85-68 office 604. The request must contain the following data:
Name and surname of the principal.
Photocopy of the Holder's Citizenship Certificate and, where appropriate, of the person representing him, as well as the document accrediting such representation.
Description of the facts and petition in which the request for correction, deletion, revocation or infringement is specified.
Address for notifications, date and signature of the applicant.
Documents accrediting the request made that you want to enforce, when appropriate.
If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
Once the complete claim is received, a legend that says "claim in process" and the reason for it will be included in the database, within a term of no more than two (2) business days. Said legend must be maintained until the claim is decided.
HURBAN@ INNOVA S.A.S., will resolve the consultation request within a maximum period of fifteen (15) business days from the date of receipt thereof. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
Once the claim process has been exhausted, the Holder or successor in title may file a complaint with the Superintendence of Industry and Commerce.
SECURITY MEASURES
HURBAN@ INNOVA S.A.S., in order to comply with the security principle enshrined in article 4 literal g) of the LEPD, has implemented the necessary technical, human and administrative measures to guarantee the security of the records avoiding their adulteration, loss, consultation unauthorized or fraudulent use or access.On the other hand, HURBAN@ INNOVA S.A.S., by signing the corresponding transmission contracts, has required those in charge of the treatment with whom it works to implement the necessary security measures to guarantee the security and confidentiality of the information in the treatment. of personal data.
Below are the security measures implemented by HURBAN@ INNOVA S.A.S. which are collected and developed in its PL-02 Internal Security Policies (Tables I, II, III and IV).
COOKIES OR WEB BUGS
This website uses cookies. Cookies on this website are used to personalize content and ads, provide social media features, and analyze traffic. In addition, it allows us to understand how you use our site in order to improve the features of our website and your experience.
If you do not wish to allow the use of cookies, you can allow or delegate them using the buttons established for this purpose. The existing ones can be deleted by configuring your browser (Internet Explorer, Firefox, Safari, Chrome, among others), and disabling the browser's Javascript code in the security settings.
Most web browsers allow you to manage your cookie preferences, however, you must take into account that if you choose to block them, it may affect or prevent the operation of the page. Likewise, one of the third-party services that can be used to follow the activity related to the service, for example, is Google Analytics, so if you do not want information to be obtained and used, you can install a rejection system ("opt-out") in your web browser, such as: tools.google.com/dlpage/gaoptout?hl=None.
PROCEDURE FOR NOTIFICATION, MANAGEMENT AND RESPONSE TO INCIDENTS
HURBAN @ INNOVA S.A.S. establishes an incident notification, management and response procedure in order to guarantee the confidentiality, availability and integrity of the information contained in the databases under its responsibility.
Users and those responsible for procedures, as well as any person who is related to the storage, treatment or consultation of the databases included in this document, must know the procedure to act in the event of an incident.
The procedure for notification, management and response to incidents is as follows:
When a person becomes aware of an incident (loss, theft and/or unauthorized access) that affects or may affect the confidentiality, availability and integrity of the protected information of the company or any of the Managers, they must immediately notify the Data Protection Officer, describing in detail the type of incident produced, and indicating the people who may have been related to the incident, the date and time it occurred, the person who notifies the incident, the person to whom communicates and the effects it has produced.
Once the incident has been communicated, you must request an acknowledgment of receipt from the Data Protection Officer stating the notification of the incident with all the requirements listed above.
HURBAN@ INNOVA S.A.S., creates a record of incidents that must contain: the type of incident (Internal or external Fraud, Damage to physical assets, Technological failures, Execution and administration of processes), date and time of the same, person who notifies it , person to whom it is communicated, effects of the incident and corrective measures when appropriate. This record is managed by the Data Protection Officer, refer to FR-16 Record of incidents and action plan.
Likewise, you must implement the procedures for data recovery when applicable, indicating who executes the process, the data restored and, if applicable, the data that has required manual recording in the recovery process.
Additionally, the Data Protection Officer must inform the Superintendence of Industry and Commerce, through the RNBD within 15 business days of being detected.
Finally, HURBAN@ INNOVA S.A.S., will notify the Holders of the incident, when it is identified that they may be significantly affected.
MANAGEMENT OF RISKS ASSOCIATED WITH DATA PROCESSING
HURBAN @ INNOVA S.A.S. has identified risks related to the processing of personal data and established controls in order to mitigate their causes, through the implementation of PL-02 Internal Security Policies. Therefore, it will establish a risk management system together with the tools, indicators and resources necessary for its administration, when the organizational structure, internal processes and procedures, the amount of database and types of personal data processed by the organization are considered who are exposed to frequent or high-impact events or situations that affect the proper provision of the service or attempt against the information of the owners.
The risk management system will determine the sources such as: technology, human resources, infrastructure and processes that require protection, their vulnerabilities and threats, in order to assess their level of risk. Therefore, to guarantee the protection of personal data, the type or group of internal and external persons, the different levels of access authorization will be taken into account. Likewise, the possibility of the occurrence of any type of event or action that may cause damage (material or immaterial), such as:
Criminality: Understood as actions, caused by human intervention, that violate the law and are penalized by it.
Events of physical origin: Understood as natural and technical events, as well as events indirectly caused by human intervention.
Negligence and institutional decisions: Understood as the actions, decisions or omissions by people who have power and influence over the system. At the same time, they are the least predictable threats because they are directly related to human behavior.
HURBAN@ INNOVA S.A.S., in the risk management system, will implement protection measures to avoid or minimize damage in case a threat materializes.
DELIVERY OF PERSONAL DATA TO THE AUTHORITIES
When a public or administrative entity in the exercise of its legal functions or by court order requests access to and/or delivery of Personal data contained in any of its databases to HURBAN@ INNOVA S.A.S., the legality of the information will be verified. request, the relevance of the data requested in relation to the purpose expressed by the authority, and the act of delivery of the requested personal information was signed, specifying the obligation to guarantee the rights of the Holder, both to the official making the request, to who receives it, as well as the requesting entity.
TRANSFER OF DATA TO THIRD COUNTRIES
In accordance with Title VIII of the LEPD, the transfer of personal data to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendence of Industry and Commerce on the matter, which in no case may be less than those that this law requires of its recipients.
This prohibition will not apply in the case of:
Information with respect to which the Holder has granted his express and unequivocal authorization for the transfer.
Exchange of medical data, when required by the treatment of the Holder for reasons of health or public hygiene.
Bank or stock transfers, in accordance with the legislation that is applicable to them.
Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
Transfers necessary for the execution of a contract between the Owner and the person responsible for the treatment, or for the execution of pre-contractual measures as long as the Owner's authorization is obtained.
Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial process.
It must be taken into account that, in cases not considered as an exception, it will correspond to the Superintendence of Industry and Commerce to issue the declaration of conformity regarding the international transfer of personal data.
International transmissions of personal data that are made between HURBAN@ INNOVA S.A.S., and a person in charge to allow the person in charge to carry out the treatment on behalf of the person in charge, will not require to be informed to the Holder or have his consent, as long as there is a transmission contract. of personal data."
PROCESSING OF BIOMETRIC DATA
The biometric data stored in the databases is collected and processed for strictly security reasons, to verify personal identity and perform access control for employees, customers and visitors. Biometric identification mechanisms capture, process and store information related to, among others, the physical features of people (fingerprints, voice recognition and facial features), in order to establish or "authenticate" the identity of each subject.
The administration of the biometric databases is executed with technical security measures that guarantee due compliance with the principles and obligations derived from the Statutory Law on Data Protection, also ensuring the confidentiality and reserve of the information of the holders.
NATIONAL REGISTRY OF DATABASES - RNBD
The term to register the databases in the RNBD will be legally established. Likewise, in accordance with article 12 of Decree 886 of 2014, the Data Controllers must register their databases in the National Registry of Databases on the date that the Superintendence of Industry and Commerce enables said registry, in accordance with the instructions issued by that entity for that purpose. The databases that are created after that period must be registered within the following two (2) months, counted from its creation.
SECURITY OF INFORMATION AND PERSONAL DATA
Compliance with the regulatory framework on Protection of Personal Data, the security, reserve and/or confidentiality of the information stored in the databases is of vital importance to HURBAN@ INNOVA S.A.S. For this reason, we have established information security policies, guidelines, procedures and standards, which may change at any time, adjusting to new regulations and needs of HURBAN@ INNOVA S.A.S., whose objective is to protect and preserve the integrity, confidentiality and availability of information and personal data.
Likewise, we guarantee that in the collection, storage, use and/or treatment, destruction or elimination of the information provided, we rely on technological security tools and implement security practices that include: transmission and storage of sensitive information through secure mechanisms , use of secure protocols, assurance of technological components, restriction of access to information to authorized personnel only, information backup, secure software development practices, among others.
If it is necessary to provide information to a third party due to the existence of a contractual relationship, we sign a transmission contract to guarantee the reserve and confidentiality of the information, as well as compliance with this Data Treatment Policy, the policies and information security manuals and protocols for attention to holders established in HURBAN@ INNOVA S.A.S. In any case, we adopt commitments for the protection, care, security and preservation of the confidentiality, integrity and privacy of the stored data.
DOCUMENT MANAGEMENT
Documents that contain personal data must be easily recoverable, which is why the place where each of the documents, both physical and digital, rests must be documented. Inspections of these storage routes must be carried out frequently, their conservation leaving defined in which support and under what conditions this conservation will be carried out, taking into account environmental conditions, storage places, risks to which they are exposed, among others, the retention time of the documents is determined according to the requirements legal if applicable, otherwise each organization defines it according to its needs, likewise it must be clear about the final disposition of the same, identifying if it is recycled, reused, conserved, digitized, among others.
The documents that have to do with the protection of personal data must be prepared by personnel or a competent entity for it, likewise the organization must be the one who reviews and approves all the documents and leaves it registered in the document approval box.
In order for them to be easily traceable, the documents must be coded, they will be updated and modified by the responsible personnel, this modification will be carried out whenever and when necessary, for the elimination of a document the justification for it must be described in the history which is located at the bottom of all documents.
Both physical and digital documents that contain personal data must be protected by external or internal agents that can alter their content, following the guidelines described in PL-02 Internal Security Policies.
The distribution of the documents that contain personal data will be carried out by the data controller, who will document the evidence of said distribution, where, among others, it is specified; the type of document and the identification of the person to whom the information was given.
A person responsible for guaranteeing the confidentiality of the personal data of the holders must be designated, this will be the one who will keep the documents, guarantee their physical and digital protection, avoid alterations of the information, likewise guarantee that the documents that leave their custody are identified. and easily traceable.
VALIDITY
This update of the Policy will be in force from 2023-04-14, the databases under the responsibility of HURBAN@ INNOVA S.A.S.-, will be processed for as long as is reasonable and necessary for the purpose for which the data is collected and in accordance with the authorization granted by the Owners of the personal data.