Privacy Policy

I. PURPOSE.

This policy is issued in compliance with Law 1581 of 2012 and the Sole Regulatory Decree 1074 of 2015 and its modifications, on the personal data protection regime and seeks to guarantee that MICROLINK SAS, in the capacity of Responsible for handling personal data, carry out the Treatment of the same in strict compliance with the applicable regulations, also guaranteeing the rights of the Owners of the data.

II. DEFINITIONS.

For the purposes of this policy, the words that begin in capital letters will have the same meanings assigned in article 4 of Law 1581 of 2012 or article 2.2.2.25.1.3. of the Sole Regulatory Decree 1074 of 2015.

III. RESPONSIBLE.

Denomination: MICROLINK SAS

Address: Medellin highway km. 2.5 Port Savannah 80 Cellar 8

City: Cota, Cundinamarca

Email: habeasdata@microlink.com.co

Telephone: (57) (1) 314 7240

Responsible Area: Office for the Protection and Processing of Personal Data, directed by the Data Protection Officer.

IV. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA.

In the development, interpretation and application of this policy, the following principles will be applied, harmoniously and comprehensively:

1.    Principle of legality regarding data processing: The Treatment referred to in this policy is a regulated activity that must be subject to the provisions of the Law and the other provisions that develop it;

2.    Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder;

3.    Principle of freedom: The Treatment can only be exercised with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent;

4.    Principle of veracity or quality: The information subject to Processing must be truthful, complete, exact, up-to-date, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited;

5.    Transparency principle: In the Treatment, the right of the Holder to obtain from the Treatment Manager or the Treatment Manager, at any time and without restrictions, information about the existence of data that concerns him must be guaranteed;

6.    Principle of restricted access and circulation: The Treatment is subject to the limits derived from the nature of the personal data, the provisions of the Law and the Constitution. In this sense, the Treatment can only be done by persons authorized by the Owner and/or by the persons provided for in the Law;

Personal data, except for public information, may not be available on the Internet or other means of disclosure or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties in accordance with the Law;

7.    Safety principle: The information subject to Treatment by the Person Responsible for Treatment or Person in Charge of Treatment, must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. ;

8.    Confidentiality principle: All persons involved in the Processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that the Processing comprises, and may only supply or communicate of personal data when this corresponds to the development of activities authorized by law.

V. TREATMENT TO WHICH THE DATA AND PURPOSES OF THE SAME WILL BE SUBJECTED.

In the development of its activities, MICROLINK SAS performs the processing of personal data of customers, affiliates, employees, officers, suppliers; treatment that it executes directly, through its employees, officials or by contractors or agents in charge of it.

Likewise, it shares the data with third parties located in Colombia and abroad with whom a Contract for the Transfer and/or Transmission of Personal Data is celebrated, as appropriate, with the purpose of maintaining the security and protection of the data in accordance with the rules and applicable standards. In any case, MICROLINK SAS will require the Treatment Manager at all times to respect the security and privacy conditions of the Holder's information.

If there is a sale, merger, spin-off, consolidation, change in corporate control, substantial asset transfer or global asset transfer, reorganization or liquidation of MICROLINK SAS, then MICROLINK SAS may discretionally and under any title, transfer, transmit, sell or assign the personal data collected, to any third party or to one or more relevant parties. In accordance with these policies, the holders of personal data grant their express and unequivocal authorization for the transfer, transmission, sale or assignment of each and every one of their personal data to any person located in Colombia and/or abroad.

MICROLINK SAS has the obligation to maintain the confidentiality of the personal data subject to Treatment and may only disclose them at the express request of the surveillance and control entities and authorities that have the legal power to request it and will allow at all times and free of charge to know, update and correct the personal information of the Holder in accordance with article 8 of Law 1581 of 2012.

In development of the principle of purpose, the collection of personal data by MICROLINK SAS is limited to those personal data that are relevant and adequate to fulfill the purposes expressed in this policy. Except in the cases expressly provided for in the Law, personal data may not be collected without the authorization of the Owner.

Data processing includes the collection, storage, administration, use, transfer, transmission and destruction, in the manner permitted by law and is carried out with the following specific purposes:

1. Offer, promote, sell and/or supply by any means, products and services of MICROLINK SAS, or of companies that have any legal relationship with MICROLINK SAS

2. Maintain constant and effective communication with customers, affiliates, employees, officers, suppliers, and any person with respect to whom we are authorized to process their personal data.

3. Catalog and relate the personal data of the Holder with other data received or collected.

4. Invite to events organized by MICROLINK SAS, related companies and third parties.

5. Develop joint commercial activities with related or allied companies or entities.

6. Maintain information on petitions, complaints and claims presented by the Holders.

7. Carry out statistical, demographic and market analyses.

8. Prepare studies and publications of an academic and journalistic nature related to the activities of MICROLINK SAS and the market it serves.

9. Comply with the obligations that MICROLINK SAS is in charge of.

10. Any other purpose that corresponds according to the link generated between the Owners of the data and the company.

SAW. TREATMENT OF PERSONAL DATA OF CHILDREN AND ADOLESCENTS.

MICROLINK SAS does not process the data of children and adolescents. In any case, if eventually to fulfill any of the purposes of the processing of personal data enshrined in this policy, the Processing of such data is necessary, In compliance with article 7 of Law 1581 of 2012 and article 2.2.2.25.2.9 of Sole Regulatory Decree 1074 of 2015, the Treatment of personal data of children and adolescents will only be carried out, within the framework of the purposes indicated above, in the case of data of a public nature or when said Treatment complies with the following parameters and requirements:

1.    That responds and respects the best interests of children and adolescents.

2.    To ensure respect for their fundamental rights.

3.    The authorization for the processing of personal data of children and adolescents must be granted by one of their legal representatives.

The legal representative will guarantee the exercise of the minor's right to be heard prior to granting the authorization and will assess the minor's opinion taking into account their maturity, autonomy and ability to understand the matter.

For the effect, MICROLINK SAS, its employees, officers and managers will take into account that the processing of personal data of minors must respond to their best interests and that respect for their fundamental rights must be ensured.

The person in charge and the person in charge of processing the personal data of the child or adolescent will ensure the proper use of the data and will apply the principles and obligations enshrined in Law 1581 of 2012 and the Single Regulatory Decree.

VII. SENSITIVE DATA PROCESSING

In accordance with the provisions of article 5 of Law 1581 of 2012, they are sensitive data "those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data.”

None of the data that will be processed has the character of sensitive data.

In any case, if eventually to fulfill any of the purposes of the treatment of personal data enshrined in this policy, the collection of sensitive data becomes necessary, the person in charge of the collection will inform the Holder about the optional nature of the answers and The processing of said data will only be carried out when the Holder has given his explicit authorization.

The Holder is not obliged to provide sensitive data, consequently, any response to questions regarding sensitive data will be optional.

none employee, official or person in charge of the Responsible or Responsible for Treatment is authorized to require the Holder to reveal sensitive data of his or third parties.

VII. RIGHTS OF THE HOLDERS.

The Owners of the personal data or their assignees have the following rights:

1. Receive information about: (i) the treatment to which your personal data will be subjected and its purpose, (ii) the optional nature of the answers to the questions that deal with sensitive data, and (iii) the rights that you attend as the owner, (iv) the identification, physical or electronic address and telephone number of the Treatment Manager. 

2. Obtain, from the Person in Charge or Person in Charge of the Treatment, at any time and without restrictions, information about the existence of data that concerns you.

3. Be informed by the person in charge or in charge of the treatment, upon request, regarding the use that has been given to their personal data.

4. Request proof of the authorization granted to the Treatment Manager except when expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012.

5. That your personal data is not disclosed without prior authorization, unless there is a legal or judicial mandate that relieves said consent or that the disclosure or transfer of the data has been expressly authorized in accordance with the Law.

6. Receive free of charge all the information contained in the individual record or that is linked to the identification of the Holder, through the channels that the Responsible or Person in Charge of the Treatment has arranged for this purpose and within the legal limits.

7. Access your personal data and exercise your rights over them through the mechanisms that the Responsible or Person in Charge of the Treatment has for this purpose within the legal limits.

8. Check your personal data free of charge: (i) at least once every calendar month, and (ii) every time there are substantial changes to the information processing policies; all through the mechanisms that the Responsible or Person in Charge of the Treatment has for this purpose.

9. Receive a response to all queries you make about your personal data within the legal deadlines.

10. Receive a response to all claims you make about your personal data within the legal deadlines.

11. Request the update and/or rectification of your personal data to the Person in Charge or Person in Charge of the Treatment.

12. Revoke the authorization and/or request the deletion of your personal data, through the PQR procedures provided for this purpose by the Person Responsible or Person in Charge of the Treatment. The Owner may not revoke the authorization and/or request the deletion of their personal data when they have a legal or contractual duty to remain in the database.

13. Be informed about any substantial change, referring to the identification of the Responsible Party or the purpose of the Treatment, in the content of the Treatment policies, before or at the latest when implementing the new policies.

14. Submit complaints to the competent authorities for violations of the Law.

VII. PROCEDURE FOR THE EXERCISE OF RIGHTS BY HOLDERS.

Holders of personal data must address their requests or claims by filling out the Request and Claim Form on the Treatment of Personal Data and sending it to the email address habeasdata@microlink.com.co or to our office located at Autopista Medellín km. 2.5 Portos Sabana 80 Warehouse 8, in the municipality of Cota, Cundinamarca.

The requests, queries or claims of the Holders will be resolved in accordance with the following procedures:

1.    Procedure for requests and queries: MICROLINK SAS must respond to requests and queries within ten (10) business days from the date the request is received. When it is not possible to comply with this time, the interested party must be informed, stating the reasons for the delay and the date on which their request or query will be addressed within a term not exceeding five (5) business days following the expiration of the first term.

2.    Procedure in case of complaints: The Owner or successor in title who considers that the information contained in a database should be subject to correction, updating or deletion, or when he notices the alleged breach of any of the duties contained in the law or in this Policy, may submit a claim to MICROLINK SAS, which will be processed under the following rules:

a. The claim will be made through a request addressed to the Office for the Protection and Treatment of Personal Data, to the physical address or email habeasdata@microlink.com.co with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents that you want to assert. If the claim is incomplete, the interested party will be required within five (5) days after receiving it to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

b. Once the complete claim is received, a legend will be included in the database that says "claim in process" and the reason for it, in a term not exceeding two (2) business days. Said legend must be kept until the claim is decided.

c. The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.

3.    Procedure for the revocation of the authorization and/or request for deletion of the data: The Holders may at any time request MICROLINK SAS the deletion of their personal data and/or revoke the authorization granted for their Treatment, by submitting a claim, in accordance with the provisions of article 15 of Law 1581 of 2012, article 2.2.2.25.2.6 of Decree 1074 of 2015 and the Procedure indicated in this Policy.

If the respective legal term has expired, MICROLINK SAS has not eliminated the personal data, the Owner shall have the right to request the Superintendency of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal data.

However, in accordance with articles 2.2.2.25.2.6 and 2.2.2.25.2.8 of Decree 1074 of 2015, the request to suppress the information and the revocation of the authorization will not proceed when the Holder has a legal or contractual duty to stay in the database.

X. TEMPORARY LIMITATIONS ON THE PROCESSING OF PERSONAL DATA.

MICROLINK SAS may only collect, store, use or circulate personal data for as long as is reasonable and necessary, in accordance with the purposes that justified the treatment, in accordance with the provisions applicable to the matter in question and administrative aspects, accounting, tax, legal and historical information.

Once the purpose or purposes of the Treatment have been fulfilled, MICROLINK SAS or the Treatment Manager, as appropriate, will proceed to delete the personal data in their possession. However, personal data must be kept when required to comply with a legal or contractual obligation.

XI. PERSONAL DATA PROCESSING AUTHORIZATION.

I declare that I have read the Manual of Policies for the Protection and Treatment of Personal Data and Attention to Requests, Queries and Claims.

Consequently, I grant my express authorization to MICROLINK SAS for the processing of my personal data, among others, name, identification number, image, telephone, email and address, within the purposes communicated in this Manual of Policies for the Protection and Treatment of Personal Data.

Likewise, I grant express authorization to MICROLINK SAS for the local or international transfer and transmission of my personal data.

In order to allow MICROLINK SAS the effective protection of my rights as Data Owner, I expressly authorize MICROLINK SAS so that, on my behalf and on my behalf, request the deletion of my personal data from third parties who have entered into data transfer contracts. personal data with MICROLINK SAS

I grant express authorization to MICROLINK SAS so that, at its discretion and under any title, it transfers, transmits, sells or assigns the personal data collected, to any third party linked to MICROLINK SAS, or to one or more relevant parties in the event that there is a sale, merger , spin-off, consolidation, business integration, change in corporate control, substantial asset transfer or global asset transfer, reorganization or liquidation.

XII. VALIDITIES AND MODIFICATIONS.

The validity period of the database will be indefinite.

This policy was updated on January 17, 2020.

In the event of substantial changes in the content of these policies, referring to the identification of the Responsible Party and the purpose of the Treatment, which could affect the content of the authorization, MICROLINK SAS will communicate these changes to the Owner by any means it deems appropriate, except take time to implement the new policies.