POLÍTICA DE TRATAMIENTO
DE DATOS
By this means, MALLA Y MONO S.A.S. establishes its Privacy Policy for the Treatment of Personal Data, which will be applied in compliance with Law 1581 of 2012 and its Regulatory Decree 1377 of 2013. This policy will define the mechanisms to guarantee, in an adequate and suitable manner, the treatment of personal data collected to date and in the future in their databases and in development of their contractual, labor and commercial activities, among others, in order to allow the Holders to exercise the right of Habeas Data.
This privacy policy is governed by the principles of legality, purpose, freedom, accuracy or quality, transparency, access and restricted circulation, security and confidentiality.
1. IDENTIFICATION
The following are the identification data of the entity in Charge of the Processing of Personal Data:
− Company name: MALLA Y MONO S.A.S.
− E-mail: contacto@nimblesnacks.co
2. LEGAL FRAMEWORK
This policy is governed by the following regulatory framework:
− Political Constitution
− Law 1266 of 2008
− Law 1581 of 2012
− Regulatory Decree 1727 of 2009
− Regulatory Decree 2952 of 2010
− Regulatory Decree 1377 of 2013
− Ruling of the Constitutional Court C – 1011 of 2008
− Ruling of the Constitutional Court C – 748 of 2011
3. GENERALITIES
MALLA Y MONO S.A.S. is committed to the protection of information of a personal, private and/or confidential nature, obtained within the legal development of its commercial activities.
In compliance with current regulations, this document is intended to establish the procedure of MALLA Y MONO S.A.S. for the protection of entrusted information, trying to limit the processing of personal data collected, which have been provided voluntarily by our clients, contractors, suppliers, employees, former employees, visitors and any person who has any type of relationship with the Company.
Personal, private or confidential information can be obtained by MALLA Y MONO S.A.S., through the following channels:
a) Commercial or professional relationship with the client, supplier or third parties related to the Company.
b) Employment relationship with employees and former employees.
c) Application to selection processes.
d) Attendance at training sessions, seminars, talks or courses.
e) Sending emails requesting or sending information.
f) Social networks and/or contact channels
g) Brand Events
It is made clear that at the time of supplying any type of personal information to MALLA Y MONO S.A.S., the Owner of the personal data accepts that said information is used in accordance with this policy, emphasizing that the Company will not use the data provided for different purposes those established in this document.
The use of personal data for a purpose other than that indicated in this Policy must be framed within the regulatory or jurisprudential exceptions that may apply or have the express authorization of the Holder. The exceptions to which a relationship is made will be defined in this Policy.
4. DEFINITIONS
4.1 Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data.
4.2 Privacy Notice: It is the verbal or written communication generated by the Responsible, addressed to the Holder for the Treatment of his personal data, through which he is informed about the existence of the information Treatment policies that will be applicable, how to access them and the purposes of the treatment that is intended to give personal data.
4.3 Database: Organized set of personal data subject to Processing.
4.4 Channels to exercise rights: These are the means of receiving and responding to requests, queries and claims that the Treatment Manager and the Treatment Responsible must make available to the Holders of the information.
4.5 Personal data: Any information linked to one or several natural persons, determined or determinable.
4.6 Public data: That which is not semi-private, private or sensitive. Public data is considered, among others, data related to the marital status of people, their profession or job and their quality as a merchant or public servant. Due to its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed judicial decisions that are not subject to reservation.
4.7 Sensitive data: These are those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social or human rights organizations, as well as data relating to health, sex life, and biometric data.
4.8 Manager: Who by himself, or in association with others, performs the processing of personal data on behalf of the responsible.
4.9 Habeas Data: It is a fundamental right that is enshrined in article 15 of the Political Constitution and allows all people to know, update and rectify the information that has been collected about them in data banks of public and private entities.
4.10 Principle of legality: The processing of personal data must be subject to what is established in the law and in the other provisions that develop it.
4.11 Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder.
4.12 Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization from the Holder, the law or a judge.
4.13 Principle of veracity or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited.
4.14 Principle of transparency: In the Treatment, the right of the Holder to obtain, at any time and without restrictions, information about the existence of data that concerns him must be guaranteed.
4.15 Principle of access and restricted circulation: Treatment depends on the nature of the personal data, the provisions of the law and the Constitution. The Treatment can only be done by persons authorized by the Holder and/or by the persons provided for by law. Personal data, except public information, may not be available on the Internet or other means of disclosure or mass communication, unless access is restricted to the Holders or third parties authorized by law.
4.16 Principle of security: The information subject to Treatment must be handled with all the technical and administrative measures necessary to provide security to the records, avoiding their modification, loss, or unauthorized and fraudulent use.
4.17 Principle of confidentiality: All persons involved in the Processing of personal data must guarantee the confidentiality of the information, even after their relationship with any of the tasks included in the Processing has ended. Personal data may only be supplied or communicated for the development of activities authorized by law.
4.18 Responsible: It is the one who by himself, or in association with others, makes decisions about the data and its treatment.
4.19 Holder: Natural person whose personal data is the object of the Treatment.
4.20 Treatment: Any operation on personal data, such as the collection, storage, use, circulation or deletion of them.
4.21 PQR: Request of the Holder or of the persons authorized by him or by the Law to correct, update or delete his personal data or to revoke the authorization.
4.22 Client: To whom the Company provides professional services through a business relationship.
4.23 Supplier: Who supplies goods or services to the Company through a commercial relationship.
4.24 Employee: Who provides personal services to the Company by virtue of an employment contract.
4.25 Third Party: Who, although has a commercial or training relationship with the Company, is not an Employee, Client or Supplier.
4.26 National Registry of Databases: It is the public directory of the databases subject to Treatment that operate in the country. It is administered by the Superintendency of Industry and Commerce and is freely accessible to citizens.
5. CONTENT OF THE DATABASES
MALLA Y MONO S.A.S. stores general information such as: full name, number and type of identification, gender and contact information (email, physical address, landline and mobile number). It also collects, stores, uses, circulates and deletes Personal Data of natural and legal persons with whom it has or has had a relationship, especially with clients, distributors, suppliers, creditors, debtors and workers. MALLA Y MONO S.A.S. may have data for the treatment of employee and contractor databases, and information on employment history and other sensitive data required by the nature of the contractual relationship. Sensitive information may be stored in these databases with the prior authorization of its Holder, in compliance with the provisions of articles 5 and 7 of Law 1581 of 2012.
User information provided through access to the website: nimblesnacks.co (hereinafter website) will be treated in accordance with the content of this data policy. From the moment users access the website, they authorize and accept an each and every one of the clauses contained in the TERMS AND CONDITIONS OF THE WEBSITE.
6. PURPOSES OF PERSONAL DATA
MALLA Y MONO S.A.S. collects and treats this information with the purpose of developing the activities of providing the services that the company offers, within the normal course of its business. For this reason, the contracts will be governed by the provisions of this Policy or will include a clause that regulates the Treatment of the information in it. The data obtained by MALLA Y MONO S.A.S. may eventually be shared with third parties, judicial or administrative authorities, to carry out quality reviews, carry out audits, supervision activities or as a reference for future business. In any case, the personal data of third parties whose Responsible is not MALLA Y MONO S.A.S., will be treated according to the purpose of the services provided or contracted, to comply with the commercial or legal relationship that has been established.
Similarly, MALLA Y MONO S.A.S. may carry out the treatment of the information of people with whom it has already ended its commercial relationship and with third parties related to the company, to send commercial information that may be of interest, such as invitations to events, sending newsletters, reports of the sector, publications or any other purpose included in the ordinary course of business of the Company.
Purpose of the Treatment of photos and videos. It is possible that people who enter the facilities of MALLA Y MONO S.A.S. or attend events are photographed or filmed. Said material may be used for the following purposes:
a) Maintain and guarantee the safety of the people and goods found in it. Eventually, the data may be transferred to expert private security companies in accordance with the rules that regulate said activity and/or the best market practices.
b) Preparation of material such as videos, brochures, reports of contracted services, POP material of an institutional nature, which may be presented or disseminated for purposes of loyalty, information and promotion.
Notwithstanding the foregoing, people who enter the facilities of MALLA Y MONO S.A.S. may not authorize their personal data to have the aforementioned treatment, for which they must fill out the form of non-authorization for the treatment of personal data established, with the guarantee that these will be destroyed, in accordance with the respective practices of the companies of private security or current regulations.
7. RIGHTS OF THE INFORMATION HOLDER
The Holders of the information and personal data processed will have the following rights to:
7.1.1. Right of access. Obtain all the information about your own personal data, the treatment applied to them, the purpose of the treatment, the location of the databases and the communications made about your information. They may also request proof of the authorization granted to MALLA Y MONO S.A.S.; MALLA Y MONO S.A.S. guarantees the Owner Holder free access to the information being processed.
7.1.2. Right to update. Update your personal data when they have had some variation.
7.1.3. Right of rectification. Rectify information that turns out to be inaccurate, incomplete or non-existent.
7.1.4. Right of cancellation. Cancel, at any time, your personal data when these are excessive, not pertinent or the treatment is contrary to the regulations.
7.1.5. Right to revoke consent. Revoke the authorization or request the deletion of the data, provided that the Superintendence of Industry and Commerce has determined that MALLA Y MONO S.A.S. has incurred in conduct contrary to the law and the Constitution.
7.1.6. Right to file complaints and claims or to take action. Submit to the Superintendency of Industry and Commerce complaints for violations of the provisions of the law.
Any of the rights indicated here may be exercised by the following persons:
1. The Holder.
2. The successors in title of the Holder.
3. The representative and/or proxy of the Holder.
4. Another person designated by the Holder.
8. NO NEED FOR AUTHORIZATION
In accordance with the applicable regulations, in the following cases the authorization of the Holder will not be required for the treatment or transmission of their personal data:
8.1. When the information is required by a public or administrative entity in the exercise of its legal functions or by court order.
8.2. When the information belongs to databases of a public nature.
8.3. In cases of medical or health emergency.
8.4. For historical, statistical or scientific purposes authorized by law.
8.5. When it corresponds to data related to the Civil Registry of Persons.
In these cases, although the authorization of the Holder is required, the other principles and legal provisions on the protection of personal data will apply.
9. OBLIGATIONS OF MALLA Y MONO S.A.S.
From this Policy, MALLA Y MONO S.A.S. the following is required:
9.1. Guarantee the Holder the full and effective exercise of the right of Habeas Data.
9.2. Inform the Holder of the information, the purpose of the collection and the rights of it. MALLA Y MONO S.A.S. undertakes to respect the security and privacy conditions of the information. For its part, the Holder of the information will guarantee that it is true, complete, accurate, updated, verifiable or understandable.
9.3. Prevent the adulteration, loss, consultation, use or unauthorized or fraudulent access to the information.
9.4. Request and keep copies of the authorizations granted by the Holder.
9.5. Perform the rectification or deletion of the data when applicable.
9.6. Update, within the following five (5) business days, the information reported by those responsible for the treatment.
9.7. Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information.
9.8. Process queries and claims made by the Holders about the information provided.
9.9. Refrain from circulating information that is being controversial by the Holder and whose blocking has been ordered by the Superintendence of Industry and Commerce or by another competent authority.
9.10. Allow access to information only to people who can have access to it.
9.11. Comply with the instructions or requirements issued by the Superintendence of Industry and Commerce.
9.12. Deliver personal data to the authorities when the legality of the request and the relevance of the requested data are verified. The delivery of the information will be documented, providing that it complies with all its attributes (authenticity, reliability and integrity), and warning of the duty to protect this data, the security measures and the risks of its misuse, to those who make the request and the recipient.
10. AREA RESPONSIBLE FOR THE DATA PROCESSING POLICY
Any request, complaint or claim related to the handling of personal data must be sent physically or electronically to the following contact information:
− Telephone: +57 304 5274 030
− E-mail: contacto@nimblesnacks.co
− Contact us form on the website
11. DATA PROTECTION TREATMENT PROCEDURE
Any request, complaint or claim related to the handling of personal information must be made in writing or by email and must contain at least the following information:
11.1. Identification of the Holder, where the right to the information is accredited, containing the following data:
a. Full name
b. Identification number, with a copy of it.
c. Address
d. Telephone
e. Email
11.2. Description of the facts giving rise to the claim.
11.3. Documentation that serves as proof of the facts.
If the claim is incomplete, the interested party will be required within the following five (5) business days to correct the faults. If the interested party does not appear within the month following the request, it will be understood that he has withdrawn the claim.
The term of response to the request by MALLA Y MONO S.A.S. is fifteen (15) business days from the day after receipt of the request, complaint or claim. When it is not possible to meet the request within the term, the interested party will be informed of the reasons for the delay and the date on which the response will be given.
12. SENSITIVE DATA
MALLA Y MONO S.A.S. suggests not providing sensitive data to the company, unless the Holder considers that it is necessary to do so for the purpose of carrying out the activities carried out with the company.
We request that in the event that any person sends sensitive data to the Company through any channel, they be sent with the proper treatment authorization, for the legitimate purposes of the business and the purposes established in this document.
MALLA Y MONO S.A.S. will receive information classified as sensitive data only in the following events:
12.1. When the Holders give their authorization expressly and prior to or at the time of data collection.
12.2. When the Processing of the data is necessary to safeguard a vital interest of the Holder, with the prior authorization of whoever exercises the legal representation of the Holder.
12.3. When the Treatment is carried out in the course of legitimate activities and with due guarantees. These data may not be supplied to third parties without the prior authorization of the Owner.
12.4. When the data is necessary for the recognition, exercise or defense of a right in a judicial process.
12.5. When it has a historical, statistical or scientific purpose, for which all measures leading to the elimination of the identity of the Holders must be taken.
13. PROCESSING OF PERSONAL DATA OF MINORS
According to the Code of Childhood and Adolescence, MALLA Y MONO S.A.S. will process the data of minors, taking into account that the rights of children and adolescents prevail over others. The treatment of this data will be carried out only when it has the express authorization of its legal representatives and in compliance with the requirements demanded by law. The opinions of minors will be taken into account when making use of their personal data.
14. INTERNATIONAL DATA TRANSFER
In the event that international data transfer is required, MALLA Y MONO S.A.S. undertakes not to transfer data to third countries that do not comply with the personal data protection standards required by the Superintendence of Industry and Commerce, with the following exceptions:
14.1. If the Holder granted his express and unequivocal authorization for the transfer.
14.2. For reasons of health or public hygiene.
14.3. Bank or stock transfers, in the event that MALLA Y MONO S.A.S. carry out this type of transaction.
14.4. Transfers that enter into international treaties to which Colombia is a party, based on the principle of reciprocity.
14.5. Necessary transfers for a contract between the Holder and the Treatment Manager, as long as there is authorization from the Holder.
14.6. Transfers in favor of the public interest, or for the recognition, exercise or defense of a right in a judicial process.
15. SECURITY
MALLA Y MONO S.A.S. undertakes to adopt and abide by the guidelines issued by the Superintendence of Industry and Commerce regarding all issues related to the security of personal data obtained. MALLA Y MONO S.A.S. will make its best efforts to improve the security standards that protect the personal information collected.
16. PROHIBITIONS
16.1. MALLA Y MONO S.A.S. prohibits the access, use, management, assignment, communication, storage and any other processing of personal data of a sensitive nature without the authorization of the Owner Holder of the personal data and the Company.
16.2. MALLA Y MONO S.A.S. prohibits the recipients of this personal data processing policy from the behaviors described in the computer data law 1273 of 2009. Unless they have the authorization of the Owner of the data and/or the Company, as the case may be.
17. ROLES AND RESPONSIBILITIES
All members of MALLA Y MONO S.A.S. share responsibility for the proper processing of personal data. Within each area that handles personal data, the rules and procedures for compliance with the Manual will be adopted. In case of doubt, refer to the email contacto@nimblesnacks.co to process the request.
18. PERIOD OF PERSONAL DATA
The permanence of the data will be determined by the purpose of said treatment. Having exhausted the purpose for which the data was collected, MALLA Y MONO S.A.S. will proceed to its destruction or return or to preserve them according to the case, adopting technical measures that prevent an inappropriate treatment.
19. COOKIES
Cookies are pieces of information sent by websites and stored in your browser, with the purpose of giving you a better browsing experience on our websites and improving our services. It is important to clarify that even when the user does not accept cookies, some of the information, anonymously, may be collected by the automatic databases of the website.
20. DATA POLICY VALIDITY
Any modification to this policy will be made at the discretion of MALLA Y MONO S.A.S., under the applicable regulatory parameters. The information that is collected by MALLA Y MONO S.A.S. will be held indefinitely as long as its purpose is developed and as long as it is necessary to ensure compliance with legal, labor and accounting obligations. The Holder has the right to request its removal, as long as it does not go against the obligations of MALLA Y MONO S.A.S. MALLA Y MONO S.A.S. may modify this Policy for the Treatment of Personal Data at the time it deems necessary, in accordance with the regulatory changes made regarding this matter. All updates must be registered at the end of the document for publicity purposes to third parties. MALLA Y MONO S.A.S. recommends and requests its clients, suppliers, consultants, users and indeed all persons who have or wish to have any relationship with the Company to periodically review this Policy and thus remain informed about the mechanisms of data protection that the company executes the protection of personal information.
21. VALIDITY
This policy is effective as of its publication.
22. UPDATES
Version 1:10 November 2022 (2022)