Privacy and Data Processing Policy
María Gracia (hereinafter, the "Controller" or "the company"), a company located in the city of Bucaramanga, with email erikasilva12@hotmail.com and telephone +57 3176382390, has adopted the following personal data protection policy, in compliance with Law 1581 of 2012 and Decrees 1377 of 2013 and 886 of 2014.
PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
The processing of personal data by the company is carried out under the following principles:
1.1. Principle of freedom: the processing of personal data carried out by the company has prior authorization expressed through any of the authorization mechanisms contemplated in Article 7 of Decree 1377 of 2013, i.e.: i) in writing, (ii) orally, or (iii) through unequivocal actions of the data subject that reasonably allow concluding that authorization was granted.
1.2. Principle of transparency: the Controller guarantees that the Data Subject has the right to obtain, at any time and without restrictions, information about the data being processed by the Controller that concerns the Data Subject.
1.3. Principle of restricted access and circulation: the processing carried out by the Controller is subject to the limits derived from the nature of the personal data, the provisions of Law 1581 of 2012, and the Constitution.
1.4. Principle of security: Personal data subject to processing by the Controller are collected, stored, used, and deleted using technical, human, and administrative measures necessary to provide security to the records and proportionate to the company's type of business.
1.5. Principle of confidentiality: Individuals involved in the processing of personal data collected by the company are obliged to guarantee the confidentiality of the information, even after their relationship with any of the data processing tasks has ended.
2. ACTIONS FOR THE PROCESSING OF PERSONAL DATA
María Gracia is a company dedicated to the sale of leather products in Colombia and the United States, through online sales.
In exercising its corporate purpose, the company collects, stores, uses, and deletes personal data.
María Gracia has two databases: a Customer Database and an Employee Database. The Customer Database comes from information provided by people who place orders on our website.
The data provided by customers include their name, address, telephone number, and any other information that is necessary and proportionate for the provision of the service offered by María Gracia.
The company María Gracia collects personal data of customers and employees through its home delivery order center (for customers) and through its human resources division (for employees), and will use them to: i) identify the data subject with whom it has a commercial or labor relationship; ii) provide restaurant service and contact the data subject to send information or products inherent to the nature of the commercial or contractual relationship; iii) contact the people that the Data Subject has included as contacts when necessary; iv) sporadically send promotions or information related to the nature of the commercial relationship it has with its customers; v) in general for any other activity that is inherent to the corporate purpose of María Gracia and the legal relationship it has with its customers and employees.
The company María Gracia complies with the duties established in Law 1581 of 2012, including the following:
2.1. Guarantees the Data Subject, at all times, the full and effective exercise of the right to habeas data.
2.2. Only collects, stores, uses, and deletes personal data that are relevant and adequate for the exercise of its corporate purpose.
2.3. Requests authorization from the data subject (i) in writing, (ii) orally, or (iii) through unequivocal actions of the data subject that reasonably allow concluding that authorization was granted. Data collection is carried out through transactional channels at the beginning of the legal relationship or through the company's human resources division.
2.4. The company María Gracia keeps the information under the necessary conditions to prevent its alteration, loss, consultation, unauthorized or fraudulent use or access.
To this end, the company María Gracia:
2.4.1. Uses computer equipment with software to store, use, and delete the personal data it collects, which can only be accessed by password managed by specifically assigned personnel within María Gracia.
2.4.2. Has designated personnel responsible for the processing of personal data in the company who have exclusive access to the passwords of the computer equipment where the personal data databases are stored. The administrative and systems area of the organization will be responsible for managing the personal data provided, and will handle all inquiries or claims that data subjects may have regarding them.
2.4.3. Updates the information in a timely manner, and adopts other necessary and reasonable measures for the information being processed.
2.4.4. Rectifies information when it is incorrect.
2.4.5. Processes inquiries and claims submitted to the organization in the terms set forth by Law 1581 of 2012. 2.4.6. In case of security code violations or risks in the administration of data subjects' information, it informs the competent Authority about such situation.
2.5. María Gracia guarantees the Data Subject the right to know, update, and rectify personal data being processed by the company.
POLICY FOR HANDLING INQUIRIES AND COMPLAINTS FOR GARCES BOTTIER
3.1. The company María Gracia guarantees Data Subjects or their assignees the right to consult the Data Subject's personal information held in any database processed by the company.
To this end:
3.1.1. It has enabled the email erikasilva12@gmail.com for Data Subjects to request from the company María Gracia a consultation of the information held in the databases of the company María Gracia, in the terms of Article 14 of Law 1582 of 2012. 3.1.2. It attends to information inquiries held in its databases within the legal term.
3.2. The company María Gracia guarantees the data subject who believes that the information contained in one of María Gracia's databases should be corrected, updated, or deleted, or when they notice an alleged breach of any of the duties contained in Law 1581 of 2012 and other concordant regulations, the right to submit a claim, which will be processed under the following rules:
3.2.1. The claim must be submitted by means of a request addressed to María Gracia, with the identification of the Data Subject, a description of the facts giving rise to the claim, the address, and accompanied by the documents intended to be asserted. This claim must be sent to the email erikasilva12@gmail.com. If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the deficiencies. If two (2) months pass from the date of the request without the applicant presenting the required information, it will be understood that the claim has been dropped.
3.2.2. Once the complete claim is received, it will be included in the database in the terms established by law.
3.2.3. The company María Gracia will address the claim within a maximum period of 15 business days counted from the day following the date of its receipt. This personal data protection policy of María Gracia, as well as the databases it manages, have an indefinite term. Any modification will be made and reported following the procedures established in Colombian laws on personal data protection.
1.2. Principle of transparency: the Controller guarantees that the Data Subject has the right to obtain, at any time and without restrictions, information about the data being processed by the Controller that concerns the Data Subject.
1.3. Principle of restricted access and circulation: the processing carried out by the Controller is subject to the limits derived from the nature of the personal data, the provisions of Law 1581 of 2012, and the Constitution.
1.4. Principle of security: Personal data subject to processing by the Controller are collected, stored, used, and deleted using technical, human, and administrative measures necessary to provide security to the records and proportionate to the company's type of business.
1.5. Principle of confidentiality: Individuals involved in the processing of personal data collected by the company are obliged to guarantee the confidentiality of the information, even after their relationship with any of the data processing tasks has ended.
2. ACTIONS FOR THE PROCESSING OF PERSONAL DATA
María Gracia is a company dedicated to the sale of leather products in Colombia and the United States, through online sales.
In exercising its corporate purpose, the company collects, stores, uses, and deletes personal data.
María Gracia has two databases: a Customer Database and an Employee Database. The Customer Database comes from information provided by people who place orders on our website.
The data provided by customers include their name, address, telephone number, and any other information that is necessary and proportionate for the provision of the service offered by María Gracia.
The company María Gracia collects personal data of customers and employees through its home delivery order center (for customers) and through its human resources division (for employees), and will use them to: i) identify the data subject with whom it has a commercial or labor relationship; ii) provide restaurant service and contact the data subject to send information or products inherent to the nature of the commercial or contractual relationship; iii) contact the people that the Data Subject has included as contacts when necessary; iv) sporadically send promotions or information related to the nature of the commercial relationship it has with its customers; v) in general for any other activity that is inherent to the corporate purpose of María Gracia and the legal relationship it has with its customers and employees.
The company María Gracia complies with the duties established in Law 1581 of 2012, including the following:
2.1. Guarantees the Data Subject, at all times, the full and effective exercise of the right to habeas data.
2.2. Only collects, stores, uses, and deletes personal data that are relevant and adequate for the exercise of its corporate purpose.
2.3. Requests authorization from the data subject (i) in writing, (ii) orally, or (iii) through unequivocal actions of the data subject that reasonably allow concluding that authorization was granted. Data collection is carried out through transactional channels at the beginning of the legal relationship or through the company's human resources division.
2.4. The company María Gracia keeps the information under the necessary conditions to prevent its alteration, loss, consultation, unauthorized or fraudulent use or access.
To this end, the company María Gracia:
2.4.1. Uses computer equipment with software to store, use, and delete the personal data it collects, which can only be accessed by password managed by specifically assigned personnel within María Gracia.
2.4.2. Has designated personnel responsible for the processing of personal data in the company who have exclusive access to the passwords of the computer equipment where the personal data databases are stored. The administrative and systems area of the organization will be responsible for managing the personal data provided, and will handle all inquiries or claims that data subjects may have regarding them.
2.4.3. Updates the information in a timely manner, and adopts other necessary and reasonable measures for the information being processed.
2.4.4. Rectifies information when it is incorrect.
2.4.5. Processes inquiries and claims submitted to the organization in the terms set forth by Law 1581 of 2012. 2.4.6. In case of security code violations or risks in the administration of data subjects' information, it informs the competent Authority about such situation.
2.5. María Gracia guarantees the Data Subject the right to know, update, and rectify personal data being processed by the company.
POLICY FOR HANDLING INQUIRIES AND COMPLAINTS FOR GARCES BOTTIER
3.1. The company María Gracia guarantees Data Subjects or their assignees the right to consult the Data Subject's personal information held in any database processed by the company.
To this end:
3.1.1. It has enabled the email erikasilva12@gmail.com for Data Subjects to request from the company María Gracia a consultation of the information held in the databases of the company María Gracia, in the terms of Article 14 of Law 1582 of 2012. 3.1.2. It attends to information inquiries held in its databases within the legal term.
3.2. The company María Gracia guarantees the data subject who believes that the information contained in one of María Gracia's databases should be corrected, updated, or deleted, or when they notice an alleged breach of any of the duties contained in Law 1581 of 2012 and other concordant regulations, the right to submit a claim, which will be processed under the following rules:
3.2.1. The claim must be submitted by means of a request addressed to María Gracia, with the identification of the Data Subject, a description of the facts giving rise to the claim, the address, and accompanied by the documents intended to be asserted. This claim must be sent to the email erikasilva12@gmail.com. If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the deficiencies. If two (2) months pass from the date of the request without the applicant presenting the required information, it will be understood that the claim has been dropped.
3.2.2. Once the complete claim is received, it will be included in the database in the terms established by law.
3.2.3. The company María Gracia will address the claim within a maximum period of 15 business days counted from the day following the date of its receipt. This personal data protection policy of María Gracia, as well as the databases it manages, have an indefinite term. Any modification will be made and reported following the procedures established in Colombian laws on personal data protection.