Data privacy policy | Fluid Attacks Help

Data privacy policy

Goal

Law 1581 of 2012, “By which general provisions are issued for the protection of personal data”, aims to develop the constitutional right that all people have to know, update and rectify the information that has been collected about them on bases. of data or files, and the other rights, freedoms and constitutional guarantees referred to in article 15 of the Political Constitution; as well as the right to information enshrined in article 20 of the same. 
FLUIDSIGNAL GROUP S.A.S., certifies the protection of rights such as Habeas Data, privacy, intimacy, good name, image and autonomy, for this purpose all actions will be governed by principles of good faith, legality, computer self-determination, freedom and transparency. 
FLUIDSIGNAL GROUP S.A.S. will keep in mind, at all times, that the personal data are the property of the people to whom they refer and that only they can decide about them. 
FLUIDSIGNAL GROUP S.A.S., will guarantee the right of access when, after accreditation of the identity of the owner, making the respective personal data available to the owner free of charge. Said access must be offered without any limit and must allow the owner the possibility of knowing and updating them.

Guiding Principles of the Personal Data Processing Policy

The following specific principles will apply to the processing of personal data:
  1. Principle of legality: The current provisions for the processing of personal data and other fundamental rights will be applied.
  2. Security principle: Personal data will be protected to the extent that technical resources allow, avoiding adulteration, loss, consultation, and in general against any unauthorized use.
  3. Principle of confidentiality: All people who administer, manage, or have access to information found in Databases undertake to keep all personal information received in the exercise of their duties strictly confidential. People who currently work or are linked in the future for this purpose, in the administration and management of databases, must sign an additional agreement to their employment or service provision contract for the purposes of ensuring commitment. This obligation persists and is maintained even after its relationship with any of the tasks included in the Treatment has ended.
  4. Principle of freedom: Data processing can only be carried out with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal, statutory, or judicial mandate.
  5. Principle of truthfulness: The information must be true, complete, accurate, up-to-date, verifiable and understandable.
  6. Principle of transparency: The processing of personal data must guarantee the right of the Owner to obtain information about the existence of any type of information or data of theirs that is of interest to them.
  7. Purpose principle: Data processing will serve a legitimate purpose, which must be informed to the respective owner of the personal data.
  8. Principle of restricted access and circulation: Personal data, except public information, may not be available on the Internet or other means of mass dissemination, unless access is technically controllable.
The principles on data protection will be applicable to all databases, including those excepted in this article, with the limits provided in this law and without conflicting with data that have characteristics of being covered by legal reserve. In the event that the special regulations that regulate the excepted databases provide for principles that take into consideration the special nature of the data, they will apply concurrently to those provided for in this law.

Definitions

  1. Authorization: Prior, express and informed consent of the owner to carry out the Processing of personal data.
  2. Database: Organized set of personal data that is subject to Processing.
  3. Personal data: Any information linked or that can be associated with one or several specific or determinable natural persons.
  4. Sensitive data: Those that affect the privacy of the owner, such as: racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights, data related to health, sexual life and biometric data.
  5. Data processor: Natural or legal person who processes personal data on behalf of the data controller.
  6. National Registry of Databases (RNBD): It is the public directory of databases subject to processing that operate in the country, it is administered by the Superintendence of Industry and Commerce and will be freely consulted by users and citizens.
  7. Data controller: Natural or legal person who decides on the database and/or the processing of data.
  8. Owner: Natural person whose personal data is processed.
  9. Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

Scope of application

Databases containing personal data whose automated or manual processing is carried out by natural or legal persons, public or private in nature, in Colombian territory or outside of it, will be subject to registration in the National Registry of Databases. This last case, provided that Colombian legislation is applicable to the Data Controller or Data Processor by virtue of international standards and treaties. The foregoing without prejudice to the exceptions provided for in article 2 of Law 1581 of 2012.

Exception to the regulatory framework

The personal data protection regime established in this law will not apply:
  1. To databases or files maintained in an exclusively personal or domestic environment. When these databases or files are going to be provided to third parties, the Owner must be informed in advance and his authorization must be requested. In this case, those responsible and in charge of the databases and files will be subject to the provisions contained in this law.
  2. To databases and files whose purpose is national security and defense, as well as the prevention, detection, monitoring and control of money laundering and the financing of terrorism.
  3. To Databases whose purpose is and contain intelligence and counterintelligence information.
  4. To databases and archives of journalistic information and other editorial content.
  5. To the databases and files regulated by Law 1266 of 2008.
  6. To the databases and files regulated by Law 79 of 1993.

The Data Controller and Data Processor for Personal Data Processing

NAME: FLUIDSIGNAL GROUP S.A.S.
ADDRESS: Medellín, Career direction. 43 No. 9 South - 195 Office 736 Square Building
PHONE RESPONSIBLE: (604) - 4442637

Enrollment in the National Database Registry

FLUIDSIGNAL GROUP S.A.S. must register in the National Registry of Databases, independently, each of the databases that contain personal data subject to processing.

Duties of Data Controllers:

The Data Controllers must comply with the following duties, without prejudice to the other provisions provided for in this law and in others that govern their activity:
  1. Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data.
  2. Request and keep, under the conditions provided in this law, a copy of the respective authorization granted by the Owner.
  3. Duly inform the Owner about the purpose of the collection and the rights granted to him by virtue of the authorization granted.
  4. Maintain the information under the security conditions necessary to prevent its adulteration, loss, unauthorized or fraudulent consultation, use or access.
  5. Guarantee that the information provided to the Data Processor is true, complete, accurate, updated, verifiable and understandable.
  6. Update the information, communicating in a timely manner to the Data Processor, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it remains updated.
  7. Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor.
  8. Provide the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of this law.
  9. Demand that the Data Processor at all times respect the security and privacy conditions of the Owner's information.
  10. Process queries and claims made in the terms indicated in this law.
  11. Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and, especially, to respond to queries and complaints.
  12. Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been submitted and the respective procedure has not been completed.
  13. Inform at the request of the Owner about the use given to his data.
  14. Inform the data protection authority when violations of security codes occur and there are risks in the administration of the Owners' information.
  15. Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

Collection of personal data

In development of the principles of purpose and freedom, data collection must be limited to those personal data that are relevant and appropriate for the purpose for which they are collected or required in accordance with current regulations. Except in cases expressly provided for by law, personal data may not be collected without authorization from the Owner.
At the request of the Superintendence of Industry and Commerce, the Controllers must provide a description of the procedures used for the collection, storage, use, circulation and deletion of information, as well as a description of the purposes for which the information is collected and a explanation of the need to collect data in each case.

Deletion of personal data

The owner has the right, at all times, to request FLUIDSIGNAL GROUP S.A.S, when he considers it so. This deletion implies the total or partial elimination of personal information as requested by the owner. It is important to keep in mind that the right of cancellation is not absolute and the person responsible may deny its exercise when:
  1. The owner who has a legal or contractual duty to remain in the database.
  2. The deletion of data hinders judicial or administrative actions linked to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.
  3. The data that is necessary to protect the legally protected interests of the owner; to carry out an action based on the public interest, or to comply with an obligation legally acquired by the owner.

Processing and purpose of personal data

Purposes for the General processing of Information of employees, retired workers, pensioners and candidates to fill vacancies:
  1. For purposes relevant to the employment relationship (EPS, ARL, Pension and severance funds, family compensation funds, etc.)
  2. In the case of employees with the signing of the employment contract, express authorization is understood to process the information
  3. Accounting and payment of payroll
  4. Recruit and select personnel to fill vacancies
  5. Process, confirm and comply with legal and extralegal labor obligations derived from the employment contract
  6. Audits
  7. Statistical analysis
  8. Training and education
  9. Share personal data with banking entities, companies that offer benefits to our active workers, among others
  10. Occupational Health and Safety Programs
  11. Establish technological and physical access controls to maintain security in the physical infrastructure of the facilities and applications
  12. Transfer and/or transmit personal data to entities and/or judicial and/or administrative authorities, when these are required in relation to its corporate purpose and necessary for the fulfillment of its functions
  13. Consult and/or verify the information in National and International control lists related to Money Laundering and Terrorist Financing, illicit activities or situations regulated by the Colombian penal code
  14. Carry out home safety visits and socioeconomic studies whenever the company requires it
  15. Confirm the personal information that the employee gives us by crossing it with public databases, central and risk prevention systems, specialized companies, references and contacts
Other databases that may subsist outside of those directly binding to the company will be processed for pre-contractual, contractual, post-contractual, commercial, customer service and marketing purposes, processing, research, training, accreditation, consolidation, organization, updating, report, statistics, surveys, attention and processing

Rights of the information owner

The Owner of the personal data will have the following rights:
  1. Know, update and rectify your personal data before the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Processing is expressly prohibited or has not been authorized.
  2. Request proof of the authorization granted to the Data Controller except when it is expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of this law.
  3. Be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been given to your personal data.
  4. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of this law and other regulations that modify, add or complement it.
  5. Revoke the authorization and/or request the deletion of the data when the Processing does not respect constitutional and legal principles, rights and guarantees.
  6. The revocation and/or deletion will proceed when the Superintendency of Industry and Commerce has determined that in the Treatment the Controller or Processor has engaged in conduct contrary to this law and the Constitution.
  7. Access free of charge to your personal data that has been processed.

Legitimization for the exercise of data subject rights

The rights of the Owners may be exercised by the following people:
  1. By the Owner, who must prove her identity sufficiently by the different means made available by the person responsible.
  2. By their successors, who must prove such quality.
  3. By the representative and/or attorney of the Owner, prior accreditation of the representation or power of attorney
  4. By stipulation in favor of another or for another.
The rights of children or adolescents will be exercised by the people who are empowered to represent them.

Responsible for managing requests

FLUIDSIGNAL GROUP S.A.S, designates the Administrative and Financial Area, or the agency that takes its place, as the person who will receive, process and channel the different requests that are received and must process the requests of the owners, in the terms, deadlines and conditions established by current regulations, for the exercise of the rights of access, consultation, rectification, updating, deletion and revocation that each person has over their personal data.

Channels and procedures for data subjects to exercise their rights

The Owner who considers that the information contained in a database must be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the Law, may file a claim with FLUIDSIGNAL GROUP S.A.S., said request rectification, update or deletion must be submitted through the medium enabled by FLUIDSIGNAL GROUP S.A.S, which, thinking about well-being, confidentiality and agility in attention, designates the email info@fluidattacks.comThe request must contain the following information:
  1. The name, identification document and address of the owner or any other means to receive the response
  2. Documents that prove the identity of your representative
  3. The description of the personal data with respect to which the owner seeks to exercise any of the rights

Effectiveness

This policy will be applicable to the personal databases for which the Company is responsible and in charge; It will come into effect upon its signature and complements the associated policies and formats, with indefinite validity.
Any change that is valuable (whether in structure or updating of regulations), in the personal data processing policies, will be communicated in a timely manner to the data owners through the usual means of contact and/or through our website.
For holders who do not have access to electronic media or those who cannot be contacted, they will be communicated through open notices at the company's main headquarters.
The database policy will have an indefinite period of validity in accordance with the duration of the Company's corporate purpose.
The databases in which personal data will be recorded will have a validity equal to the time in which the information is kept and used for the purposes described in this policy. Once that purpose(s) is fulfilled and as long as there is no legal or contractual duty to retain your information, your data will be deleted from our databases.
Advertising
FLUIDSIGNAL GROUP S.A.S. will socialize this policy to workers via email and will publish it on the company's website for their respective information.

Validity and application 

This policy governs from its publication and effective socialization through digital channels of dissemination to all workers, repeals provisions that are contrary to it, and is governed based on the guidelines established in Law 1581 of 2012, Law 1032 of 2006 and/or subsequent ones that modify what is regulated there.