GENERAL CONSIDERATIONS
Aware of the importance of the protection and good management of the personal information provided by the owners of the information, NORCOL COLOMBIA SAS, – hereinafter NORCOL, who acts as responsible for the information received, has designed this policy and procedures that in set allow you to make proper use of your personal data.
In accordance with the provisions of article 15 of the Political Constitution of Colombia, which develops the fundamental right to habeas data, referring to the right that all citizens have to know, update, rectify the personal data that exist on it in databases and in archives of both public and private bases, which is inevitably related to the handling and processing of the information that the recipients of personal information must take into account. Said right has been developed through the issuance of the Statutory Law 1581 of 2012 and the Regulatory Decree 1377 of 2013, based on which NORCOL, as RESPONSIBLE for the personal data that receives, handles and processes the information and thus proceeds to issue This personal data treatment policy, which is made known to the public so that they know the way NORCOL treats their information. The provisions of this policy for the processing of personal data are mandatory by NORCOL, its administrators, workers, contractors and third parties with whom NORCOL establishes relationships of any kind.
OBJECTIVE
With the implementation of this policy, it is intended to guarantee the reservation of information and security about the treatment that will be given to all customers, suppliers, employees and third parties from whom NORCOL has legally obtained information and personal data in accordance with the guidelines established by the regulatory law of the right to Habeas Data. Likewise, through the issuance of this policy, the provisions of paragraph K of article 17 of the aforementioned law are complied with.
DEFINITIONS
• Authorization: Prior, express and informed consent of the owner of the data to carry out the treatment. This can be written, verbal or through unequivocal behaviors that allow to reasonably conclude that the holder granted authorization.
• Database: It is the organized set of Personal Data that is subject to treatment, electronic or not, whatever the modality of its training, storage, organization and access.
• Consultation: Request from the owner of the data or from the persons authorized by it or by law to know the information that rests on it in databases or files.
• Personal data: Any information linked or that may be associated with one or more specific or determinable natural persons. These data are classified as sensitive, public, private and semi-private.
• Sensitive personal data: Information that affects the privacy of the person or whose misuse may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations , of human rights or that promotes interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data (fingerprints, among others).
For the purposes of this policy, NORCOL warns of the optional nature of the holder of the personal data to provide this type of information in cases where, eventually, they may be requested.
• Public personal data: It is the data qualified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. They are public, among others, the data contained in public documents, public records, gazettes and official gazettes and duly executed judicial sentences that are not subject to reservation, those related to the civil status of the people, their profession or trade and their quality of merchant or public servant. The personal data existing in the commercial register of the Chambers of Commerce (Article 26 of the C.C.) are public.
Likewise, they are public data, which, by virtue of a decision of the owner or of a legal mandate, are in files of free access and consultation. These data can be obtained and offered without any reservation and regardless of whether they refer to general, private or personal information.
• Private personal data. It is the data that due to its intimate or reserved nature is only relevant for the person holding the data. Examples: merchant’s books, private documents, information extracted from the home inspection.
• Semi-private personal data. It is semi-private the data that has no intimate, reserved, or public nature and whose knowledge or disclosure may interest not only its owner but also a certain sector or group of people or society in general, such as, among others, the data regarding compliance and breach of financial obligations or data relating to relations with social security entities.
• Responsible for the Treatment: Person who, by himself or in association with others, decides on the basis of the data and / or the processing of the data.
• Responsible for the treatment: Person who performs the data processing on behalf of the controller.
• Being “Authorized” is NORCOL and all persons under its responsibility, who by virtue of the authorization and the Policy have the legitimacy to process the personal data of the holder. The Authorized includes the gender of the Enabled.
• “Enabling” or being “Enabled”, is the legitimacy that expressly and in writing by means of a contract or document that makes its times, grants NORCOL to third parties, in compliance with the applicable law, for the processing of personal data, converting such third parties in charge of the processing of personal data delivered or made available.
• Claim: Request from the owner of the data or the persons authorized by it or by law to correct, update or delete your personal data or when they notice that there is an alleged breach of the data protection regime, according to Article Art. 15 of the Law 1581 of 2012.
• Data holder: It is the natural person to whom the information refers.
• Treatment: Any operation or set of operations on personal data such as, among others, the collection, storage, use, circulation or suppression of that kind of information.
• Transmission: Treatment of personal data that involves the communication of them within (national transmission) or outside Colombia (international transmission) and which aims to carry out a treatment by the person in charge on behalf of the person in charge.
• Transfer: The transfer of data takes place when the person in charge and / or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the processing and is within or out of the country
• Procedural requirement: The holder or assignee may only file a complaint with the Superintendence of Industry and Commerce once the consultation or claim process has been exhausted before the person responsible for the treatment or in charge of the treatment, the foregoing according to Article 16 of Law 1581 of 2012.
PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
The processing of personal data must be carried out in compliance with the general and special regulations on the subject and for activities permitted by law. Consequently, the following principles apply for the purposes of this policy:
• Principle of legality: Data processing is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.
• Principle of purpose: The treatment must obey a legitimate purpose in accordance with the Constitution and the Law.
• Principle of freedom: The treatment can only be exercised with the prior, express and informed consent of the holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
• Principle of truthfulness or quality: The information subject to treatment must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractional or error-inducing data is prohibited.
• Principle of transparency: In the treatment, the right of the holder to obtain information about the existence of data concerning him must be guaranteed at any time and without restrictions.
• Principle of access and restricted circulation: The processing is subject to the limits derived from the nature of personal data, the provisions of the law and the Constitution. In this sense, the treatment may only be done by persons authorized by the holder and / or by the persons provided by law.
• Security principle: The information subject to Treatment by the Treatment Manager or Treatment Manager referred to in this law, must be handled with the technical, human and administrative measures that are necessary to grant security to the records avoiding adulteration , loss, consultation, use or unauthorized or fraudulent access.
• Principle of confidentiality: All persons involved in the processing of personal data that do not have the nature of audiences are obliged to guarantee the reservation of information, even after the end of their relationship with any of the tasks included in the processing, being able to only make provision or communication of personal data when it corresponds to the development of the activities authorized in this law and in the terms of it.
Any new project within the Organization, which involves the Processing of Personal Data must be consulted with the Information Security Management, which is the person and agency responsible for the data protection function to ensure compliance with the policy and of the necessary measures to maintain the confidentiality of personal data.
RIGHTS OF DATA HOLDERS
In accordance with the legal provisions in force, the following are the rights of the holders of personal information:
• Right to know, update, rectify, consult your personal data at any time against NORCOL regarding the data that you consider partial, inaccurate, incomplete, fractionated and those that lead to error.
• Right to request at any time proof of the authorization granted to NORCOL except in those cases in which legally the Responsible is free to have authorization to process the data of the holder.
• Right to be informed by NORCOL upon request of the owner of the data, regarding the use he has given to them.
• Right to submit to the Superintendency of Industry and Commerce any complaints it deems pertinent to assert its right to Habeas Data.
• Right to revoke the authorization and / or request the deletion of any data when it considers that NORCOL has not respected its constitutional rights and guarantees.
• Right to access free of charge personal data that you voluntarily decide to share with NORCOL.
THE INFORMATION AND / OR PERSONAL DATA WE COLLECT FROM YOU, ARE THE FOLLOWING:
1. If you are a provider, or service provider
Kind of person:
Natural: names and surnames, identification type, identification number, gender, marital status and date of birth, residence address and / or office email, financial data (bank accounts), RUT, copy of citizenship card, data of affiliation to the health system, ARL and pensions, nationality.
Legal: business name, NIT, or identification number (depending on the country of origin) address, telephone, cell phone, email, country, city, financial data (bank accounts), RUT, Certificate of Existence and Legal Representation, nationality.
- Employees and participants of labor selection processes
Data that is provided at the decision of the employee and the candidate in his resume, personal photography, names and surnames, type of identification, identification number, gender, marital status and date of birth, residence and / or office address, e-mail, financial data (bank accounts), RUT, copy of citizenship card, data of affiliation to the health system, ARL and pensions, nationality, family data, data on whether history and work experience, educational information, registration is practiced of alcoholimetry and polygraphy test. - Visitors offices or camps
Names and surnames, type of identification, identification number, gender, marital status and date of birth, address of residence and / or office email, affiliation data to the health system, ARL and pensions, nationality, registration of alcoholimetry
- Website Users
4.1. «I require more information»:
Kind of person:
Natural: names and surnames, telephone, cell phone, email.
Legal: business name, telephone, cell phone, email.
4.2. «Work with us»
Natural: names and surnames, telephone, cell phone, email, city.
Legal: business name, telephone, cell phone, email, city.
- Biometric data
images, video, audio, fingerprints that identify or make our customers, users, employees, visitors or anyone who enters or is or transits identifiable anywhere NORCOL has implemented devices to capture such information.
This data can be stored and / or processed on servers located in a data processing center, either owned or contracted with suppliers, located in different countries, which is authorized by our customers / users / suppliers / employees, by accepting this policy of treatment and protection of personal data.
For more information, on the identity, addresses and contact forms you can consult it at the following email address https://norcol.com.co
NORCOL reserves the right to improve, update, modify, delete any type of information, content, domain or subdomain, which may appear on the website, without prior notice, being understood as sufficient with the publication on the websites of NORCOL For the solution of legal or internal requests and for the provision or offer of new services or products.
TREATMENT, SCOPE AND PURPOSES
I. NORCOL informs the owners that the data collected from our customers, contractors, suppliers and employees may be used for the following purposes. The processing may be carried out by NORCOL directly or through its contractors, consultants, consultants and / or third parties in charge of the processing of personal data, so that they carry out any operation or set of operations such as the collection, storage, use, circulation, deletion , classification, transfer and transmission (the «Treatment») on all or part of your personal data:
to. The support of the contractual relationship established with NORCOL.
b. The provision of services related to the products and services offered.
c. The performance of all activities related to the service or product will be included in a list of emails for sending the newsletter.
d. Send information about changes in the conditions of the services and products purchased, and notify you about new services or products.
and. Manage your requests, clarifications, and investigations.
F. Prepare studies and programs that are necessary to determine consumption habits.
g. The refinement of security filters and business rules in business transactions; confirm, process such transactions, with your financial institution, with our service providers and with yourself.
h. Perform periodic evaluations of our products and services in order to improve their quality.
i. The sending, by traditional and electronic means, of technical, operational and commercial information of products and services offered by NORCOL, its associates or suppliers, currently and in the future.
j. The request for satisfaction surveys, which is not required to answer.
k. Carry out the transmission and / or transfer of data to other companies, commercial alliances or third parties in order to fulfill the obligations acquired. The transmission and transfer may be made even to third countries that may have a different level of protection from the Colombian, when necessary for the fulfillment of our obligations.
l. Fulfill obligations contracted by NORCOL with its customers when acquiring our services and products.
m. Respond to inquiries, requests, complaints and claims that are made by control agencies and other authorities that under personal law must receive personal data.
n. Any other activity similar in nature to those described above that are necessary to develop the corporate purpose of NORCOL.
or. Make inquiries in different databases and authorized sources (such as OFAC, UN lists, among others) necessary for the control and prevention of fraud or crimes related to money laundering, in accordance with our risk prevention and management policies – SARLAFT .
p. To comply with the obligations contracted by NORCOL with the workers holding the information, in relation to payment of salaries, social benefits, and others enshrined in the employment contract and current labor regulations.
q. Inform the worker of the developments that occur in the development of the employment contract and until after its completion.
r. Evaluate the quality of the services we provide.
s. Conduct internal studies on the habits of the worker holding the information or request personal information for the development of management programs or systems.
t. Perform payroll discounts authorized by the worker.
or. Manage your requests, activity management, clarifications and investigations.
v. Marketing and sale of our products and services.
w. The sending, by traditional and electronic means, of technical, operational and commercial information of products and services offered by associates or suppliers, currently and in the future.
x. Prepare studies and programs that are necessary to determine consumption habits.
and. Carry out the transmission and / or transfer of data to other companies, commercial alliances or third parties in order to fulfill the obligations acquired. The transmission and transfer may be made even to third countries that may have a different level of protection from the Colombian, when necessary for the fulfillment of our obligations.
z. The request for surveys, which the worker is not obliged to answer.
aa. Transfer the information received to all judicial and / or administrative entities when it is necessary for the fulfillment of duties as an employer to fulfill the obligations of labor order, social security, pensions, professional risks , family compensation funds (Integral Social Security System) and taxes.
bb. Transfer the personal information of the employer to third parties that legitimately have the power to access such information, which includes, but is not restricted to the member companies of NORCOL COLOMBIA S.A.S
DC. Deliver the personal information of the worker to all entities that are related to the compliance of the person responsible as an employer.
dd. Any other activity similar in nature to those described above that are necessary to develop the corporate purpose of NORCOL and its labor obligations acquired by virtue of the conclusion of the employment contract or by the ministry of law.
usa Make inquiries in different databases and authorized sources (such as OFAC, UN lists, among others) necessary for the control and prevention of fraud or crimes related to money laundering, in accordance with our risk prevention and management policies – SARLAFT .
II. The processing of personal data will be carried out with the prior authorization of the owner of the data, except in the events in which the data is of a public nature. For this, an authorization format for the processing of data has been implemented, which must be filled out by the owner of the information at the same time he delivers his personal information. This authorization explains the scope and purposes of the processing of personal data, reference is made to the authorization by another, the data of minors and sensitive data, as well as the channel of attention of the owners who want exercise the rights contemplated within the habeas data and, indicate the place where this policy is housed. For the purpose of advancing the data processing, NORCOL employs all activities aimed at maintaining the confidentiality of the information.
The authorization will be obtained through any means that may be subject to subsequent consultation, such as the website, forms, formats, face-to-face activities or through social networks, etc. The authorization may also be obtained from the unequivocal behavior of the owner of the data that allows to reasonably conclude that he or she granted authorization for the processing of your information.
III. If you provide us with personal information about a person other than you, such as your spouse or a co-worker, we understand that you have the authorization of that person to provide us with your data; and we do not verify, nor assume the obligation to verify the identity of the user / client, nor veracity, validity, sufficient and authenticity of the data of each of them, provide. By virtue of the foregoing, we do not assume responsibility for damages or prejudices of any nature that may arise from the lack of truthfulness, homonymy or the impersonation of identity information.
IV. Since NORCOL belongs to NORCOL HOLDING AS, your personal information may be shared by way of transfer or transmission with it, business partners and / or third-party providers, such processes can be carried out in different places where the service is contracted or product purchased, with the same purposes as indicated for the collection of personal data. These entities are obliged to comply with the corresponding confidentiality, transmission or transfer agreements.
V. Certain services or products provided on the page www.norcol.com.co, and in any of the portals of the NORCOL partner companies and their equivalents, may contain particular conditions with specific provisions regarding the protection of Personal Data.
SAW. The Personal Data collected will be subject to manual or automated processing and incorporated into the corresponding files or databases (hereinafter, the «File») of NORCOL, either as the data controller and responsible for the protection of the data. To determine the term of the treatment, the rules applicable to each purpose and the administrative, accounting, fiscal, legal and historical aspects of the information will be considered.
VII. When, at the time of providing the service, the holder is accompanied by minors or persons considered disabled, and in which the collection of their personal data occurs, NORCOL will always request the authorization of whoever has the legal representation of the minor. However, if personal information of the population mentioned here is provided without being the legal representative, you state that you have the authorization of the respective legal representative, assuming directly the responsibility that this entails. NORCOL will tend because their rights are respected at all times, and their best and prevailing interest. The representative must guarantee the right to be heard and assess their opinion of the treatment taking into account the maturity, autonomy and capacity of minors. The representatives are informed of the optional nature of answering questions about data on minors. The data of minors, included in a special category of protection, will be treated in accordance with the provisions of the applicable legislation on the matter and in accordance with the provisions of our personal data policy.
VIII. NORCOL has adopted the security levels of protection of the legally required personal data, and has installed all the technical means and measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and illegitimate theft of the personal data provided to NORCOL however, the owner must be aware that Internet security measures are not unbreakable.
IX. If you choose to delete your information, to the extent permitted by law, we will keep in our files certain personal information in order to identify accounting and tax data of the transactions made, prevent fraud, resolve disputes, investigate conflicts or incidents. , enforce our terms and conditions of use and comply with legal requirements.
However, at the time you decide to revoke your authorization, the information hosted will not be used for the purposes set forth herein, only in the terms strictly necessary and defined in the previous paragraph.
XI If personal information was collected or provided prior to July 30, 2013 and you did not express your opposition to your personal data being transferred, it will be understood that you have given your consent. In the event you wish to ratify your consent or express your refusal, you can indicate it through the following email [email protected]
XII. Like other websites, NORCOL uses certain technologies, such as cookies, and device fingerprinting, which allow us to make your visit to our site easier and more efficient, providing you with a personalized service and recognizing you when you return to our site. For the purposes of this Privacy Notice «cookies» will be identified as the text files of information that a website transfers to the hard drive of the users’ computer in order to store certain records and preferences.
to. Websites may allow advertising or third-party functions that send «cookies» to the owners’ computers.
b. Cookies are only associated with an anonymous user and his computer, and do not provide the name and surname of the same, in many cases, you can browse any of the NORCOL websites anonymously. When you access any NORCOL website, your IP address (the Internet address of your computer) is recorded, to give us an idea of what parts of the website you visit and how much time you spend in each section. We do not link your IP address to any personal information about you, unless you have registered with us and entered the system using your profile.
c. Therefore, it is possible that in certain applications NORCOL recognizes users after they have registered for the first time, without having to register at each visit to access the areas and services or products reserved exclusively for them.
d. Other services will require the use of certain access codes, and even the use of a digital certificate, in the characteristics determined.
and. The cookies used cannot read the cookie files created by other providers. NORCOL encrypts user identification data for added security.
F. To use the NORCOL website, it is not necessary for the user to allow the installation of cookies sent by NORCOL, notwithstanding that in such case it will be necessary for the user to register for each of the services whose provision requires prior registration.
NATIONAL OR INTERNATIONAL TRANSFER OF PERSONAL DATA
NORCOL may transfer the data to other Data Controllers when authorized by the owner of the information or by law or by an administrative or judicial mandate.
INTERNATIONAL AND NATIONAL TRANSMISSION OF DATA TO MANAGERS
NORCOL may send or transmit data to one or several managers located inside or outside the Republic of Colombia in the following cases: a) When it has authorization from the holder and b) when without the authorization there is between the Responsible and the manager a contract of data transmission.
DUTIES OF THE RESPONSIBLE FOR THE TREATMENT
• Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.
• Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the holder.
• To duly inform the owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted.
• Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
• To process the queries and complaints formulated in the terms indicated in this law.
• Adopt an internal manual of policies and procedures to ensure proper compliance with this law and especially for the attention of inquiries and complaints.
• Inform at the request of the owner about the use given to their data.
• Inform the data protection authority when there are violations of security codes and there are risks in the management of the information of the owners.
• Comply with the instructions and requirements issued by the superintendence of industry and commerce.
DUTIES OF TREATMENT MANAGERS
• Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.
• Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
• Timely update, rectify or delete the data in the terms of this law.
• Update the information reported by those responsible for the treatment within five (5) business days from the date of receipt.
• To process the queries and claims made by the owners in the terms indicated in this law.
• Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the attention of inquiries and complaints by the owners.
• Refrain from circulating information that is being controversial by the owner and whose blockade has been ordered by the superintendence of industry and commerce.
• Allow access to information only to people who may have access to it.
• Inform the superintendence of industry and commerce when there are violations of security codes and there are risks in the administration of the information of the owners.
• Comply with the instructions and requirements issued by the superintendence of industry and commerce.
PETITIONS, COMPLAINTS AND CLAIMS
For the purposes of receiving requests, complaints and queries related to the handling and processing of personal data, NORCOL has used the email [email protected], to channel, study and answer them. Therefore, to that address they can send their requests, which will be treated as provided by Law 1581:
Queries: The owners or their successors may consult the personal information of the owner that rests in our database. NORCOL will provide these with all the information contained in the individual registry or that is linked to the identification of the holder. The consultation will be answered within a maximum period of ten (10) business days from the date of receipt of the same. When it is not possible to attend the query within said term, the interested party will be informed, and the date on which his query will be attended will be indicated, which in no case may exceed five (5) business days following the expiration of the first term.
Claims: The holder or his successors who consider that the information contained in a database must be subject to correction, update or deletion, or when they notice the alleged breach of any of the duties contained in the law, may file a complaint with NORCOL , which will be processed under the following rules:
• The claim will be formulated by means of a request addressed to NORCOL with the identification of the holder, the description of the facts that give rise to the claim, the address, and accompanying the documents to be asserted. If the claim is incomplete, NORCOL will require the interested party within five (5) days after receipt of the claim to remedy the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has given up the claim.
• Once the complete claim has been received, a legend that says “claim in process” and the reason for it will be included in the database, in a term not exceeding two (2) business days. This legend must be maintained until the claim is decided.
• The maximum term to respond to the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed and the date on which their claim will be addressed will be indicated, which in no case may exceed eight (8) business days following the expiration of the first term.
• In any case, the holder or the successor may only file a complaint with the Superintendence of Industry and Commerce once the consultation or claim process has been exhausted before NORCOL.
• The area responsible for receiving and processing claims is the Information Security Management.
• The request for deletion of the information and the revocation of the authorization will not proceed when the holder has a legal or contractual duty to remain in the database.
DATA RESPONSIBLE FOR THE TREATMENT
Corporate name: NORCOL COLOMBIA S.A.S
Address: Carrera 43ª Nro 1 – 85 office 409, Medellín, Antioquia, Colombia.
Email: [email protected]
Telephone: (+57 4) 3221232
Website: www.norcol.com.co
QUESTIONS OR SUGGESTIONS
If you have any questions or queries about the process of collecting, processing or transferring your personal information, or consider that the information contained in a database must be corrected, updated or deleted, please send us a message to the following account Email: [email protected]
For more information, about NORCOL, the identity, address and contact forms can be consulted at the following address www.norcol.com.co This website has the same terms and conditions applicable to the published services and products which may be Be consulted at any time for more information.
VALIDITY
NORCOL reserves the right to modify this policy to adapt it to legislative or jurisprudential developments, as well as to good practices of the mining and environmental sector and other sectors of the economy that are part of the commercial activity of NORCOL. In these cases, NORCOL will announce on this page the changes introduced with reasonable anticipation of its implementation.
This policy was modified and published on the NORCOL websites on December 6, 2019 and is effective as of the date of publication, this date being the last update.