Switch Language

The company Brigard & Castro S.A.S. domiciled in Bogotá, with physical address Calle 70ª # 4 -41, email address info@bc.com.co and telephone (+ 57-1) 742 2200 (hereinafter the "Firm") informs the Holders of Personal Data that is treated in any way by the Firm this information treatment policy (the "Policy"), thereby complying with Law 1581 of 2012 and Decree 1377 of 2013. The main purpose of this Policy is to inform the owners of the Personal Data of the rights they have, the procedures and mechanisms provided by the Firm to make effective those rights of the Holders, and to make them aware of the scope and purpose of the Treatment to which the Data will be submitted. Personal in the event that the Holder grants his express, prior and informed authorization.

1 Main definitions

The expressions used in capital letters in this Policy will have the meaning given to them here, or the meaning that the law or applicable jurisprudence will give them, according to said law or jurisprudence, will be modified from time to time.

a) "Authorization": It is the prior, express and informed consent of the Holder to carry out the Processing of his Personal Data.

b) "Database": It is the organized set of Personal Data that are subject to Treatment, electronic or otherwise, whatever the modality of their training, storage, organization and access.

c) "Financial Data": It is all Personal Data referring to the birth, execution and extinction of monetary obligations, regardless of the nature of the contract that originates them, whose Treatment is governed by Law 1266 of 2008 or the regulations that complement it, modify or add.

d) "Personal Data": It is any information of any kind, linked or that may be associated with one or several natural or legal persons determined or determinable.

e) "Public Data": Personal Data is classified as such according to the mandates of the law or the Political Constitution and that which is not semi-private, private or sensitive. Are public, among others, the data relating to the marital status of people, their profession or trade, their status as a merchant or public servant and those that can be obtained without any reservation. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins, judicial sentences duly executed that are not subject to reservation.

f) "Sensitive Data": It is the Personal Data that affects the privacy of the Owner or whose improper use can generate discrimination, such as those that reveal union affiliations, racial or ethnic origin, political orientation, religious or moral convictions. philosophical, belonging to trade unions, social organizations, human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

g) "In charge of the Treatment": It is the natural or legal person, public or private, that by itself or in association with others, performs the Processing of Personal Data on behalf of the Person in Charge of the Treatment.

h) "Authorized": It is the Company and all persons under the responsibility of the Company, who by virtue of the Authorization and these Policies have the legitimacy to process the Personal Data of the Holder. The Authorized includes the gender of the Enabled.

i) "Enabling": It is the legitimacy expressly and in writing by means of a contract or document that takes its place, grant the Company to third parties, in compliance with the applicable Law, for the Processing of Personal Data, turning such third parties into Managers of the Treatment of Personal Data delivered or made available.

j) "Responsible for Treatment": It is the natural or legal person, public or private, that by itself or in association with others, decides on the Database and / or the Treatment of Personal Data.

k) "Owner" of the Personal Data: It is the natural or legal person to whom the information that rests in a Database refers, and who is the subject of the right of habeas data.

l) "Transfer": It is the Processing of Personal Data that implies the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible Party.

m) "Transmission": It is the activity of Processing of Personal Data through which they are communicated, internally or with third parties, within or outside the territory of the Republic of Colombia, when said communication is intended to perform any activity of Treatment by the receiver of the Personal Data.

n) "Processing of Personal Data": Is any operation and systematic procedure, electronic or otherwise, that allows the collection, conservation, ordering, storage, modification, relationship, use, circulation, evaluation, blocking, destruction and in general, the processing of Personal Data, as well as its transfer to third parties through communications, consultations, interconnections, assignments, data messages.

2 Principles

The Firm, in the development of its commercial activities, will collect, use, store, transmit and carry out various operations on the personal data of the Owners. In all Personal Data Processing carried out by the Firm, the Responsible, Responsible and / or third parties to whom Personal Data is transferred must comply with the principles and rules established in the Law and in this Policy, in order to guarantee the right to the habeas data of the Holders and to comply with the obligations of the Law of the Firm. These principles are:

a) Prior authorization: All Processing of Personal Data will be carried out once the prior, express and informed authorization of the Holder has been obtained, unless the Law establishes an exception to this rule. In the event that the Personal Data has been obtained prior to the Law, the Firm will seek the appropriate ordinary and alternative means to summon the Holders and obtain their retroactive authorization, following the provisions of Decree 1377 and the concordant norms.

b) Authorized purpose: Any activity of Processing of Personal Data must obey the purposes mentioned in this Policy or in the Authorization granted by the Owner of the Personal Data, or in the specific documents where each type or process of Data Processing is regulated. Personal The purpose of the particular Treatment of a Personal Data must be informed to the Personal Data Holder at the moment of obtaining its Authorization. The Personal Data may not be processed outside of the purposes informed and consented by the Data Holders.

c) Data Quality: The Personal Data submitted to Treatment must be true, complete, accurate, updated, verifiable and understandable. When it is in the possession of partial, incomplete, fractional or misleading Personal Data, the Firm must abstain from Processing them, or request from the owner the completeness or correction of the information.

d) Delivery of information to the Holder: When the Holder requests it, the Firm must provide information about the existence of Personal Data that concerns the applicant. This information delivery will be carried out by the dependence of the Firm in charge of the protection of personal data (see point 7 of this Policy). Restricted Circulation: Personal Data can only be processed by those personnel of the Firm who have authorization to do so, or who within their functions are in charge of carrying out such activities. Personal Data can not be delivered to those who do not have Authorization or have not been authorized by the Firm to carry out the Treatment.

e) Temporality: The Firm will not use the information of the owner beyond the reasonable term required by the purpose that was informed to the Holder of the Personal Data.

f) Restricted access: Except for the expressly authorized Data, the Firm may not make Personal Data available for access through the Internet or other mass media, unless technical and security measures are established to control access and restrict it only to authorized persons.

g) Confidentiality: The Firm must always carry out the Treatment providing the technical, human and administrative measures that are necessary to maintain the confidentiality of the data and to prevent it from being adulterated, modified, consulted, used, accessed, eliminated, or known by persons Not Authorized or by Authorized and Unauthorized Persons in a fraudulent manner, or that the Personal Data is lost. Any new project that involves the Processing of Personal Data should be consulted this Treatment Policy to ensure compliance with this rule.

h) Confidentiality and Subsequent Treatment: All Personal Data that is not Public Data must be treated by the Responsible as confidential, even when the contractual relationship or the link between the Personal Data Owner and the Firm has ended. Upon termination of such link, such Personal Data must continue to be treated in accordance with this Policy and the Law.

i) Individuality: The Firm will maintain separately the databases in which it has the quality of Responsible for the databases in which it is Responsible.

j) Need: Personal Data can only be processed during the time and to the extent that the purpose of your Treatment justifies it.

3 Treatment and Aims

The Personal Data processed by the Firm must be strictly submitted only for the purposes indicated below. Likewise, the Managers or third parties who have access to the Personal Data by virtue of Law or contract, will maintain the Treatment within the following purposes:

a) Manage all the necessary information for the fulfillment of tax obligations and commercial, corporate and accounting records of the Firm.

b) Comply with the internal processes of the Firm in terms of administration of suppliers and contractors.

c) Comply with the service contracts entered into with customers. .

d) Provide their services in accordance with the particular needs of the Firm's clients, in order to fulfill the service contracts concluded, including but not limited to the verification of affiliations and rights of the individuals to whom the clients of the Signature will provide their services, use the Personal Data for marketing and / or marketing of new services or products.

e) The other purposes determined by the Responsible parties in processes for obtaining Personal Data for Processing and that are communicated to the Holders at the time of the collection of personal data.

f) The control and prevention of fraud and money laundering, including but not limited to consultation on restrictive lists, and all the necessary information required for the SARLAFT.

g) The process of filing, updating systems, protection and custody of information and databases of the Firm.

h) Processes within the Firm, for development or operational purposes and / or systems administration.

i) The transmission of data to third parties with whom contracts for this purpose have been concluded, for commercial, administrative, marketing and / or operational purposes, including but not limited to the issuance of carnets, personalized certificates and certifications to third parties, of in accordance with the legal provisions in force.

j) Maintain and process by computer or other means, any type of information related to the client's business in order to provide the relevant services and products.

k) The other purposes determined by the Responsible parties in processes for obtaining Personal Data for Processing, in order to comply with legal and regulatory obligations, as well as the policies of the Firm.

4 Rights of the Owner of Personal Data

According to the Law, the Personal Data Holders have the following rights:

a) Know, update and rectify your Personal Data in front of the Firm or those in charge of the Treatment of same. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized.

b) Request proof of the Authorization granted to the Firm, unless the Law indicates that such Authorization is not necessary.

c) Submit applications to the Firm or the Person in Charge of Processing regarding the use that has been given to your Personal Data, and to that they give you such information.

d) Submit complaints to the Superintendence of Industry and Commerce for infractions of the Law.

e) Revoke your Authorization and / or request the deletion of your Personal Data from the databases of the Firm, when the Superintendence of Industry and Commerce has determined through a final administrative act that in the Processing the Firm or the Person in Charge of the Processing has incurred in conduct contrary to the Law or when there is no legal or contractual obligation to maintain the Personal Data in the database of the Responsible.

f) Request access and access for free to your Personal Data that have been subject to Treatment in accordance with article 21 of Decree 1377 of 2013.

g) Know the modifications to the terms of this Policy in a previous and efficient way to the implementation of the new modifications or, failing that, of the new information treatment policy.

h) Have easy access to the text of this Policy and its modifications.

i) Access in an easy and simple way the Personal Data that are under the control of the Firm to effectively exercise the rights that the Law grants to the Holders.

j) Know the agency or person authorized by the Firm against whom you can submit complaints, queries, claims and any other request regarding your Personal Data.

The Holders may exercise their rights of Law and perform the procedures established in this Policy, by presenting their citizenship card or original identification document. Minors may exercise their rights personally, or through their parents or adults who have parental authority, who must prove it through the relevant documentation. Likewise, the rights of the Holder may be exercised by the successors in title who prove such quality, the representative and / or agent of the holder with the corresponding accreditation and those who have made a stipulation in favor of another or for another.

5 Person in Charge of Protection of Personal Data

The firm has designated the management of Customer Service as Responsible for the reception and attention of requests, complaints, claims and queries of all kinds related to Personal Data. The person in charge of Customer Service will process inquiries and complaints regarding Personal Data in accordance with the Law and this policy.

Some of the particular functions of this area in relation to Personal Data are:

a) Receive the requests of the Personal Data Holders, process and respond to those that are based on the Law or these Policies, such as: requests for updating of Personal Data; requests to know the Personal Data; requests for deletion of Personal Data when the Holder submits a copy of the decision of the Superintendence of Industry and Commerce in accordance with the provisions of the Law, requests for information on the use given to their Personal Data, requests for updating of the Personal Data, requests for proof of the Authorization granted, when it has proceeded according to the Law.

b) Respond to the Holders of Personal Data about those requests that do not proceed in accordance with the Law.

The contact details of the Customer Service are:

Physical Address: 70th Street No. 4 - 41
Electronic address: info@bc.com.co
Telephone: (+ 57-1) 7422200 Ext. 8769
Contact person charge: Customer Service Analyst

6 Procedures for exercising the rights of the Holders of Personal Data

6.1. Queries

The Firm shall have mechanisms in place for the Holder, his successors, his representatives and / or attorneys, those who have been stipulated in favor of another or for another, and / or the representatives of Minors, to make queries regarding which they are the Personal Data of the Holder that rests in the Databases of the Firm.

These mechanisms can be physical as a window, electronic through the Customer Service email info@bc.com.co or by phone at the service line (+ 57-1) 742 2200 Ext. 8769, responsible for receiving requests , complaints and claims on the phones.

Whatever the means, the Firm will keep proof of the query and its response.

a) If the applicant has the capacity to formulate the consultation, in accordance with the accreditation criteria established in Law 1581 and Decree 1377, the Firm will collect all the information about the Holder that is contained in the individual record of that person or that is linked to the Identification of the Holder within the databases of the Firm and will make it known to the applicant.

b) The Responsible for attending the query will respond to the applicant as long as it has the right to do so as the Personal Data Holder, his / her successor, representative, representative, has been stipulated by another or for another, that is the legal person in charge case of minors. This response will be sent within ten (10) business days from the date on which the request was received by the Firm.

c) In case the request can not be attended to the ten (10) business days, the applicant will be contacted to communicate the reasons why the status of their request is pending. For this purpose, the same means or one similar to that used by the Holder will be used to communicate your request.

d) The final response to all requests will not take more than fifteen (15) business days from the date on which the initial request was received by the Firm.

6.2. Claims

The Firm has mechanisms for the Holder, his successors in title, representative and / or attorneys, those who stipulated by another or for another, and / or the representatives of minor Minors, to make claims regarding (i) Personal Data Treated by the Firm that must be subject to correction, updating or deletion, or (ii) the alleged breach of the duties of the Law of the Firm.

These mechanisms can be physical as a window, electronic through the Customer Service email info@bc.com.co or by phone at the service line (+ 57-1) 742 2200 Ext. 8769, responsible for receiving requests , complaints and claims on the phones.

e) The claim must be presented by the Holder, his successors or representatives or accredited in accordance with Law 1581 and Decree 1377, as follows:

You must go to Brigard Castro by electronic mail to the email address info@bc.com.co; physically address Calle 70ª No. 4 - 41; or by telephone on the service line (+ 57-1) 742 2200 Ext. 8769.
It must contain the name and identification document of the Holder.
It must contain a description of the facts that give rise to the claim and the objective pursued (update, correction or deletion, or compliance with duties).
You must indicate the address and contact information and identification of the claimant.
It must be accompanied by all the documentation that the claimant wants to enforce.
The Firm before attending the claim will verify the identity of the Personal Data Owner, their representative and / or attorney, or the accreditation that there was a stipulation by another or another. For this purpose, it may require the identity card or the original identification document of the Holder, and the special or general powers of attorney or documents required as the case may be.
f) If the claim or additional documentation is incomplete, the Firm will require the claimant only once within five (5) days after receipt of the claim to correct the faults. If the claimant does not submit the required documentation and information within two (2) months following the date of the initial claim, it will be understood that the claim has been abandoned.

g) If due to any fact the person receiving the claim within the Firm is not competent to resolve it, the Customer Service Analyst will be transferred within two (2) business days after receiving the claim, and will report said referral to the claimant.

h) Once the claim with the complete documentation has been received, it will be included in the Database of the Firm where the Data of the Holder subject to the claim rest a legend that says "claim in process" and the reason thereof, in a non-term greater than two (2) business days. This legend must be maintained until the claim is decided.

i) The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first finished.

7 Validity

This Policy applies as of July 25. The Personal Data that is stored, used or transmitted will remain in our Database, based on the criterion of temporality and necessity, during the time that is necessary for the purposes mentioned in this Policy, for which they were collected.

8 Annexes

Procedure for submitting an application, complaint or claim.