Schedule your assessment now and change your lifestyle in 10 days! Call us or write us on WhatsApp 317 644 1532

Privacy Policy

PRIVACY POLICY

PERSONAL DATA PROTECTION TREATMENT POLICY CRUZ Y GANDINI SAS (NEC METHOD) NIT No. 900.441.009-2
In compliance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, which establish the provisions for the protection of personal data, CRUZ Y GANDINI SAS, as the party responsible, accepts this policy for the processing of all personal data found in our databases and/or files, which will be disclosed to all owners of the data that has been collected and that will be obtained in the future in the exercise of work and commercial activities. Through this policy, CRUZ Y GANDINI SAS declares that it guarantees the rights to privacy in the processing of personal data and strives to make effective the guarantee of the rights to privacy and intimacy of each of the data and information of the owners. All owners who, in the development of different work, commercial, among other activities, whether permanent or occasional, provide any type of personal information, may update or consult it later.
LEGAL FRAMEWORK
This Manual of Personal Data Protection Treatment Policies is supported by the provisions of the Colombian Political Constitution (article 15 and 20), Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013, Decree 1074 of 2015 (Chapter 25 and 26, external circular No. 002 of 2015. CRUZ Y GANDINI SAS may unilaterally change its Privacy Policy and use of Personal Data, without the consent of the owner, but taking into account that CRUZ Y GANDINI SAS is obliged to keep the previous versions of this Policy, always respecting the rights of the owner of the personal data enshrined in the Colombian Constitution and Law. In cases where CRUZ Y GANDINI SAS develops activities related to its corporate purpose and minors are involved in these, it will proceed in accordance with as stipulated in article 7 of Law 1581 of 2012. This Policy is strictly and obligatorily complied with by CRUZ Y GANDINI SAS, as the Data Protection Controller, as well as by its employees, contractors and third parties, and must be observed and respected in the performance of its duties and activities, even after the termination of its commercial, employment or other relationship. Likewise, they undertake to maintain strict confidentiality in relation to the data handled.
I. IDENTIFICATION Company name: CRUZ Y GANDINI SAS, Tax ID: 900.441.009-2 Address: Calle 5 B3 No. 38-44 Office 402, Cali. Telephone: ( 57) (2) 5240170 ext. 402 Email: info@metodonec.com Website: www.metodonec.com.
II. DEFINITIONS
In accordance with current regulations on the protection of personal data, the following definitions will be taken into account: 1 The definitions contained in this document were taken from current Colombian regulations governing data protection.
- Authorization: prior, express and informed consent of the owner to carry out the Processing of Personal Data. - Privacy Notice: physical, electronic or any other format document generated by the Controller that is made available to the Owner for the processing of their personal data. The Privacy Notice informs the Owner of the information regarding the existence of the information processing policies that will be applicable to them, the way to access them and the purpose of the processing that is intended to be given to the personal data. - Database: organized set of Personal Data that is the object of Processing. - Personal Data: any information linked to or that can be associated with one or more specific or identifiable natural persons. - Data Processor: natural or legal person, public or private, that by itself or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller. In the events in which the Controller does not act as the Database Manager, the person in charge will be expressly identified. - Public Data: is data classified as such according to the mandates of the law or the Political Constitution and that which is not semi-private, private or sensitive. Public data includes, among others, data relating to the civil status of individuals, their profession or trade, their status as a merchant or public servant and those that can be obtained without reservation. - Private Data: is data that due to its intimate or reserved nature is only relevant to the owner. - Sensitive Data: those that affect the privacy of the owner or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee human rights or that promote opposition interests, as well as data relating to health, sexual life and biometric data. - Data Processor: natural or legal person, public or private, who by itself or in association with others, processes personal data on behalf of the Data Controller. - Terms and Conditions: general framework in which the conditions for participants in promotional or similar activities are established. - Owner: natural person whose personal data is subject to Processing. - Processing: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion. - Transfer: the transfer of data takes place when the controller and/or processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the processing and is located within or outside the country. - Transmission: processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a treatment by the processor on behalf of the controller.
III. PROCESSING AND PURPOSE The authorization for the processing of personal data carried out by CRUZ Y GANDINI SAS, for the proper development of its commercial activities, is to collect, store, process, circulate, use and transmit or transfer (as appropriate) and delete personal data corresponding to natural persons with whom it has or has had a relationship, strictly adhering to the duties of security and confidentiality ordered by Law 1581 of 2012 and Decree 1377 of 2013, in order to comply with the following purposes:
- Sending information about its collaborators and family members, either for the provision of health services or programming of the company's activities, as well as to support internal or external audit processes. - Advance the work of portfolio recovery, balance notifications, pending billing for payment and other information related to the services provided by CRUZ Y GANDINI SAS - In order to strengthen relationships with our clients, personal data will be used to send relevant information as well as to receive support requests, advice, consulting and everything related to the company's corporate purpose. Likewise, the attention of requests, complaints, claims or congratulations, carrying out customer satisfaction surveys and the invitation to events and activities scheduled by CRUZ Y GANDINI SAS. The processing of personal data of applicants, employees, retired employees, clients, suppliers, contractors or any person with whom CRUZ Y GANDINI SAS has established or establishes a permanent or occasional relationship, will be carried out within the legal framework that regulates the matter. Without prejudice to the exceptions provided for by law, the processing of sensitive data requires the prior, express and informed authorization of the owner, which must be obtained by any means that can be subject to subsequent consultation and verification.
IV GUIDING PRINCIPLES
In order to guarantee the protection of personal data, CRUZ Y GANDINI SAS will comprehensively and harmoniously adapt the following principles, in light of which the processing, transfer and transmission of personal data must be carried out. The principles included in this document were taken from current Colombian regulations governing the protection of personal data. - Principle of Legality in Data Processing: data processing is a regulated activity, which must be subject to the current and applicable legal provisions governing the subject. - Principle of Purpose: the activity of processing personal data carried out by CRUZ Y GANDINI SAS, or to which it has access, will obey a legitimate purpose in accordance with the Colombian Political Constitution, which must be reported to the respective owner of the personal data. - Principle of Freedom: the processing of personal data can only be carried out with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal, statutory or judicial mandate that waives consent. - Principle of Truthfulness or Quality: the information subject to the Processing of personal data must be truthful, complete, accurate, up-to-date, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited. - Principle of Transparency: In the processing of personal data, CRUZ Y GANDINI SAS will guarantee the Owner their right to obtain at any time and without restrictions, information about the existence of any type of information or personal data that is of interest to them or is their ownership. - Principle of Restricted Access and Circulation: the processing of personal data is subject to the limits that arise from the nature of the data, the provisions of the law and the Constitution. Consequently, the processing may only be carried out by persons authorized by the owner and/or by the persons provided for in the law. Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the owners or authorized third parties in accordance with the law. - Security Principle: the information subject to processing by CRUZ Y GANDINI SAS must be handled with the technical, human and administrative measures that are appropriate.
necessary to provide security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. - Confidentiality Principle: all personnel at CRUZ Y GANDINI SAS who administer, handle, update or have access to information of any kind found in the Database are obliged to guarantee the confidentiality of the information, and therefore undertake to preserve and maintain in a strictly confidential manner and not to reveal to third parties any information they may become aware of in the execution and exercise of their functions; except when it involves activities expressly authorized by the data protection law. This obligation persists and will be maintained even after their relationship with any of the tasks comprising the treatment has ended.
V. RIGHTS OF THE OWNER OF PERSONAL DATA INFORMATION
In accordance with the provisions of current regulations, all persons whose personal data is processed by CRUZ Y GANDINI SAS have the following rights, which they may exercise at any time: - To know, update and rectify the Personal Data provided to CRUZ Y GANDINI SAS, which are being processed. The owner may exercise this right, among others, against partial, inaccurate, incomplete, fractional data, which are misleading, or those whose processing is expressly prohibited or has not been authorized. - To request at any time proof of authorization granted to CRUZ Y GANDINI SAS, for the processing of personal data, through valid means, except in cases where authorization is not necessary. - To be informed by CRUZ Y GANDINI SAS, upon request, regarding the use that it has given their personal data. - Submit to the Superintendency of Industry and Commerce, or the entity that takes its place, complaints for violations or the provisions of Law 1581 of 2012 and other regulations that modify, add to or complement it, after a consultation or request made to CRUZ Y GANDINI SAS. - Request CRUZ Y GANDINI SAS to delete data when the constitutional and legal principles, rights and guarantees are not respected in their processing, through the different channels of attention existing for this purpose. - Access free of charge your Personal Data that is being Processed. - Learn about the Company's data processing policy and through it, the use and purpose that will be given to your personal data. 3 Law 1581 of 2012. Art. 10 “CASES IN WHICH AUTHORIZATION IS NOT NECESSARY” The authorization of the owner will not be necessary when it concerns: information required by a public or administrative entity in the exercise of its legal functions or by court order, data of a public nature, cases of medical or health urgency, processing of information authorized by law for historical, statistical or scientific purposes, data related to the civil registry of persons. Anyone who accesses personal data without prior authorization must in all cases comply with the provisions contained in this law. The aforementioned rights may be exercised, taking into account the following aspects: - When the owner consults personal data, requests authorization or information on the use given to his/her data, he/she may make the query in writing, in person or by the different means made available by CRUZ Y GANDINI SAS
VI. DUTIES OF CRUZ AND GANDINI SAS
REGARDING THE PROCESSING OF PERSONAL DATA
CRUZ Y GANDINI SAS acknowledges that personal data is the exclusive property of the owner and, consequently, only the owner may decide on it. CRUZ Y GANDINI SAS will use personal data only for the purposes authorized by the owner or by current regulations. CRUZ Y GANDINI SAS, in the treatment and protection of personal data, will have the following duties, without prejudice to other duties provided for in the provisions that regulate or may regulate this matter: - Guarantee at all times to the owner the full and effective exercise of the right to habeas data. - Request a copy of the authorization granted by the owner for the processing of personal data and keep it. - Inform the owner of the purpose of the collection and the rights that favor him by virtue of the authorization granted. - Keep the information under conditions of high security standards, which prevent adulteration, loss, consultation, unauthorized and/or fraudulent use or access. - Update the information in a timely manner, regarding any new developments in the data subject's data, implementing the necessary measures. - Ensure that the information is true, complete, accurate, up-to-date, verifiable and understandable. - Rectify the information when it is incorrect and communicate what is relevant. - Respect the security and privacy conditions of the data subject's information. - Process all queries, claims and requests made within the terms indicated by law. - Inform the data protection authority when security code violations occur and there are risks in the management of the data subject's information. - Allow access to the information only to those who may have access to it. - Use the personal data of the owner only for those purposes for which it is duly authorized and respecting in all cases the current regulations CRUZ Y GANDINI SAS is responsible for all the personal data of the owners, as long as said information has been provided by them, as well as the database or storage medium where they are located and is its property or management. Information and/or Personal Data of the Owner Regardless of the commercial, employment or other relationship that involves accessing the services or participating in the different processes or activities of CRUZ Y GANDINI SAS, you must voluntarily provide your data such as, among others: name, surname, identification, telephone number, address and other necessary data that is requested in the different registration processes (suppliers, clients, employees). Protection of Information or Personal Data CRUZ Y GANDINI SAS works hard to guarantee the protection of information, avoiding unauthorized access, modifications, disclosure and unauthorized elimination of information found in existing databases. In the event that data is provided and the entire process is carried out by means of transmission of information or data over the Internet or wireless networks, it must be taken into account that due to the characteristics of these means it is impossible to guarantee optimal security, therefore in these cases the risk inherent to the transmission of information or the means used is of the owner. CRUZ Y GANDINI SAS, to guarantee and comply with the Data Protection obligation, implemented the following controls:
- Monitor the management of information systems, which allow for optimal operation. - Record obligations or confidentiality agreements with personnel with whom there is a commercial, labor or other relationship. Failure to comply with such agreements implies the termination of the link that said persons have with CRUZ Y GANDINI SAS, making them liable for the disciplinary sanctions provided for in the Law. - Conduct audits periodically to ensure the correct implementation of Law 1581 of 2012 and other related regulations. - Adopt technological security mechanisms such as security software, digital signatures, SSL certificates, Hypertext Transfer Protocol Secure (HTTPS), as the necessary tools to safeguard and protect the personal databases processed by CRUZ Y GANDINI SAS.
VII. AUTHORIZATION Except for the cases defined in Law 1581 of 2012, CRUZ Y GANDINI SAS will request prior, express and informed authorization from the owners of the personal data at the time of capturing the information, through the different means that can be used as proof (physical document, electronic document, data message, internet, websites, among others). The authorization may be part of a contract or a specific document for that purpose. In no case will CRUZ Y GANDINI SAS equate the silence of the owner with unequivocal conduct. Whatever the mechanism used, it is necessary that the authorization be kept in order to be consulted later. CRUZ Y GANDINI SAS will keep the proof of authorization granted by the owner of the personal data for its treatment, using the mechanisms available to it and will take the actions that are necessary to maintain the record.
VIII. REVOCATION OF AUTHORIZATION The owner of the personal data may revoke the authorization and consent to the processing of these at any time, provided that this is not prevented by a legal or contractual provision. To this end, CRUZ Y GANDINI SAS has different mechanisms that allow the owner to revoke his/her consent and/or request the deletion of his/her personal data. Therefore, it must be taken into account that the revocation of consent may be expressed, on the one hand, in a total manner in relation to the authorized purposes, and therefore CRUZ Y GANDINI SAS must end any data processing activity; and on the other hand, partially in relation to certain types of processing, in which case these will be the ones for which the processing activities will cease, such as for advertising purposes, among others. In this last case, CRUZ Y GANDINI SAS may continue processing the personal data for those purposes in relation to which the owner has not revoked his/her consent.
IX. PROCEDURE FOR THE ATTENTION AND RESPONSE TO INQUIRIES, COMPLAINTS, CLAIMS AND REQUESTS FROM PERSONAL DATA OWNERS. The owners of personal data that are being collected, stored, processed, used and transmitted or transferred by CRUZ Y GANDINI SAS, may exercise their rights to know, update and rectify the information at any time. For this purpose, the following procedure will be followed, in accordance with the Personal Data Protection Law:
- Channels of Attention Enabled for the Presentation of Queries, Complaints, Claims and Requests. CRUZ Y GANDINI SAS, makes available to the owner the following means of reception for the attention of requests, queries, complaints and claims that allow to keep proof of the same:
1. Written means: must be addressed to CRUZ Y GANDINI SAS, to the Customer Service area, 5 B3 Street No. 38-44 Office 402, Cali. 2. Telephone means: The owner may contact our telephone line PBX: ( 57) (2) 5240170 ext. 402 from Monday to Friday from 8:00 am to 12:00 m and from 2:00 to 6:00 pm and on Saturdays from 8:00 am to 12:00 m. 3. Electronic means: our email is available for the attention of the requests info@metodonec.com. 4. You may also carry out this procedure through our website www.metodonec.com.
- Attention and Response to Requests, Inquiries, Complaints and Claims. Requests made through the different attention channels will be attended to within a maximum period of ten (10) business days counted from the date of filing. In the event that it is not possible to attend to the request within the stipulated time, the interested party will be informed of the reason why a timely response has not been given and defining a date on which the query and/or request will be attended to, which in no case may exceed five (5) business days following the expiration of the first period. - In the event that the requests are for updating, rectification or deletion of data, these will be answered within the following fifteen (15) business days, which count from the filing of the request. All requests must contain at least the description of the facts that give rise to the complaint or claim, the address and contact information of the applicant. If the application is submitted with incomplete data, CRUZ Y GANDINI SAS will require the interested party within five (5) days following receipt of the complaint or claim to correct the deficiencies. If two (2) months have passed since the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn the complaint or claim.
X. INFORMATION SECURITY CRUZ Y GANDINI SAS will adopt the technical, human and administrative measures necessary to ensure the security of the records, preventing their alteration, loss, consultation, unauthorized or fraudulent use or access. Both internal and external personnel and all those who have responsibilities over the sources, repositories and resources for processing the information of CRUZ Y GANDINI SAS must adopt the guidelines contained in this document and in the documents related to it, in order to maintain confidentiality, integrity and ensure the availability of the information. CRUZ Y GANDINI SAS is committed to making correct use and treatment of the personal data contained in the database, preventing unauthorized access by third parties. To this end, it has security and access protocols for information systems, storage and processing, including physical control measures and security risks. A perimeter security system "Firewall" and first-level proactive intrusion detection have also been implemented to keep the information safe. The system is permanently monitored through vulnerability analysis. CRUZ Y GANDINI SAS has deployed a series of documents and activities internally to ensure the correct operation of the security schemes applied to the personal data database processed. Storage of Personal Data CRUZ Y GANDINI SAS requests the data necessary for the acquisition of services, interaction with customers, activities involving the Company's internal staff and everything related to the billing process. Once the personal data has been provided voluntarily and freely, through registration through the different channels or means provided by CRUZ Y GANDINI SAS, they are stored in the database
of data corresponding to the process in which they intervene or according to the service acquired. In some cases, the databases are located behind a firewall for greater security and the servers on which the databases are stored are physically protected in a safe place. On the other hand, in the case of personal data corresponding to employees, clients, suppliers, among others, it is stored physically in files that are under lock and key. Only authorized personnel who have signed information confidentiality agreements can access them. XI. DISCLOSURE OF INFORMATION Each owner of the personal data processed by CRUZ Y GANDINI SAS recognizes and accepts this personal data processing policy and declares to know that CRUZ Y GANDINI SAS can provide this information to state entities that, in the exercise of their functions, request this information. Likewise, they accept that they may be subject to internal or external audit processes by companies in charge of this type of control. The above, subject to the confidentiality of the information.
XII. VALIDITY AND UPDATE This policy for the processing of personal data was approved by the General Management and is effective as of May 1, 2017. The databases in which the personal data are stored will be valid for the same period as the purpose or purposes of the processing are maintained in each database.

Share by: