Data Treatment Policy
With the aim of complying with the current legislation on data protection, especially Law 1581 of 2012 (and other regulations that modify, add, complement or develop it) and Decree 1377 of 2013, we put it below both of the relevant aspects in relation to the collection, use and transfer of personal data that MEGADVANTAGE TECH SERVICES SAS performs of your personal data, by virtue of the authorization granted by you to advance said treatment, as well as the management.
In this personal data processing policy (the “Policy”) you will find the corporate and legal guidelines under which the company processes your data, the purpose, your rights as the owner, as well as the internal and external procedures for the exercise of such rights.
For the interpretation of this Policy, we ask you to take into account the following definitions:
Personal data: Any information linked or that can be associated with one or several determined or determinable natural persons;
– Sensitive data: Those data that affect the privacy of the Owner or whose improper use can generate discrimination;
– Data Processor: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the company as data controller;
– Treatment Policy: Refers to this document, as a personal data treatment policy applied by the company in accordance with the guidelines of current legislation on the matter;
– Provider: Any natural or legal person who provides a service to the company by virtue of a contractual/obligational relationship;
– Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data, for the purposes of this policy, will act as responsible, in principle, the company;
– Owner: Natural person whose personal data is processed, be it a client, supplier, employee, or any third party who, due to a commercial or legal relationship, provides the company with personal data;
– Transfer: Refers to the sending by the company as responsible for the Treatment or a Data Manager, to a third agent or natural/legal person (receiver), inside or outside the national territory for the effective treatment of personal data;
– Transmission: Refers to the communication of personal data by the person in charge to the Manager, located inside or outside the national territory, so that the Manager, on behalf of the person in charge, processes personal data;
– Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
For the understanding of the terms that are not included in the previous list, you must refer to the current legislation, especially Law 1581 of 2012 and Decree 1377 of 2013, giving the meaning used in said regulation to the terms of whose definition there is any doubt.
3. Use and purpose of the Treatment
The Company recognizes that the Owner of the personal data has the right to have a reasonable expectation of their privacy, taking into account in any case their responsibilities, rights and obligations with the company.
By virtue of the relationship established between you and the company, it collects, stores, uses and transfers personal data to companies located inside and outside Colombia. Personal data is used for:
• Execution of the contract signed with the Company.
• Collection and collection of contractual obligations.
• Payment of contractual obligations.
• Sending information to government or judicial entities at their express request.
• Support in external/internal audit processes.
• Registration of the information of the Students, their parents/guardians in the Company's database.
• Registration of Employee information in the company's database.
• Registration of Supplier information in the company's database.
• Contact with Students, their Parents/Guardians, Employees or Suppliers to send information related to the contractual, commercial and obligatory relationship that takes place.
• Collection of data for the fulfillment of the duties that, as the person in charge of the information and personal data, corresponds to the company.
• For security or fraud prevention purposes.
If you provide us with Personal Data, this information will be used only for the purposes indicated herein, and we will not proceed to sell, license, transmit or disclose it outside the company unless (i) you expressly authorize us to do so, (ii) is necessary to enable our contractors or agents to perform the services we have entrusted to them, (iii) in order to provide you with our products or services, (iv) is disclosed to entities that perform marketing services on our behalf or to other entities with with which we have joint marketing agreements, (v) is in connection with a merger, consolidation, acquisition, divestiture or other restructuring process, or (vi) as required or permitted by law.
In order to carry out the purposes described above, your personal data may be disclosed for the purposes set out above to human resources personnel, managers, consultants, advisors and other persons and offices as appropriate.
The Company may subcontract to third parties for the processing of certain functions or information. When we do outsource the processing of your personal information to third parties or provide your personal information to third party service providers, we advise such third parties of the need to protect such personal information with appropriate security measures, we prohibit them from using your personal information for own and prevent them from disclosing your personal information to others.
In the same way, the company may transfer or transmit (as appropriate) your personal data to other companies abroad for reasons of security, administrative efficiency and better service, in accordance with the authorizations of each of these persons. The Company has adopted the necessary measures so that these companies implement in their jurisdiction and in accordance with the laws applicable to them, standards of security and protection of personal data even similar to those provided in this document and in general in the policy of the company. about matter. In the case of transmission of personal data, the transmission contract will be signed under the terms of Decree 1377/13.
Additionally, we inform you that once the need to process your data ceases, they may be eliminated from the company's databases or archived in secure terms so that they are only disclosed when appropriate in accordance with the law.
You expressly, informed and specifically authorize the company to process the sensitive data that may arise and that you provide
freely. Keep in mind that when the processing of sensitive data is necessary to carry out a specific purpose other than those listed in this Policy, the company will inform you in advance and explicitly what data is sensitive and the purpose of its processing. The Company has a sensitive data treatment policy: none of the services that you can obtain from the company will be conditioned to the provision of sensitive data. We remind you that because it is sensitive data, you are not obliged to authorize its treatment. However, to the extent that the knowledge of said data is necessary for the provision of our services as an educational institution, if you decide not to authorize its treatment, the company will be forced not to provide said service.
4. Rights of the Holder
In accordance with article 8 of Law 1581 of 2012, the rights that assist you as the owner in relation to your personal data are:
a. Know, update and rectify your personal data in front of the company as those responsible for the Treatment or Treatment Managers. This right is
may exercise, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized;
b. Request proof of the authorization granted to the company as responsible for the Treatment except when expressly excepted as a requirement for Treatment;
c. Be informed by the company, as responsible for the Treatment or by the Treatment Manager, upon request, regarding the use that has been given to your personal data;
d. Submit complaints to the Superintendence of Industry and Commerce for violations of the provisions of this law and other regulations that modify, add or complement it;
and. Revoke the authorization and/or request the deletion of the data when the Treatment does not respect the constitutional and legal principles, rights and guarantees;
F. Free access to your personal data that have been processed.
Within this policy you will find the procedure through which the company guarantees the exercise of all your rights.
5. Procedure for the exercise of your rights as owner
If you have questions about this Policy, or any concern or claim, or in the event of a complaint, rectification, update, query, or request for access or data theft, or regarding the administration of the Policy, contact us through any of the following means:
Telephone: +57313 4893992
Keep in mind that once you inform the responsible area within the company, depending on which of them your request is directed to, the query, request or complaint will be processed.
You can consult the company regarding the personal data it has stored in its databases, for which it will be necessary for the applicant or their legal representative to previously prove their identity. Said query will be answered by the company within a maximum term of ten (10) business days from the date of receipt thereof. This period may be extended by the company on a single occasion, in which case you will be informed of the reasons for the delay and the date on which your request will be dealt with, which in no case will be more than five (5) business days following the expiration of the first term.
Your request or request related to claims, updates, corrections, or deletion of your personal data must be attended to within a maximum term of fifteen (15) business days from the receipt of the request or request. For the correct and complete consideration of your petition, request or claim, we ask you to provide the identity of the requester, his identification number, the address for notifications/responses and the documents he wishes to assert.
If your request or request does not have sufficient data and facts that allow the company to attend to it correctly and completely, you will be required within five (5) days following receipt of the request, request or claim to rectify your failures. . After two (2) months have elapsed from the date of the request, if you as the applicant have not corrected as required, the company as the recipient of your request understands that you have withdrawn your application.
6. Modification of this policy
This policy may be modified at any time, which is why we recommend you regularly or periodically review our website, where you will be notified of the change and the latest version of this Policy or the mechanisms to obtain a notification will be made available to you. copy of this
Effective Date: January 2022
Date last modified: February 2022
Effective date of the database: The validity of the database will be the reasonable and necessary time to comply with the purposes of the information processing.