Privacy Policy

This document establishes the Personal Data Processing Policies of NORDEN ASESORÍA JURÍDICA S.A.S. (hereinafter the “ENTITY”), acting as a private law entity, in compliance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, and it describes the mechanisms through which the ENTITY guarantees a Proper handling of the personal data collected in its databases, in order to allow the owners the proper exercise of the fundamental right of Habeas Data.

The ENTITY is a Company called NORDEN ASESORÍA JURÍDICA S.A.S. of Colombian nationality, domiciled in Bogotá, with Tax Identification Number (NIT) 901.026.299 and whose contact information is as follows:

Address: Calle 71 # 11-10. Oficina 702, Bogotá D.C

Telephone: +57 2351699

Email: contacto@signa.com.co

Likewise, the ENTITY will directly exercise the processing of the personal data in question, subject to the provisions of this Policy. However, in the event that said functions are transferred to a third party to be a temporary manager or a permanent person in charge of processing the information, the designated third party will comply with the duties set forth in this document.

The Personal Data Processing Policy of NORDEN ASESORÍA JURÍDICA S.A.S. Its objective is to inform all people regarding the rights and duties that assist them in the face of the regulation of personal data protection in Colombia (Law 1581 of 2012 and Decree 1377 of 2013), all to guarantee a legal and ethical treatment of information of a personal nature within the ENTITY.

Authorization: Prior, express and informed consent of the Owner to carry out the Processing of their personal data;

Database: Organized set of personal data that is subject to Treatment;

Personal data: Any information linked or that can be associated with one or more specific or determinable natural or legal persons;

Manager: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller;

Responsible: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of the data;

Owner: Natural or legal person whose personal data is subject to Treatment;

Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

Principle of legality: The processing of personal data is a regulated activity that must be subject to the provisions of the law and the other provisions that develop it;

Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder;

Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent;

Principle of veracity or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited;

Principle of transparency: In the Treatment, the right of the Owner to obtain from the Treatment Manager or the Treatment Manager, at any time and without unjustified restrictions, information about the existence of data that concerns him or her;

Principle of restricted access and circulation: Treatment is subject to the limits derived from the nature of personal data, the provisions of the law and the Constitution. In this sense, the Treatment can only be done by persons authorized by the Owner and/or by the persons provided for by law. Personal data, except for public information, may not be available on the Internet or other means of disclosure or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or third parties authorized by law;

Security principle: The information subject to Treatment by the Treatment Manager or Treatment Manager must be handled with the technical, human and administrative measures that are necessary to provide security to the records, avoiding their adulteration, loss, consultation, use or unauthorized access. authorized or fraudulent;

Confidentiality principle: All persons involved in the Processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that the Processing comprises, and may only Carry out supply or communication of personal data when this corresponds to the development of activities authorized by law and in the terms thereof.

The personal data present in the databases of the ENTITY may be sent to public, financial, public service, notarial and judicial entities that are inherent to the correct development of the legal transactions that have been concluded with its owner.

In addition, the ENTITY will provide the information required by the competent authorities for the self-control of the risk of money laundering and financing of terrorism, with respect to operations classified as suspicious or attempted, in the terms of the provisions of the Basic Legal Circular of the Superintendency of Companies.

Finally, for the proper fulfillment of constitutional and legal duties and obligations, the ENTITY may keep the information that is necessary for its full compliance. To that extent, there will be data that will be kept for periods established by law, despite the existence of the right of deletion of the corresponding holders of personal data.

Different kinds of information are stored in the ENTITY’s databases depending on the nature of the owner thereof, namely:

1. Identification data:

– General, such as, full name / business name, class and identification number, marital status, gender, etc.

– Specifics such as signature, nationality, place and date of birth, age, etc.

– Biometrics, such as fingerprints, photographs and videos.

2. Location data related to business or professional activity, such as address, telephone and email

3. Personal location data related to private activity, such as address, telephone and email.

4. Your current occupation, profession or trade.

5. Information on the status of compliance with its obligations to the ENTITY.

1. Identification data:

– General, such as, full name / business name, class and identification number, marital status, gender, etc.

– Specifics such as signature, nationality, place and date of birth, age, etc.

– Biometrics, such as fingerprints, photographs and videos.

2. Location data related to business or professional activity, such as address, telephone and email

3. Personal location data related to private activity, such as address, telephone and email.

4. Your current occupation, profession or trade.

5. Information on the status of compliance with its obligations to the ENTITY.

1. Identification data:

– General, such as, full name / business name, class and identification number, marital status, gender, etc.

– Specifics such as signature, nationality, place and date of birth, age, etc.

– Biometrics, such as fingerprints, photographs and videos.

2. Location data related to business or professional activity, such as address, telephone and email

3. Personal location data related to private activity, such as address, telephone and email.

4. Your current occupation, profession or trade.

5. Information on the status of compliance with its obligations to the ENTITY.

a. Identification data.

– General, such as full name / business name, class and identification number, marital status and gender.

– Specifics such as signature, nationality, place and date of birth and age.

– Biometrics, such as fingerprints, photographs and videos.

b. Location data related to commercial or professional activity, such as address, telephone and email.

c. Personal location data related to private activity, such as address, telephone and email.

d. Data related to the class of shares of which he is the owner, his capital participation, the status of compliance with his obligations with the ENTITY and the direction of his votes in the deliberation processes at the Shareholders’ Meeting.

a. Identification data.

– General, such as full name / business name, class and identification number, marital status and gender.

– Specifics such as signature, nationality, place and date of birth and age.

– Biometrics, such as fingerprints, photographs and videos.

b. Location data related to commercial or professional activity, such as address, telephone and email.

c. Personal location data related to private activity, such as address, telephone and email.

d. Performance data such as employment and academic history.

Sensitive data such as the composition of the family group, the health of the worker and his eventual membership in trade union organizations.

The employee databases also include information on employment and academic history, sensitive data required by the nature of the employment relationship (photograph, composition of the family group, among others). It must be taken into account that sensitive information may be stored in the databases with the prior authorization of its owner, in compliance with the provisions of articles 5 and 7 of Law 1581 of 2012.

The information that appears in the databases of the ENTITY is subjected to different forms of treatment, such as collection, exchange, updating, processing, reproduction, compilation, storage, use, systematization and organization, all of them partially or totally in compliance of the purposes set forth herein. The information may be delivered, transmitted or transferred to public entities, business partners, contractors, affiliates and subsidiaries, solely for the purpose of fulfilling the purposes of the corresponding database. In any case, the delivery, transmission or transfer will be made after signing the commitments that are necessary to safeguard the confidentiality of the information. Personal information, including sensitive information, may be transferred, transmitted or delivered to third countries, as long as they have a security level that is equal to or higher than that present in the Colombian regulations that regulate the matter. Likewise, the ENTITY declares that it currently has contracts for the storage of information with Managers located inside and outside the country, which have an information privacy policy and which can be provided to any interested party who requests it. Additionally, in compliance with legal and constitutional duties, the ENTITY may provide personal information to judicial or administrative entities.

This Information Treatment Policy will apply to all the organizational processes of the ENTITY that involve the treatment of personal data. In this sense, the ENTITY will fully comply with the provisions of this Policy to carry out any behavior that implies treatment of information.

The information collected by the ENTITY is intended to allow the proper development of its purpose as a private for-profit entity. However, the purpose for which the information is processed will vary depending on the nature of the owner of the information, namely:

a. Evaluate and approve the commercial links to be established with clients.

b. Carry out follow-ups and commercial studies.

c. Promote a better offer of our range of services.

d. The proper monitoring and registration of our clientele, both current and potential, including their contact information. In this regard, knowledge studies of the profile of the various clients of NORDEN ASESORÍA JURÍDICA S.A.S. may be carried out. Likewise, it will be possible to carry out customer satisfaction surveys.

a. The proper monitoring and registration of our suppliers of products and services, both current and potential, including their contact information.

b. Inform you of important news concerning NORDEN ASESORÍA JURÍDICA S.A.S. and/or about our services.

a. Promote the services of NORDEN ASESORÍA JURÍDICA S.A.S. on the web pages of our allies.

b. Promote the services of our allies on the website of NORDEN ASESORÍA JURÍDICA S.A.S.

a. Organize and systematize the information of our entire group of shareholders.

b. The facilitation of the exercise of the economic and political rights derived from the quality of shareholder.

a. Organize and systematize the information of all our Human Talent.

b. Verify the information presented in the selection process and their aptitude to occupy the position for which they are applying.

c. Comply with the obligations of an employment contract.

d. Advance the administrative, accounting and disciplinary procedures related to the worker.

e.Report the work resume of the worker within the ENTITY.

F. The other intrinsic to the access of the worker’s information for the fulfillment of what is established in the Employment Contract.

a. Prevent and detect fraud or other illegal or prohibited activities.

b. Ensure the security and integrity of the handling of all types of information within NORDEN ASESORÍA JURÍDICA S.A.S.

c. Organize and systematize the information of our entire work team.

d. Facilitate the payment and/or collection of pending obligations. In this sense, the solvency and compliance status of said obligations can be supervised.

e. Facilitate, promote, allow or maintain labor, civil and commercial relationships.

F. Comply with pre-contractual, contractual, post-contractual, certification, commercial, customer service and marketing, processing, research, training, accreditation, consolidation, organization, updating, reporting, statistics, survey, service and processing objectives.

In any case, the ENTITY keeps the necessary information to comply with legal duties, mainly in accounting, corporate, and labor matters. In addition, once the contractual relationship has ended, the ENTITY will record the data.

In accordance with the provisions of article 8 of Law 1581 of 2012, holders may:

1. Know, update and rectify your personal data before the ENTITY or the Managers. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Treatment is expressly prohibited or has not been authorized by its owner.
2. Request proof of the authorization granted to the ENTITY, except when expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012.
3. Be informed by the ENTITY or the Manager, upon request through the corresponding consultation mechanism, regarding the use that has been given to your personal data.
4. Present before the Superintendency of Industry and Commerce complaints for infractions of Habeas Data, after exhausting the consultation and claim mechanisms provided in this Policy.
5. Revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the Treatment. When the ENTITY demonstrates that it has justified reasons to keep the information in question, the revocation and/or deletion will proceed when the competent authority has determined that the ENTITY or the Person in Charge has engaged in conduct contrary to the law and the Constitution.
6. Free access to your personal data that has been processed.

The ENTITY must:

1. Guarantee the Holder, at all times, the full and effective exercise of the fundamental right of habeas data.
2. Request and keep, under the conditions set forth in this Personal Data Processing Policy, a copy of the respective authorization granted by the Holder.
3. Duly inform the Holder about the purpose of the treatment and the rights that assist him by virtue of the authorization granted.
4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
5. Guarantee that the information provided to the Manager is true, complete, accurate, updated, verifiable and understandable.
6. Update the information, communicating in a timely manner to the Person in Charge of the Treatment, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it is kept up to date.
7. Rectify the information when it is incorrect and communicate what is pertinent to the Manager.
8. Provide the Processor, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of this law.
9. Require the Manager at all times to respect the security and privacy conditions of the Holder’s information.
10. Process queries and claims formulated in the terms indicated in this Personal Data Processing Policy.
11. Adopt an internal manual of policies and procedures to guarantee proper compliance with this Personal Data Processing Policy and, in particular, for dealing with queries and claims.
12. Inform the Manager when certain information is under discussion by the Holder, once the claim has been filed and the respective procedure has not been completed.
13. Inform at the request of the Owner about the use given to their data.
14. Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the Holders’ information.
15. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

Any request, query, complaint or claim related to the handling of personal data, in application of the provisions of Law 1581 of 2012 and Decree 1377 of 2013, must be sent to:

Entity: NORDEN ASESORÍA JURÍDICA S.A.S.

Unit: Customer Service

Address: Calle 71 # 11-10. Oficina 702, Bogotá D.C

Telephone: +57 2351699

Email: contacto@signa.com.co

The holders of personal data that appear in the databases of the ENTITY, their proxies or successors in title, may consult the data that is subject to treatment by the ENTITY. Any request for consultation must be submitted in writing or by email, according to the information contained in this document. Queries will be answered within a term of ten (10) business days from the date of receipt of the respective request. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

Claims must be made in writing or by email, in accordance with the conditions contained in this document, and must contain, at least, the following information:

– Identification of the Holder.

– Clear and concise description of the facts that give rise to the claim.

– What is requested, clearly and precisely.

– Documentation that you want to present as evidence.

– Notification address of the Holder, both physical and electronic.

In the event that the consultation and claim mechanisms are to be exercised through a proxy, the duly authenticated power of attorney must be provided before a Notary Public in order to start the process. Likewise, when acting on behalf of a legal person, proof of legal or contractual representative status must be submitted.

If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

In the event that the person receiving the claim is not competent to resolve it, it will be transferred to the appropriate person within a maximum term of two (2) business days and the interested party will be informed of the situation. Once the complete claim is received, a legend will be included in the database that says “claim in process” and the reason for it, in a term not exceeding two (2) business days. Said legend must be kept until the claim is decided. The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.

The ENTITY’s Personal Information Treatment Policies will be in force as of February 25, 2020. The ENTITY reserves the right to modify them, under the terms and with the limitations provided by law. The databases managed by the ENTITY will be kept indefinitely, while it develops its purpose, and as long as it is necessary to ensure compliance with legal obligations, particularly labor and accounting taxes, but the data may be deleted at any time at the request of its holder, as long as this request does not contravene a legal obligation of the ENTITY or an obligation contained in a contract between the ENTITY and the Holder that supports its permanence.