Privacy Policy

Learn how we handle your information

PERSONAL DATA PROCESSING AND PROTECTION POLICY FOR WEB APPLICATION

Policy applicable to INTERLINK S.A. for the processing and protection of personal data in compliance with Law 1581 of 2012 and Decree 1377 of 2013.

1. LEGAL REGULATIONS AND SCOPE OF APPLICATION

Legal framework

This Personal Data Processing Policy is prepared in accordance with the Political Constitution, Law 1581 of 2012, Regulatory Decree 1377 of 2013 and other complementary provisions and will be applied by INTERLINK S.A. regarding the collection, storage, use, circulation, suppression, and all activities that constitute the processing of personal data, according to current regulations.

2. DEFINITIONS

For the purposes of implementing this policy and in accordance with legal regulations, the following definitions shall apply:

AUTHORIZATION:

Prior, express and informed consent of the Data Subject to carry out the processing of personal data in accordance with the purposes described in this policy.

PRIVACY NOTICE:

Verbal or written communication generated by the controller, addressed to the data subject for the processing of their personal data, informing about the existence of the Information Processing policies, how to access them and the purposes of the intended processing.

DATA SUBJECT:

Natural person whose personal data are subject to processing.

DATABASES:

Organized set of information that will be subject to processing.

PERSONAL DATA:

Any information linked or that can be associated with one or more determined or determinable natural persons.

PUBLIC DATA:

Data that is not semi-private, private or sensitive. Public data includes, among others, data related to marital status, profession or occupation, and status as a merchant or public servant. By its nature, public data may be contained in public records, public documents, official gazettes and bulletins, and enforceable judicial decisions not subject to reserve.

PRIVATE DATA:

Data that by its intimate or reserved nature is only relevant to the data subject.

SENSITIVE DATA:

Sensitive data are those that affect the intimacy of the data subject or whose misuse may generate discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social or human rights organizations or that promote political party interests or guarantee rights of opposition parties, as well as data related to health, sexual life, and biometric data.

PROCESSING:

Any operation or set of operations performed on personal data. Processing may include collection, storage, use, circulation or suppression of data.

PROCESSOR:

Natural or legal person, public or private, who by themselves or in association with others, processes personal data on behalf of the Controller.

CONTROLLER:

Natural or legal person, public or private, who by themselves or in association with others, decides on the database and/or the processing of data.

TRANSMISSION:

Processing of personal data that involves communication of data within or outside the territory of the Republic of Colombia when intended to be processed by the Processor on behalf of the Controller.

TRANSFER:

Transfer of data occurs when the Controller and/or Processor located in Colombia sends personal data to a recipient, who in turn is a Controller located within or outside the country.

3. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

In the development, interpretation and application of personal data processing, INTERLINK S.A. shall be governed by the following principles:

PURPOSE PRINCIPLE:

Processing must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Data Subject.

FREEDOM PRINCIPLE:

Processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or without a legal or judicial mandate that exempts consent.

TRUTHFULNESS OR QUALITY PRINCIPLE:

Information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. Processing of partial, incomplete, fragmented or misleading data is prohibited.

TRANSPARENCY PRINCIPLE:

Processing must guarantee the right of the Data Subject to obtain from the Controller or the Processor, at any time and without restrictions, information about the existence of data concerning them.

RESTRICTED ACCESS AND CIRCULATION PRINCIPLE:

Processing is subject to limits derived from the nature of personal data, the provisions of this law and the Constitution. Processing may only be carried out by persons authorized by the Data Subject and/or persons provided for in the regulations.

SECURITY PRINCIPLE:

Information subject to Processing by the Controller or Processor must be handled with the technical, human and administrative measures necessary to provide security to records, preventing adulteration, loss, consultation, use or unauthorized or fraudulent access.

CONFIDENTIALITY PRINCIPLE:

All persons involved in the processing of personal data that are not public in nature are obliged to guarantee confidentiality, even after their relationship with the processing activities ends, only providing or communicating data when it corresponds to activities authorized by law and under its terms.

4. PROCESSING AND PURPOSES OF COLLECTION AND PROCESSING OF PERSONAL DATA INTERLINK S.A.

SINTRALITIGANTES DE COLOMBIA may use the personal data of data subjects who have expressly and informedly authorized such processing for the following: Comply with its corporate purpose and develop its commercial activities. Execute the existing contractual relationship with its customers, suppliers and workers, including payment of contractual obligations. Inform through any means its customers, suppliers and collaborators about products or services it offers or may offer, or those offered by its subsidiaries or strategic allies.

PERSONAL DATA PROCESSING AND PROTECTION POLICY FOR WEB APPLICATION

Carry out and/or inform about advertising or promotional activities through any means. Contact its suppliers, customers or consumers by any means to fulfill its corporate purpose and conduct its ordinary course of business. Carry out all administrative, financial and marketing procedures directly related to its ordinary course of activities. Present information and/or reports when required by a state entity or duly authorized third party.

Access, consult, compare and evaluate all information of personal data subjects with the databases of credit, financial, judicial background or security companies. Generate statistical reports directly or indirectly related to the data of its customers, suppliers or collaborators. Develop the selection, evaluation and hiring process. Those indicated in the authorization granted by the data subject or described in the respective privacy notice, as applicable.

PARAGRAPH: If personal data is provided, such information will be used only for the purposes stated herein, and therefore INTERLINK S.A. will not sell, license, transmit, transfer or disclose it, except when:

There is express authorization to do so.
It is necessary to allow contractors or agents to provide the services entrusted.
It is necessary to provide our services and/or products.
It is required or permitted by law.

7. RIGHTS OF DATA SUBJECTS WHOSE PERSONAL DATA IS SUBJECT TO PROCESSING

Data subjects personally or through their representative, attorney or successor may exercise the following rights with respect to personal data processed by INTERLINK S.A.:

UPDATE AND RECTIFICATION:

To update or rectify personal data subject to processing. The right of rectification may be exercised when data stored are partial, inaccurate, incomplete or fragmented. Updates occur when new circumstances arise that alter their truthfulness, ensuring they are precise and sufficient.

REQUEST PROOF OF AUTHORIZATION:

Request proof of the authorization granted by the data subject to carry out processing of personal data, except in events where, according to current legal rules, authorization is not required.

INFORMATION:

Request information about the uses given to personal data subject to processing.

RIGHT OF ACCESS:

Access personal data under the control of INTERLINK S.A. to consult it free of charge once each calendar month and whenever substantial changes to the Information Processing Policies motivate new consultations, according to the channels provided for such purposes.

FILE COMPLAINTS WITH THE SUPERINTENDENCE OF INDUSTRY AND COMMERCE:

For infringements of this personal data processing policy, Law 1581 of 2012, or Decree 1377 of 2013.

REVOCATION AND DELETION:

Revoke authorization and/or request deletion of data when processing does not respect constitutional and legal principles, rights and guarantees. This also applies when the data subject expressly and in writing states their intention to be removed from processing databases.

FREE ACCESS:

Access free of charge the data that have been processed and of which the data subject is the owner, within the parameters of this policy.

FIRST PARAGRAPH:

For the exercise of the rights described above, both the data subject and the person representing them must prove their identity and, where applicable, the capacity in which they represent the data subject.

SECOND PARAGRAPH:

The rights of minors shall be exercised by the persons authorized to represent them.

8. DUTIES OF THE CONTROLLER OF PERSONAL DATA PROCESSING.

All those obliged to observe this policy must comply with the duties imposed by law. Consequently, the following obligations must be fulfilled:

8.1 DUTIES WHEN ACTING AS CONTROLLER:

Guarantee the Data Subject, at all times, the full and effective exercise of the habeas data right.
Keep a copy of the respective authorization granted by the data subject.
Properly inform the Data Subject about the purpose of collection and the rights they have by virtue of the authorization granted.
Guarantee that the information supplied to the Processor is truthful, complete, accurate, updated, verifiable and understandable.
Update the information, communicating in a timely manner to the Processor all changes regarding data previously supplied and adopting the necessary measures to keep it updated.

Rectify information when incorrect and communicate it to the Processor.
Provide the Processor only data whose processing has been previously authorized.
Demand from the Processor at all times respect for security and privacy conditions of the data subject’s information.
Process inquiries and claims in the terms established.
Adopt an internal policies and procedures manual to ensure proper compliance in handling inquiries and claims under this policy.

Inform the Processor when certain information is under discussion by the data subject after a claim has been filed and before the process is finished.
Inform at the request of the data subject about the use of their data.
Inform the data protection authority when security violations occur and risks arise in managing data subjects’ information.
Comply with instructions and requirements issued by the Superintendence of Industry and Commerce.
Ensure the principles of truthfulness, quality, security and confidentiality are observed under this policy.
Preserve information under security conditions necessary to prevent adulteration, loss, consultation, use or unauthorized or fraudulent access.

8.2 DUTIES WHEN PROCESSING THROUGH A PROCESSOR:

Provide the Processor only personal data whose processing has been previously authorized. For national or international transmission of data, a data transmission agreement must be signed or contractual clauses agreed as established in Article 25 of Decree 1377 of 2013.
Guarantee that information supplied to the Processor is truthful, complete, accurate, updated, verifiable and understandable.
Timely communicate to the Processor all changes regarding data previously supplied and adopt the necessary measures to keep it updated.

Inform the Processor in a timely manner of rectifications made to personal data so that adjustments can be made.
Require the Processor at all times to respect security and privacy conditions of the data subject’s information.
Inform the Processor when certain information is under discussion by the data subject after a claim has been filed and before the process is finished.

8.3 DUTIES REGARDING THE SUPERINTENDENCE OF INDUSTRY AND COMMERCE:

Inform it of potential security violations and the existence of risks in the administration of data subjects’ information.
Comply with instructions and requirements issued by the Superintendence of Industry and Commerce.