ZK SAS , accepting and complying with the provisions of Law 1581 of 2012 and Regulatory Decree 1377 of 2013 and what is stated in Article 15 of our Political Constitution, adopts and applies this Policy for the processing of personal data. ZK SAS , states that it guarantees the privacy, rights to privacy, and good name of people, during the process of processing personal data, in all activities, which will have the principles of confidentiality, security, legality, access, freedom and transparency.
You agree not to reveal the information that is entered, transferred or accessed in the development of our corporate purpose, in accordance with the rules of Law 527 that regulates Electronic Commerce in Colombia and Law 1581 of 2012 on the use of confidential data. With this Personal Data Treatment and Protection Policy.
ZK SAS , to comply with the data protection policies and the obligations of Law 1581 of 2012, its Regulatory Decrees and the other regulations that complement, add, enrich or modify it, takes into account the following for the management of information and personal data:
Personal information is one of the most important assets, therefore, the processing of this information is carried out taking into account all the necessary care and in compliance with what is established by law, guaranteeing people the full exercise and respect for their right to Habeas Data.
The information found in its own Database has been obtained in the development of the activity of ZK SAS , its compilation has been and will always be done in accordance with legal regulations.
The ZK SAS Personal Data Protection Policy will apply to all Databases and/or files that contain Personal Data, which for ZK SAS is the object of Treatment as responsible and/or in charge of the processing of Personal Data.
The Processing of Personal Data must be carried out in the terms, conditions and scope of the authorization of the Owner and/or in application of special rules when any legal exception is applicable to do so. Any type of request, as a result of the exercise of the duties and rights enshrined in the policy, may contact us in the city of Bogotá, Colombia, at the telephone number (1)357 1740 email:trabajodatos@zk.com.co
ZK SAS , company identified by NIT. 830.506.990 with main office at Carrera 11 # 73- 44 Office 708 of the city of Bogotá, Colombia, with contact telephone number (1)357 1740 and email:trabajodatos@zk.com.co, will be responsible for the treatment of personal data and databases.
The purpose of the Personal Data Protection Policy seeks:
Implement the procedures for collecting and processing personal data according to the provisions of the law.
Generate an organized scheme to safeguard the private, semi-private, public and sensitive data of its owners.
The purpose of ZK SAS regarding the collection and processing of Personal Data against:
CUSTOMERS:
Capture the data of its Users (with a service provision contract and/or occasional) and keep them under its operation, control or supervision in order to use them for the fulfillment of the obligations between ZK SAS and THE CUSTOMER such as: 1. Invoicing , generate service orders, carry out warranty processes and after-sales services and all those that are developed by virtue of the legal transactions carried out between the parties 2.Disseminate information related to its corporate purpose, commercial promotion of events and sales, related activities.
EMPLOYEES:
This purpose specifically includes the payment of salaries and obligations as an employer of affiliations and contributions to social security and compensation funds, both of employees and their families, and control of job developments such as permits, disabilities, access control and work hours. of the employee.
SUPPLIERS:
Permanent contact to request quotes and manage the commercial relationships that arise, with the aim of acquiring their products or services as inputs for the operation according to the company name of ZK SAS.
DEFINITIONS:
Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data.
Privacy notice: Verbal or written communication generated by the Controller addressed to the Owner for the processing of their personal data, through which they are informed about the existence of the information Processing policies that will be applicable to them, the way to access the same and the purposes of the Treatment that is intended to be given to personal data.
Database: Organized set of personal data that is subject to Treatment.
Personal data: Any information linked or that can be associated with one or several specific or determinable natural persons.
Private data: It is the data that, due to its intimate or reserved nature, is only relevant to the owner.
Sensitive data: Sensitive data is understood to be data that affects the privacy of the Owner or whose improper use may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
Data Processor: Natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of personal data on behalf of the Data Controller.
Responsible for the Treatment: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the Processing of the data.
Owner: Natural person whose personal data is the subject of Treatment.
Treatment: Any operation or set of operations on personal data, such as their collection, storage, use, circulation or deletion.
Terms and Conditions: general framework in which the conditions are established for participants in promotional or related activities.
AREA OF APPLICATION:
The Personal Data processing policies must be known and applied by all officials, employees, departments, clients and suppliers of ZK SAS .
The Data Controller has been defined by Law 1581 of 2012 as the natural or legal person, public or private, who alone or in association with others decides on the database and/or the processing of the data. Therefore ZK SAS recognizes that its duties are those established in article 17 of Law 1581 of 2012:
a) Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data.
b) Request and keep, under the conditions provided in the aforementioned law, a copy of the respective authorization granted by the Owner.
c) Duly inform the Owner about the purpose of the collection and the rights granted to him by virtue of the authorization granted.
d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
e) Guarantee that the information provided to the Data Processor is true, complete, exact, updated, verifiable and understandable.
f) Update the information, communicating in a timely manner to the Data Processor, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it remains updated.
g) Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor.
h) Provide the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of the aforementioned law.
i) Demand that the Data Processor at all times respect the security and privacy conditions of the Owner's information.
j) Process queries and claims made in the terms indicated in the aforementioned law.
k) Adopt an internal manual of policies and procedures to guarantee adequate compliance with the aforementioned law and, especially, to respond to queries and complaints.
l) Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been submitted and the respective process has not been completed.
m) Inform at the request of the Owner about the use given to their data.
n) Inform the data protection authority when violations of security codes occur and there are risks in the administration of the Owners' information.
o) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.”
a) Know, update and rectify your personal data before the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Processing is expressly prohibited or has not been authorized.
b) Request proof of the authorization granted to the Data Controller except when it is expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of the aforementioned law.
c) Be informed by the Data Controller or Data Processor, upon request, regarding the use that has been given to your personal data.
d) Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of the aforementioned law and other regulations that modify, add or complement it.
e) Revoke the authorization and/or request the deletion of the data when the processing does not respect constitutional and legal principles, rights and guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the Treatment the Controller or Processor has engaged in conduct contrary to the law and the Constitution.
f) Access free of charge to your personal data that has been processed. Additionally, Regulatory Decree 1377 of 2013 defines that the Controllers must keep proof of the authorization granted by the Holders of personal data for the Processing thereof.
In order to carry out the update, correction, rectification or deletion, the Owner must process the request addressed to the person responsible or in charge of the treatment indicating:
Full name and identification of the data owner.
Detailed description of the facts giving rise to the request.
Owner location data such as address, department, city and contact telephone number.
Description of the procedure you wish to carry out (update, correction, rectification or deletion).
And if you consider it necessary to attach documents that support the request (this point is optional).
Once the request from the Owner of the personal data is received by email totrabajodatos@zk.com.co or to the physical address, ZK SAS will process it in a time no longer than 15 business days, complying with the provisions of current regulations.
If on the part of ZK SAS , it has not been possible to respond to the request within the indicated period, the Owner (interested party) will be informed, listing and detailing the reasons why it was not possible to respond to their request and notifying them of the date on which that will be resolved.
ZK SAS , in development of the principle of private autonomy, and in accordance with the data processed, and according to current legislation, has developed the following classification of data:
Personal Data: Set of information that can be related to one or more natural persons.
Public data: Public data is anything contained in public documents, related to the marital status of people, their profession or trade, and their quality as a merchant or public servant. Public data are, for example, those contained in the citizenship card, in public registries, in judicial rulings that have been duly executed and not subject to confidentiality. Due to the above, public data will also be data that is not semi-private, private or sensitive.
Semi-private data: It is data whose knowledge or disclosure is of interest to its owner and to a certain group of people or social sector. For example, commercial or professional activity.
Private data: It is data whose knowledge or disclosure, due to its intimate and reserved nature, is of interest only to its owner.
Reserved data: It is one that has a confidential nature or a high commercial value in itself.
Sensitive data: It is that which affects the privacy of its owner or whose improper use can generate discrimination. For example, those related to sexual orientation, political orientation, ethnic or racial origin, religious or philosophical convictions, participation in union, human rights or social groups, among others.
In accordance with the Personal Data Protection Law, sensitive data is considered to be data that affects privacy or whose improper use can generate discrimination.
The Processing of Personal Data of a sensitive nature is prohibited by law, unless there is express, prior and informed authorization from the Owner, among other exceptions enshrined in Article 6 of Law 1581 of 2012. Data of a sensitive nature are those related to:
Racial or ethnic origin.
Political orientation.
Religious/philosophical convictions.
Membership in unions, social organizations, human rights organizations or political parties.
Sex life.
Biometric data (such as fingerprint, signature and photo).
No activity may be conditioned on the owner providing sensitive personal data.
The Personal Data protection policies of ZK SAS are governed by the following internal and external regulations:
LAW 527 OF 1999:
It defines and regulates access and use of data messages, electronic commerce and digital signatures, and establishes certification entities and dictates other provisions.
Likewise, it introduces the concept of functional equivalent, electronic signature as mechanisms of authenticity, availability and confidentiality of information.
LAW 1266 OF 2008:
By which the general provisions of Habeas Data are dictated and the management of information contained in personal databases is regulated, especially financial, credit, commercial, services and information from third countries, and other provisions are dictated.
LAW 1273 OF 2009:
Law by which the legal good of information and personal data is created and protected. Likewise, criminal conduct is classified as computer damage, violation of personal data, abusive access to a computer system, interception of computer data, theft by computer means, among others.
LAW 1581 OF 2012:
By which general provisions are issued for the protection of personal data.
DECREE 1377 OF 2013:
With which Law 1581 of 2012 is regulated, on aspects related to the authorization of the Information Holder for the Processing of their personal data, the Treatment policies of the Controllers and Processors, the exercise of the rights of the Information Holders, transfers of personal data and demonstrated responsibility for the Processing of personal data.
DECREE 368 OF 2014:
By which operations are regulated through financing systems provided for in article 45 of Law 1480 of 2011.
DECREE 886 OF 2014:
By which article 25 of Law 1581 of 2012 is regulated, relating to the National Registry of Personal Data Bases, which is in charge of the Superintendency of Industry and Commerce, and where those who act as Responsible for the processing of personal data , must register their Databases following the instructions of this decree.
ZK SAS will apply the best practices for the security, discretion, protection, storage and confidentiality of the Personal Data of the owners. It will verify, when appropriate, the origin of legal exceptions to deliver personal data to the authorities and in pertinent cases.
ZK SAS guarantees the right of access to the data owner, with prior accreditation of their identity, legitimacy and at no cost, to their personal data through different means, mainly electronic, that allow the owner direct access to them. Said access must be offered without any limit and the owner must be allowed the possibility of knowing and updating them online.
Update the information as the data is obtained, in accordance with the provisions of Law 1581 of 2012.
Maintain proof of the authorization granted by the owners of the personal data for their processing, using digital mechanisms and security rules necessary to maintain the record of the form and date. ZK SAS establishes electronic repositories to safeguard information.
Social networks such as Facebook and Instagram constitute complementary platforms for the dissemination of information (communication), which are highly interconnected with users' digital media.
All the information that users provide on the social networks in which ZK SAS participates, as a user, does not constitute or form part of the Personal Data subject to the protection of this Policy, being the total responsibility of the company that provides that platform.
ZK SAS will process the commercial data and financial information that it considers necessary for the fulfillment of its corporate purpose and for any conclusion of contracts with third parties. Their data will be treated with privacy, rights to privacy, the good name of the people, within the process of processing personal data, and during all activities that will have the principles of confidentiality, security, legality, access. , freedom and transparency.
For this purpose, the signing of the Confidentiality Agreement for the delivery of Data with all suppliers and employees is regulated.
All data provided by ZK SAS employees will be stored, compiled, used, shared, consulted, transmitted, exchanged and transferred, to comply with the obligations derived from the employment relationship and the exercise of rights as an employer.
All information related to employees or former employees of ZK SAS will be kept so that the Company can fulfill its obligations as an employer and exercise the rights that correspond to it in that same condition, in accordance with Colombian labor legislation.
Upon entry to ZK SAS of new employees with an employment contract, it is a requirement that at the start of their assigned work, they declare that they know, accept and apply the Personal Data Protection Policies.
To complete the hiring process of a new employee at ZK SAS , it is necessary to guarantee the employee's signature and acceptance of this policy.
This policy takes effect from the date of its publication and leaves without effect any other institutional provisions that are contrary to it. All information not contemplated in this policy will be regulated in accordance with the General Personal Data Protection Regime in force in Colombia.
The updating of the Personal Data Protection Policies will depend on the instructions and guidelines of the general management of ZK SAS , as well as the current regulations and regulatory extensions of the surveillance and control entity, the Superintendence of Industry and Commerce.
