This Policy aims to protect the personal data included in TRISANA’s files and databases, in order to guarantee the constitutional right that all people have to know, update and rectify their personal information, in accordance with Colombian national legislation (article 15 of the Political Constitution, Law 1581 of 2012 and its regulatory decrees) and international legislation.

 

The criteria for collection, use, treatment, processing, exchange, transfer and transmission of personal data; the responsibilities of TRISANA (as Data Controller), of the Data Processor and TRISANA’s employees, for personal data handling and processing, as well as the rights of data holders and the procedures to make them effective, are set out below.

​

DATA CONTROLLER AND DATA PROCESSOR

 

TRISANA S.A.S., (hereinafter TRISANA or the company) identified with the NIT number 901345874-1, with its main address in the city of Bogotá, Republic of Colombia, will be the Data Controller, whose contact information is as follows:

​

Email: info@trisana.com.co

Telephone number: +57 314 649 6151

​

The Data Processor shall be the natural or legal person hereinafter appointed by TRISANA for such purpose.

​

PERSONAL DATA THAT WE COLLECT

​

The following list contains the type of personal information, belonging to identifiable persons, which is the subject of the present data protection policy:

​

1. Contact data and information, such as: name, telephone number, email, address; nationality; personal photograph, voice and video recordings; signature and electronic signature; information contained in resumes of candidates and employees, brochures submitted by suppliers of goods and services, and information provided by external personnel and subcontractors.

2. Professional information: name of the company for which the natural person works, position and address;

3. Information related to transactions: card number for payment purposes, bank account number and other information necessary for carrying out bank transactions, tax information, assets, income, expenses, salary and credit history;

4. Information provided during virtual meetings, face-to-face meetings, customer service sessions;

5. Personal information provided during face-to-face or virtual trainings or courses carried out by the company.

6. Data used during the use of company platforms, such as username, information shared in chats, blogs and social networks in which the company participate, among others.  

7. Internet domain or IP address

8. Any additional information necessary for legal compliance, company policies and due diligence with respect to suppliers, business partners, contractors, candidates for positions offered by the company, employees and customers of the same.

​

TREATMENT AND PURPOSE

​

The Treatment to which the personal data shall be submitted by TRISANA, through the Data Processor, will be the collection, storage, processing, administration, use, transfer, transmission and deletion, in the manner permitted by law, and is carried out for the following purposes:

​

A. Purpose of the Processing of personal data of employees, former employees, pensioners, apprentices, trainees, their families and applicants in selection processes:

​

1. Personnel selection and engagement processes,

2. Payroll, affiliation, payments and reporting processes to the general social security system and family compensation funds,

3. Work history and background check,

4. Internal and external audits,

5. Attention to queries, requests, requests, actions or claims of entities of the general social security system to which the Holder is or has been linked,

6. Entry and exit of the different facilities or access to systems,

7. Verifications of compliance with legal standards, internal rules and regulations, business policies and due diligence,

8. Attention to possible emergencies,

9. And in general, for compliance with labor laws and all the necessary purposes according to the particular relation with TRISANA.

​

B. Purposes of the processing of personal data of suppliers, customers, contractors and collaborators:

​

1. Allow TRISANA to comply with pre-contractual, contractual and post-contractual obligations,

2. Respond inquiries, send quotes, meet the needs of TRISANA’s customers,

3. Conclude and execute contracts and agreements with clientes, suppliers and comercial partners,

4. Follow-up to the fulfillment of obligations and commitments by contractors and collaborators,

5. the fulfillment of matters of an administrative nature,

6. For the advancement of accounting registries, financial operations and payments,

7. Assignment and control of technological elements, equipment and products for sale,

8. External and internal audits,

9. Perform the process of background and restrictive lists checks for the prevention and control of money-laundering and the financing of terrorism, among other matters related to legal compliance of its customers, suppliers and business partners,

10. Sales and after-sales marketing campaigns,

11. Entry and exit of the facilities, and

12. In general, for all the necessary purposes according to the contractual relationship.

​

The personal data may also be processed in order to respond to queries, requests, actions and claims made by the Holder of the information or the persons authorized by him/her or by the Law.

​

INFORMATION COLLECTION MECHANISMS

​

TRISANA collects personal information, among others, when the owner of the personal data:

​

1. Make inquiries, request information or contact TRISANA,

2. Get involved with the company´s website;

3. Fill out TRISANA’s forms;

4. Visit TRISANA’s facilities or we visit theirs;

5. Conclude a contract or transaction with the company;

6. Participate in TRISANA’s trainings;

7.  Provide his/her data at industry events or trade shows,

8. In general, provide his/her data to the company.

 

Additionally, TRISANA collects personal information available in publicly accessible databases or social networks.

 

RIGHTS OF THE PERSONAL DATA OWNERS

​

The personal data provided to TRISANA, in the exercise of any employment or commercial activity, permanent or occasional, shall be protected under this Policy. TRISANA must therefore guarantee the following rights in the head of the Holders:

​

1. Access free of charge the data provided by its owners, that has been processed.

2. Acknowledge, update and rectify the information with respect to partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is prohibited or has not been authorized.

3. Request proof of the authorization granted for the treatment of the data, except in those cases where it is not legally required.

4. Be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been made of his or her personal data.

5. File complaints before the Superintendencia de Industria y Comercio (SIC) for any violations of persona data regulations.

6. Revoke the authorization and/or request the deletion of any data, provided there is no legal or contractual obligation that prevents said deletion.

7. Refrain from answering questions on sensitive data, the answers to which are optional.

​

PROCEDURE FOR HANDLING INQUIRIES AND COMPLAINTS 

 

The person in charge of processing the personal data will be the Legal Manager who will also be responsible for answering inquiries and complaints made by the data holder allowing to exercise his or her rights to know, update, rectify and delete the data and to revoke the authorization. Any inquiries will be sent to the email address: info@trisana.com.co and will be answered within a maximum term of ten (10) working days from the date of receipt thereof.

​

Whenever it is not possible to attend the inquiry or complaint within such period, the date on which the inquiry will be attended and the reasons for the delay shall be informed. The response to the inquiry or complaint may not exceed five (5) working days following the expiration of the first term.

​

The Data Holder or his or her successors in title who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties of the Controller or the Data Processor, may file a claim before any of them, which will be processed under the following rules:

 

The claim shall be formulated by means of a request addressed to the Data Controller or the Data Processor, together with the following information:

 

• Identification of the Holder,

• Description of the facts giving rise to the claim,

• Address,

• Documents to be asserted.

 

If the claim is incomplete, the interested party will be required within five (5) days of receipt of the claim to correct the faults. After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

 

In the event that the person receiving the claim is not competent to resolve it, he/she will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of the situation.

 

Once the complete claim has been received, and within a term no longer than two (2) business days, a wording stating "claim in process" and the reason for the claim will be included in the database. Said statement ("claim in process") shall be maintained until the claim is decided.

​

The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt.

 

Whenever it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which the claim will be attended, which in no case may exceed eight (8) working days following the expiration of the first term.

 

Once the terms set forth in the law have been complied with, the Data Holder who is denied, totally or partially, from exercising the rights of access, updating, rectification, suppression and revocation, may bring the case to the attention of the “Delegatura para la Protección de Datos Personales de la Superintendencia de Industria y Comercio”.

​

VALIDITY

 

This Policy for the Treatment of Personal Data is effective as of December 1st, 2022 and will be in force until such time as it is expressly revoked or modified.

 

The databases in which the personal data will be recorded will be valid for as long as the information is kept and used for the purposes described in this Policy.

 

The personal data provided will be kept as long as their deletion is not requested by the interested party and as long as there is no legal duty to delete them.