According to Law 1581 of 2012 and regulating decrees, PRODUCTORA DE SOFTWARE S.A. (hereinafter, “PSL”) adopts the personal data and privacy protection policy herein, which regulates collection, storage, treatment, protection, and management of data obtained by PSL from customers, suppliers, employees, and any other stakeholder PSL has or shall have any relation whatsoever.
PSL shall be able to modify this policy in order to adapt it to current legislation and jurisprudence changes and to industry practices. If so, PSL shall disclose timely on its website, or any other appropriate media, the introduction to such changes.
Data freely and willingly provided to PSL by customers, suppliers, employees, or any other stakeholder through any media shall be introduced to its databases under PSL’s responsibility.
PSL shall treat personal data adequately and safely complying with all legal requirements and following the parameters under ISO 27001 standard, Data Safety; PSL has been duly ISO 27001 certified.
PSL shall collect contact data and any other kind of pertinent data according to the nature of the relation PSL has with the data holder, whether work, commercial, or any other kind of data.
In general, personal data collected by PSL has the following nature, depending on the data holder:
Interested in Commercial Relations. People who, on their own will, contact PSL on its website, e-mail, phone, or any other media, in order to request information about products or services, assess possibilities of commercial alliances, supply PSL products or services, and, in general, assess the possibility to develop any type of relation with the company. In these cases, requested data is basic, related to the person’s identification, company he/she works for, position, e-mail, phone, city, and subject. At times, when contacted on PSL website, the company servers get, for statistical purposes, data related to the operative system, version and type of browser, and IP address used by the contacting party.
Customers, Suppliers, and Others. When a final commercial relation is established, PSL collects data required to adequately process such relation according to the parameters set forth herein, in compliance with all legal requirements and related agreements.
People who send their resumes on their own will to the company in order to be considered for selection processes. Data provided on such resumes is exclusively used for effects of the selection, recruiting, and hiring process by staff in charge of such processes. PSL shall not share collected data with any natural or corporate person other than itself.
Employees. Employee data is strictly confidential duly adjusted to Colombian laws. It is used only by those who are in charge of human relations. PSL shall not disclose any data related to employees to people other than those in charge of work relations or to entities and people outside the company.
PSL collects data from the following sources:
Directly from the Holder of the Data
Thus, if the data holder does not want it to be automatically collected, he/she must disable automatic acceptance from the browser and know when data is being sent to his/her computer. If cookies are disabled, website experience might be affected.
From other sources. PSL shall be able to get personal data from public databases or from third parties duly authorized by the data holder to share data.
Personal data obtained by PSL, might be subject to be stored, used, circulated, or deleted, depending on the purpose it had been collected for, and/or according to the law.
Data subject to treatment must be truthful, whole, accurate, updated, verifiable, and understandable.
Data collected by PSL shall be used, with the holders’ authorization, for these purposes:
The aforementioned activities personal data is used for, are conducted by PSL or third parties hired by PSL, as required. In any case, PSL shall guarantee that hired third parties to treat data comply with these bylaws and with the parameters set forth by law.
Sensitive data is data that affects the intimacy of the data holder and when undue use may generate discrimination, such as those related to ethnic or racial origin, sexual life, health, and biometric data (that is, those that allow identifying a person for his/her physical features, voice, movement, such as pictures, fingerprints, signatures, etc.), or data related to religious or philosophical conviction or political orientation.
Data holder has the right not to provide sensitive data requested by PSL. Likewise, the data holder is warned not to send sensitive data when not required to provide PSL services.
PSL only treats underage personal data collected only with the express consent of their parents or legal representatives, depending on the case, only for relevant purposes according to this policy.
PSL shall notify the personal data holder about this policy and shall be granted authorization to treat his/her personal data. Likewise, PSL shall notify the data holder on any changes made to this policy and shall be granted new authorization if such changes refer to the purpose of the treatment.
The authorization may be granted to PSL through written document, e-mail, verbally, by phone, or through any other media that allows keeping, searching, or evidencing such authorization. In addition to it, such authorization shall be able to be manifested through unambiguous conducts that allow reasonably concluding that he/she granted such authorization. Silence from the data holder shall never be associated to an unambiguous conduct.
PSL shall not require authorization from the data holder when:
PSL shall not make public employee, customer, supplier, stakeholder, or anybody else’s personal data, with whom PSL has any kind of relation or relationship, and shall only disclose such data to those people authorized by PSL that must know it in order to make the respective treatment of such data to those people authorized by law.
PSL may be simultaneously accountable and in charge of personal data treatment. In case PSL performs both roles, it shall comply with both legal duties, as follows:
As accountable for the treatment, PSL shall have the following duties:
Data holders have the following rights:
Information Safety Area shall be in charge of attending data holders’ requests, searches, claims, and complaints, according to the procedures hereunder.
When making a request, the following information shall be provided:
The request shall be answered within ten (10) business days since filing date.
Whenever it is not possible to answer the request in such term, the interested party shall be notified about the reasons for the delay and the date when it shall be answered which shall never exceed five (5) additional business days to the previous term.
When making a request, the following information shall be provided:
Additionally, the request shall clearly indicate the expectations; that is, if it is about an update, correction, or deletion of the data or revoking the authorization granted to PSL for the treatment of personal data.
Likewise, the request shall identify the data holder, describe the facts that led to the claim, provide contact data, and submit all documents thereof.
If the request is incomplete, the interested party shall be notified in order to correct the mistakes within five (5) business days following the filing of the original request. After two (2) months of the filing date without the additional information being submitted, it shall be construed the claim has been withdrawn.
Once the full claim has been received, the database entry shall read “Request in progress”, indicating the reason for the request, within two (2) business days. Such label shall be kept until the claim is duly answered.
The maximum term to answer the claim shall be fifteen (15) business days counted since the date following the filing date. Whenever it is not possible to answer the request in such term, the interested party shall be notified about the reasons for the delay and the date when it shall be answered which shall never exceed eight (8) additional business days to the previous term.
This policy shall become effective since disclosed through any media. PSL has the right to update it or modify it at any time; if so, PSL shall warn recipients through any means.
PSL databases shall be valid for the period of time required by law, by the agreement that regulates them, or by the time required to comply with the database purpose according to this policy. PSL shall not delete databases that by law shall be valid during a specific period of time set forth under the agreement that regulates them or by the purpose they were created for, if they determine a validity term lower than the one legally set forth.