Privacy Policy JERREJERRE SAS

Privacy Policy JERREJERRE SAS

For the development of business activities specific to JERREJERRE SAS (hereinafter the "Company"), it conducts its business operations on the following business platforms:

THE COMPANY MAY DEVELOP, SUPPORT, ADVISE, AND COMMERCIALIZE PRODUCTS AND SERVICES RELATED TO INFORMATION TECHNOLOGY AND SOFTWARE. THE COMPANY MAY ALSO PERFORM, IN COLOMBIA AND ABROAD, ANY LAWFUL COMMERCIAL OR CIVIL ACTIVITY.

By virtue of this, THE COMPANY has established the present PERSONAL DATA PROCESSING POLICY (hereinafter "THE POLICY"), which contains, in general terms, the rights of data subjects, the processing applied to their data, and the mechanisms to enforce their Rights, in accordance with current regulations, under the following terms.

1. SCOPE OF APPLICATION

 

The principles and provisions contained in The Policy shall be applicable to personal data for which THE COMPANY, within Colombian territory, performs processing or is responsible, under the terms of Law 1581 of 2012 and its Regulatory Decrees or norms that modify or substitute them.

Database Controller:

Responsible Party

JERREJERRE SAS

NIT 900.837.481-7

Domicile

Bogotá, D.C., Colombia

Address

Cra. 7 # 67-02 Off. 503 and 504

Phone

+57 (319) 2405737

Email

[email protected]

Website

https://jerrejerre.com

 

2. OBJECTIVE OF THE POLICY

THE POLICY develops the obligations contained in Law 1581 of 2012 and its regulatory decrees, which regulate the duties of controllers and processors of personal data and the handling of inquiries and claims by Data Subjects.

3. LEGAL FRAMEWORK

3.1 Regarding Personal Data Protection

• Political Constitution, Article 15.

• Law 1581 of 2012

• Partial Regulatory Decree 1377 of 2013

• Decree 886 of 2014

• Decree 1074 of 2015

• Title V of the Single Circular of the Superintendency of Industry and Commerce

4. DEFINITIONS

 

For the purposes of providing clarity and transparency to the reading of this POLICY, the following definitions will be used:

• Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data;

• Privacy Notice: Physical, electronic, or any other format generated by the Controller that is made available to the Data Subject for the processing of their personal data. The Privacy Notice informs the Subject about the existence of the information processing policies applicable to them, how to access them, and the characteristics of the intended processing;

• Database: Organized set of personal data that is the object of Processing;

• Communication Channel: Means defined and used by the organization for the handling of PQRS (Requests, Complaints, Claims, and Suggestions);

• Personal Data: Any information linked or that can be associated with one or more specific or determinable natural persons;

• Private Data: Information that, due to its intimate or reserved nature, is only relevant to the Data Subject;

• Semi-private Data: Data that is not intimate, reserved, or public in nature, and whose knowledge or disclosure may interest not only its owner but also a certain sector, group of people, or society in general, such as financial and credit data;

• Public Data: Data that is not semi-private, private, or sensitive. Public data includes, among others, data regarding civil status, profession or trade, and status as a merchant or public servant. By nature, public data may be contained in public records, public documents, official gazettes, and court rulings that are not subject to confidentiality;

• Sensitive Data: Information that affects the intimacy of the Data Subject or whose improper use may generate discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social or human rights organizations, or that promote the interests of any political party or guarantee the rights of opposition political parties, as well as data relating to health, sexual life, and biometric data;

• Data Processor: Natural or legal person, public or private, who by themselves or in association with others, performs the Processing of personal data on behalf of the Data Controller;

• Data Protection Officer: The official designated by THE COMPANY to ensure compliance with this POLICY;

• Data Controller: Natural or legal person, public or private, who by themselves or in association with others, decides on the database and/or the Processing of the data;

• Data Subject: Natural person whose personal data is the object of Processing;

• Transfer: Data transfer takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a Recipient, who in turn is responsible for the Processing and is located within or outside the country;

• Transmission: Processing of personal data that involves the communication thereof within or outside the territory of the Republic of Colombia, intended for Processing by the Processor on behalf of the Controller;

• Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.

 

5. PURPOSES OF THE PROCESSING OF PERSONAL DATA

THE COMPANY will perform the Processing of Personal Data of its employees, employees of its contractors, suppliers, clients, and third parties who have granted due Authorization. In accordance with the guiding principles for the processing of Personal Data contemplated in Law 1581 of 2012, the collection of Personal Data by THE COMPANY will be limited to those Personal Data that are pertinent and adequate for the purpose for which they are collected or required under current regulations. Except in cases expressly provided for by Law, Personal Data may not be collected without the Authorization of the Data Subject.

THE COMPANY has the obligation to maintain the confidentiality of the Personal Data subject to Processing and may only disclose them with the authorization of the Data Subject or at the express request of oversight and control entities and authorities with the legal faculty to request it, and will allow at all times and free of charge the knowledge, updating, and correction of the Subject's personal information in accordance with Article 8 of Law 1581 of 2012.

Processing includes collection, storage, processing, administration, use, transfer, transmission, and destruction, as permitted by law, and is carried out with the following specific purpose for each case:

a) Processing of personal and sensitive data of applicants in selection processes: Performed to comply with the recruitment processes of: personnel, students in practice, SENA apprentices, under the charge of THE COMPANY, such as, but not limited to:

i) The development of current and future selection processes;

ii) Capturing sensitive information such as images, photos, videos for the registration of persons entering and leaving THE COMPANY's facilities, office access control, establishing security measures for its collaborators and visitors, and other facilities requiring it;

iii) Handling inquiries, petitions, requests, actions, and claims made by the Data Subject or by persons authorized by them or the Law;

iv) Performing control and prevention of terrorism and money laundering, including but not limited to consultation in restrictive lists, and all necessary information required according to applicable regulations;

v) Performing information processing by various areas of the Company;

vi) Transmitting or transferring information to its affiliated companies in Colombia and abroad when necessary for the development of its operations;

vii) Transmitting or transferring information to a third party (referred to as Processor or Controller respectively) to perform personnel selection processes, surveys, outsourced technology platform services, and other activities contributing to the daily operation of THE COMPANY;

viii) Performing or attending internal or external audits;

ix) In general, for all purposes necessary for the execution and development of THE COMPANY's corporate object.

b) Processing of personal and sensitive data of employees, former employees, pensioners, apprentices, interns, and their adult and minor relatives: Performed to comply with labor obligations and personnel recruitment processes under THE COMPANY, such as, but not limited to:

i) The development of the recruitment process;

ii) The signing, execution, and termination of the employment contract, administration of active personnel, payroll administration, and other payments;

iii) Payroll processes, affiliation, payments, and reports to the general social security system, family compensation funds, solidarity sector savings cooperatives and financial entities, insurance entities, trade unions, payment to the DIAN of withheld sums, issuing certificates of income and withholdings and labor certificates;

iv) Completing and updating labor history;

v) Making salary and non-salary payments into the bank account indicated by the worker;

vi) Complying with THE COMPANY's obligations under the Colombian industrial safety and occupational health regime;

vii) Fulfillment of medical purposes for the handling of medical emergencies, work accidents or illnesses, processing disabilities, and verification of physical health status;

viii) Notification to relatives in case of emergencies during working hours or on the occasion of work development;

ix) Capturing sensitive information such as images, photos, videos, fingerprints through technological devices, for the registration of persons entering and leaving THE COMPANY's facilities, office access control, establishing security measures for its collaborators and visitors;

x) Handling judicial garnishments through payroll, administration of salaries and benefits;

xi) Coordination of the professional development of employees, employee access to THE COMPANY's IT resources and assistance in their use, and planning business activities such as: wellness days, company benefits, and representing THE COMPANY before an external Organization or Entity of public or private nature, for commercial, legal, social, educational, or any other purposes corresponding to the position held;

xii) Performing security studies conducted by the Company or by third parties;

xiii) Use of photographs, audio, and video in print and digital publications and on the company's social networks, and events held by THE COMPANY;

xiv) Managing credit requests;

xv) Handling inquiries, petitions, requests, actions, and claims;

xvi) Performing control and prevention of terrorism and money laundering;

xvii) Performing information processing by various areas of the Company;

xix) Transmitting or transferring information to affiliated companies;

xx) Transmitting or transferring information to a third party for selection processes, surveys, training, outsourced technology platforms, and other activities contributing to THE COMPANY's daily operation;

xxi) Performing internal or external audits; and

xxii) In general, for all purposes necessary for the execution and development of THE COMPANY's corporate object.

c) Processing of personal data of Suppliers of Goods and Services: Intended to allow THE COMPANY to comply with pre-contractual, contractual, and post-contractual obligations, such as:

i) Registering as a supplier in the Company's information systems;

ii) Processing payments in favor of the supplier;

iii) Issuing or requesting invoices, source withholding certificates, clearances, and any other document necessary for the commercial relationship;

iv) Contacting by any means for the provision of services or supply of goods;

v) Knowing and processing the data of employees and contractors employed by the supplier for said services or goods;

vi) Evaluating compliance with the provision of services or supply of goods;

vii) Performing information processing by various areas of the Company;

viii) Transmitting or transferring information to affiliated companies;

ix) Transmitting or transferring information to a third party for surveys, outsourced platforms, and daily operations;

x) Requiring fulfillment of the goods or services;

xi) Authorizing the entry of subcontractors and employees to Company facilities;

xii) Capturing personal and sensitive data through logs and surveillance cameras for access control and security;

xiii) Accounting records, financial operations, and control of technological elements and equipment;

xiv) Managing emergency medical provision if required;

xv) Performing internal and external audits;

xvi) Handling inquiries, petitions, and claims;

xvii) Performing control and prevention of terrorism and money laundering;

xviii) In general, for all purposes necessary for the execution and development of THE COMPANY's corporate object.

d) Processing of personal data of Clients: Intended to allow THE COMPANY to comply with pre-contractual, contractual, and post-contractual obligations, such as:

i) Registering as a client in the Company's information systems;

ii) Providing required services and products, processing information on products and services offered;

iii) Fulfilling contractual obligations and managing all types of contracts;

iv) Issuing or requesting invoices;

v) Contacting by any means for the provision of services or goods;

vi) Performing information processing by various areas of the Company;

vii) Transmitting or transferring information to affiliated companies;

viii) Transmitting or transferring information to a third party for surveys and outsourced platforms;

ix) Sending information about: New products or services, offers via physical mail, email, social networks, mobile devices (SMS/MMS), or any other means;

x) Allowing participation in marketing and promotional activities;

xi) Knowing the Client's opinion and evaluating quality, conducting market studies and statistical analysis, and implementing loyalty schemes;

xii) Carrying out internal audit processes;

xiii) Managing goods and services provided by third parties;

xiv) Responding to legal or administrative requirements;

xv) Accounting records and financial operations;

xvi) Capturing personal and sensitive data through logs and surveillance cameras for access control;

xvii) Handling inquiries, petitions, and claims;

xviii) Performing control and prevention of terrorism and money laundering;

xix) In general, for all purposes necessary for the execution and development of THE COMPANY's corporate object.

e) Processing of personal data of shareholders, legal representatives, administrators: Purpose is for THE COMPANY to process information for:

i) Handling requirements and reporting to Inspection, Oversight, and Control entities;

ii) Compliance with contractual obligations;

iii) Identifying risk factors and financial health;

iv) Financial operations regarding dividends, fees, and role-related payments;

v) Internal and external audits;

vi) Handling inquiries and claims;

vii) Control and prevention of terrorism and money laundering;

viii) Access control and security via logs and cameras;

ix) Processing by various Company areas;

x) Transmitting or transferring information to affiliated companies;

xi) Transmitting or transferring information to a third party for outsourced platforms; and

xii) In general, for all purposes necessary for these companies.

 

f) Processing of personal data of third parties: Intended to allow THE COMPANY to perform activities such as:

i) Sending information on offers and changes to services and products;

ii) Allowing participation in marketing and promotional activities on social networks;

iii) Evaluating service quality and conducting market studies on consumer habits;

iv) Carrying out internal or external audit processes;

v) Handling eventual emergencies;

vi) Transferring collected information to Company areas and affiliates;

vii) Handling inquiries and claims; and

viii) In general, for all purposes necessary for THE COMPANY's corporate object.

 

h) Paragraph one: Processing of children and adolescents' data: THE COMPANY will exceptionally process personal and sensitive data of children and adolescents, provided it is necessary to guarantee their best interests or fundamental rights, with prior authorization from the Parent or Guardian, in events such as:

i) Affiliation of collaborators' children to health entities and compensation funds.

Data processing will be carried out in compliance with Law 1581 of 2012 and Decree 1377 of 2013.

 

6. RIGHTS OF DATA SUBJECTS

The following are Rights of the information data subjects:

a) To know, update, and rectify their personal data before THE COMPANY or the designated Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, or fragmented data that leads to error, or those whose Processing is expressly prohibited or has not been authorized.

b) To request proof of the authorization granted to THE COMPANY, except when expressly exempted as a requirement for Processing.

c) To be informed by THE COMPANY as the controller, upon request, regarding the use given to their personal data.

d) To revoke the authorization and/or request the deletion of data when Processing does not respect constitutional and legal principles, rights, and guarantees.

e) To access their processed personal data free of charge and in an easy and simple manner, in accordance with Article 21 of Decree 1377 of 2013.

f) To file complaints with the Superintendency of Industry and Commerce for violations of the Law.

g) To know the department or person empowered by THE COMPANY before whom they may present complaints, inquiries, claims, and any other request about their Personal Data.

h) Others indicated by current regulations.

 

7. RESPONSIBLE PARTY AND CHANNELS FOR THE HANDLING OF PQRS BY SUBJECTS

THE COMPANY has designated the following official as the Personal Data Protection Officer, who will be responsible for the receipt, handling, and response to petitions, complaints, claims, and in general any type of inquiry related to the personal data of the Subjects:

Company

JERREJERRE SAS

Responsible for PQRS handling

LUIS CARLOS GÓMEZ CORTÉS

Likewise, THE COMPANY has provided the following service channels so that the data subject may exercise their rights to know, update, rectify, and delete data, request proof of authorization, and revoke authorization; the subject may make a written request through any of the following user service mechanisms provided by THE COMPANY nationwide:

Email:

[email protected]

Website:

https://jerrejerre.com/nosotros/pqrs

Service hours: Business days from Monday to Friday from 9:00 am to 12:00 pm and from 2:00 pm to 5:00 pm.

 

8. PROCEDURES FOR ACCESS, INQUIRY, RECTIFICATION, AND UPDATING OF INFORMATION

The Subject has the right to submit to THE COMPANY a (written) request for inquiries and/or claims, following validation of their identity, through any of the following user service channels provided nationwide:

 

Email:

[email protected]

Website:

https://jerrejerre.com/nosotros/pqrs

Service hours: Business days from Monday to Friday from 9:00 am to 12:00 pm and from 2:00 pm to 5:00 pm.

 

THE COMPANY will respond to the inquiry and/or claim through the same medium by which it was formulated.

 

Inquiries.

The Subject or successor in title may consult the information resting in THE COMPANY's databases, free of charge, at least once every calendar month or when there are substantial modifications to the Personal Data Processing Policy that motivate new inquiries. For this, they must submit the respective request through the channels established by THE COMPANY in the previous point, which must contain identification data (First name, last name, identification number) to process the inquiry. Once the inquiry is received, THE COMPANY must resolve it within ten (10) business days from the date of receipt. When it is not possible to meet this timeframe, the interested party must be informed, stating the reasons for the delay and the date the inquiry will be handled, which shall not exceed five (5) additional days.

Claims.

A Subject who considers that information contained in a THE COMPANY database should be corrected, updated, or deleted, or who notices an alleged breach of any duties contained in Law 1581 of 2012 or in this Policy, may file a claim with THE COMPANY, which will be processed under the following conditions:

1. If the claim is incomplete, THE COMPANY will require the interested party within five (5) days following receipt to fix the flaws. If two (2) months pass from the date of the requirement without the applicant submitting the required information, it will be understood that they have withdrawn the claim.

In the event that the person receiving the claim is not competent to resolve it, they will transfer it to the appropriate person within a term not exceeding two (2) business days and inform the data subject of the situation.

2. Once the complete claim is received, a legend saying "claim in progress" and the reason thereof will be included in the corresponding database within a term not exceeding two (2) business days. Said legend must be maintained until the claim is decided.

3. The maximum term to handle the claim will be fifteen (15) business days counted from the day following its receipt. When it is not possible to handle the claim within said term, the interested party will be informed of the reasons for the delay and the date the claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first term.

 

Procedure for the use of communication channels.

1. If the request is made via email:

a. Indicate in the subject line: Habeas Data Inquiry or Claim

b. The content must include the following information:

i. First and last name of the Data Subject

ii. Identification number

iii. Description of the facts giving rise to the claim

iv. Correspondence address

v. Provide documents considered relevant or supporting the request.

2. If the request is made via the website:

 

Use the option: Register your PQRS

Fill in the fields marked as mandatory

Identification number

Description of the facts giving rise to the claim

Email

Mobile phone number

Jerrejerre

We are a creative and innovative team that brings your digital project to life.

Recent Articles

Contact us