0

PERSONAL DATA POLICY (HABEAS DATA)

VERDEEX S.A.S. in compliance with current legislation, informs the different users of our services the policies of personal data processing, their rights, our responsibility and the different actions that will be given to the data collected by us. In the same way, the necessary procedures for the fulfillment of our obligations with respect to the data collected and the duration for which these will remain in our databases.

Legal definitions.

Responsible and in charge of the database.

● Transmission of the data collected.

Means used for data collection.

● Data collected.

● Purposes of the processing.

● Rights you have.

● Duties of VERDEEX S.AS.

● Treatment policy when there is no privacy notice.

Procedure for inquiries and complaints.

● Person to whom personal information can be delivered.

● Mechanisms for the knowledge of personal data processing policies.

● Termination of processing.

● Validity of personal data treatment policies.

1. Legal definitions. The following are taken directly from Law 1581 of 2012 and rules that regulate it.

a) Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of personal data;

b) Database: Organized set of personal data that is subject to Processing;

c) Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons;

d) Data Processor: Natural or legal person, public or private, who by himself or in association with others, carries out the Processing of personal data on behalf of the Data Controller;

e) Data Controller: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the Processing of the data;

f) Data Subject: Natural person whose personal data is the object of Processing;

g) Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or suppression.

h) Privacy Notice: Verbal or written communication generated by the controller, addressed to the Data Subject for the Processing of his personal data, by means of which he is informed about the existence of the information Processing policies that will be applicable, the way to access them and the purposes of the Processing that is intended to be given to the personal data.

i) Public data: Data that is not semi-private, private or sensitive. Public data are considered, among others, the data related to the marital status of individuals, their profession or trade and their status as merchant or public servant. Due to their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality.

j) Sensitive data: Sensitive data is understood as that which affects the privacy of the Data Subject or whose improper use may generate discrimination, such as that which reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data relating to health, sex life, and biometric data.

k) Transfer: The transfer of data takes place when the responsible and/or processor of personal data, located in Colombia,
sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.

l) Transmission: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when the purpose of the Processing is carried out by the Processor on behalf of the Controller.

m) Consultation: Procedure to know information provided by the holder to the data controller or data processor.

n) Claim: Procedure by means of which the holder requests the correction, updating or deletion of the data provided.

1. Responsible and in charge of the database. VERDEEX S.A.S. identified with N.I.T. 9001231936-8, informs users that, in accordance with current legislation, this company is responsible for the processing of personal data collected for the purpose and purposes described herein. The contact details to which you can make a request, complaint or claim are:

E-mail: desarrollosoftware@verdeex.com

Cell: 313 340 15 35

Web Portal: www.verdeex.com

Physical address: Vereda el chagualo highway Medellín-Bogotá Marinilla, Antioquia, Colombia.

In any of these you can contact the area responsible for the processing of personal data for which you have provided your authorization. For the purposes described herein, you should contact directly with the legal representative of the entity.

2. Transmission of the data collected. The data collected by VERDEEX S.A.S. will be stored in a database that is on the web platform called verdeexnet which is owned by the company VERDEEX S.A. of which you will find their personal data policies on the web portal that it has at its disposal, or at the email address desarrollosoftware@verdeex.com likewise, we will be obliged to provide the personal information of the holder to different entities related to pension funds and severance funds (public or private).
pension and severance funds (public or private), courier and distribution services, judicial and / or administrative entities, and others necessary for the fulfillment of contractual and legal obligations acquired by VERDEEX S.A.S.

3. Means used for data collection. The data covered by this treatment policy will be collected by physical (invoices, promissory notes, among others) or magnetic means (website, email, virtual chat, among others).
The data and authorizations collected will be stored in VERDEEX S.A.S. databases and will remain under its custody under conditions of suitability, confidentiality and security. Only authorized personnel will be able to access these databases. The access and security protocols considered standard in these activities will be observed to prevent the violation or manipulation of the information collected.
Regarding personal financial information, VERDEEX S.A.S. is not responsible for obtaining it. Similarly, our users are informed that, once information of this kind is obtained, it will be immediately deleted, leaving only the tracking of personal data (non-financial) and proof of bank transaction for accounting purposes.

4. Data collected. For full compliance with the regulations, users are informed that VERDEEX S.A.S. will collect semi-private, private and sensitive information, always with the authorization of the owner and for the development of the object and purpose of the processing of data covered by this text.

5. Purposes of the treatment. For the full compliance with the legal regulations in force at the date of enactment of these policies for the processing of personal data, VERDEEX S.A.S. will collect information from its users, employees and others who have commercial, labor, civil or any contractual relationship in order to perform, and not limited to the following activities.

● Development of contractual activities.

● Sending advertising information about our company.

● Sending satisfaction surveys related to our company.

● Sending documentation related to the process being advanced on your behalf or against you.

● Sending information about events carried out by our company or in association with other entities.

● Sending information related to possible job vacancies.

● Implementing loyalty programs.

● Conduct marketing studies.

● Other purposes that may result in the development of the contract or commercial relationship or any other contractual or extra-contractual nature with VERDEEX S.A.S.

6. Rights you have.

a) To know, update and rectify their personal data against the data controllers or data processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized;

b) Request proof of the authorization granted to the data controller, except when expressly exempted as a requirement for the processing, in accordance with the provisions of Article 10 of Law 1581 of 2012;

c) Be informed by the Data Controller or the Data Processor, upon request, regarding the use given to their personal data;

d) File complaints before the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other rules that modify, add or complement it;

e) To revoke the authorization and/or request the deletion of the data when the processing does not respect the principles, rights and constitutional and legal guarantees. The revocation and/or deletion shall proceed when the Superintendence of Industry and Commerce has determined that the data controller or processor has engaged in conduct contrary to this law and the Constitution;

f) Access free of charge to their personal data that have been subject to Processing.

7. Duties of VERDEEX S.A.S.

a) Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data;

b) Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the Data Subject;

c) Duly inform the Data Subject about the purpose of the collection and the rights he/she is entitled to by virtue of the authorization granted;

d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;

e) Guarantee that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable;

f) Update the information, communicating in a timely manner to the data processor, all developments regarding the data previously provided and take other necessary measures to ensure that the information provided to it is kept up to date;

g) Rectify the information when it is incorrect and communicate the pertinent to the Data Processor;

h) To provide to the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of this law;

i) Demand from the Data Processor, at all times, respect for the security and privacy conditions of the Data Subject’s information;

j) To process the queries and claims formulated under the terms set forth in this law;

k) Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the handling of queries and claims;

l) Inform the Data Controller when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed;

m) Inform at the request of the Data Subject about the use given to his/her data;

n) Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Controllers.

o) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

p) Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data;

q) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;

r) Timely update, rectify or delete the data under the terms of this law;

s) Update the information reported by the data controllers within five (5) business days from its receipt.

t) To process the queries and claims made by the Data Controllers under the terms set forth in this law.

u) Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the handling of queries and claims by the Data Holders;

v) Register in the database the legend “claim in process” in the manner regulated in this law.
v) Register in the database the legend “claim in process” in the manner regulated by this law;

w) Insert in the database the legend “information under judicial discussion” once notified by the competent authority about judicial proceedings related to the quality of the personal data.

x) Refrain from circulating information that is being disputed by the Data Subject and whose blocking has been ordered by the Superintendence of Industry and Commerce.

y) Allow access to the information only to the persons who may have access to it;

z) Inform the Superintendence of Industry and Commerce when there are violations to the security codes and there are risks in the administration of the information of the Holders;

aa) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

8. Treatment policy when there is no privacy notice. All data provided by the holder without their express authorization at the time of collection and that are necessary for any procedure or process to be carried VERDEEX S.A.S. of any contractual or extra-contractual nature, will be removed from our databases, likewise, the user will be informed of the removal, and the return of documents containing confidential information will be made; in case of impossibility in the delivery of the documentation, it will be destroyed once all management has been done for delivery and after being informed the user.

9. Procedure for inquiries and complaints. In case of requesting for any reason a copy of the information provided to VERDEEX S.A.S. in the above qualities, or require correction, authorization or deletion should perform the following procedures.
CONSULTATIONS. In order to obtain information regarding the personal data processing policies, the data provided, the authorizations granted by the holder and other required information, you should send a communication via email or to the main facilities of our entity, that is, desarrollosoftware@verdeex.com or to the physical address vereda el Chagualo Autopista Medellín-Bogotá, Antioquia, Colombia The response to your request will arrive in a term not exceeding 10 working days, or if there is any inconvenience, we will send a communication expressing the reasons for delay in the same time and expressing the date on which the response to your request will be provided.
It is to have in mind that, the answer or communication informing the delay will be sent in physical or magnetic means to the physical or electronic address reported in our databases.
reported in our databases, in order to comply with the confidentiality of the information provided.
CLAIMS. In order to process the correction, authorization or deletion of the holder’s documents, it is important that at the time of filing the request, the capacity in which he/she acts is demonstrated, by providing a copy of the identity document in case of being the holder, power of attorney with mandatory personal presentation of the holder of the confidential information in which the authorization for the completion of the procedure to be filed is evidenced, or a copy of the judgment in which the capacity in which he/she acts before us is demonstrated.
Now, to carry out any of these procedures, you must send by email or send in physical medium the request for correction, authorization or deletion, attaching the above documents, either by email to desarrollosoftware@verdeex.com or to the physical address vereda el Chagualo Autopista Medellín-Bogotá, Antioquia, Colombia.
To process your request, our team will have a term of 15 working days from the time of receipt of the request to send a response to the physical or electronic address provided by the owner at the time of submitting the authorization. In case of delays in the processing, the user will be informed about this in the same time, informing the facts that originate it and indicating the term in which the request will be processed.
PARAGRAPH: To process the query or incomplete claim, VERDEEX S.A.S. will require in a period not exceeding 2 working days to the owner or user to provide the missing information. In the same term, the user or holder will be informed when VERDEEX S.A.S. is not responsible for processing the request, and will be immediately forwarded to the corresponding entity.
After two (2) months from the date of the requirement, the process will be terminated by tacit withdrawal of the user or holder.

10. Person to whom the personal information may be delivered. Personal information provided by the owner of the personal information may only be delivered to the person who meets one of the following duly proven qualities.

● The holder (owner) of the personal information provided.

● The successors of the owner of the personal information.

● The legal or judicial representative of the holder of the information.

● To public or administrative entities in the exercise of their legal functions or by court order.

● To third parties authorized by the Data Subject or by law.

11. Mechanisms for the knowledge of personal data processing policies. The policies described herein may be consulted on our website www.verdeex.com link habeas data policy, or at the email address desarrollosoftware@verdeex.com

12. Termination of processing. The reciprocal rights and obligations that arise with the authorization given by the user and exclusive owner of the personal data, will be valid for 12 years from the time of authorization. However, by legal or contractual mandate, or in the development of the purpose for which the authorization of the personal data is granted, this period may end before or after the main date, informing the owner of the reasons for such determination.

13. Validity of the personal data processing policies. The personal data processing policies in favor of the constitutional and legal rights of habeas data described herein, are effective as of 08/01/2021.
Once substantial changes are made to the personal data processing policies set forth herein, users will be informed about them.

VERDEEX S.A.S

NIT: 901231936-8