Document No: PL-LGL-01
Version: 06
Date: 14/12/2022
Revised | Approved | |
---|---|---|
Name | Adriana García |
Andres Quinter |
Position | Senior Counsel | Chief Legal Office |
Date | 01/12/2022 | 12/12/2022 |
Fecha | Versión | Autor | Descripción |
---|---|---|---|
18/02/2016 | 01 | Lina Marcela Lozano Carvajal | Creating the Document |
11/12/2018 | 02 | Risks & Processes | The document is updated due to the change of company name by adjusting “Sophos Banking” by “Sophos Solutions”. |
24/04/2019 | 03 | Risks & Processes | Biometric information is included |
23/10/2019 | 04 | Risks & Processes | Document is updated due to corporate image logo change |
18/12/2020 | 05 | Legal Area | The document is updated in relation to the purposes for processing. This version shall apply from 20 November 2020. |
13/12/2022 | 06 | Adriana García | The policy is updated and supplemented by attending to the processing of data in subsidiaries, purposes, responsibilities and responsibilities, procedures |
The Personal Data Processing Policy of SOPHOS SOLUTIONS (“The Company” and/or “SOPHOS”), establishes the general guidelines for the proper handling of personal data collected by The Company, which may or may not be incorporated into databases, on which Sophos has the capacity of responsible for the information.
In this way, SOPHOS has defined the following Objectives:
Establish the criteria for the collection, storage, use, circulation, deletion, processing, compilation, exchange, processing, updating and transfer of the data that have been provided and that have been incorporated in different databases or in electronic repositories of all types that SOPHOS has because of its activities.
Establish the responsibilities of SOPHOS and its data controllers with regard to the processing of personal data.
Communicate the purposes for which the processing of information is carried out, as well as the rights of the holders of the information and the procedures to exercise them.
Establish appropriate measures to ensure the processing of personal data in a secure, confidential and subject to the determined purpose, compliance with applicable regulations and in accordance with the provisions of Law 1581 of 2012 of the Republic of Colombia.
The controller of the databases is SOPHOS SOLUTIONS S.A.S., a commercial company duly incorporated and domiciled in Bogota D.C., with the following contact details:
Main Office: Cr 11 # 71 – 73 – Office 404, Bogota D.C.
Phone: 7433001 Ext. 1041
Email: habeasdata@sophossolutions.com
The data collected by the companies linked to the SOPHOS Group will be treated in accordance with this policy, taking into account that it is possible that the information will be stored in the Databases managed, stored or processed by Sophos Solutions S.A.S
In SOPHOS databases, general information such as full name, identification number and type, gender, image or any other physical trait that may be recorded in audio, photographs and video recording, fingerprint, signature and contact data (e-mail, physical address, landline and mobile phone) may be stored. In addition to these, The Company may collect data related to information about employment history, academic background, and sensitive data required by the nature of the employment relationship and/or for security reasons
The information contained in the SOPHOS databases is subject to different forms of processing, such as collection, exchange, updating, processing, reproduction, compilation, storage, use, systematization and organization, all of them partially or totally in compliance with the purposes established here.
The information may be delivered, transmitted or transferred to public entities, business partners, contractors, affiliates, subsidiaries, solely for the purpose of fulfilling the purposes of the corresponding database. In any case, the delivery, transmission or transfer shall be made after underwriting the commitments that are necessary to safeguard the confidentiality and security of the information.
In the processing of sensitive data, SOPHOS will strictly observe the limitations and obligations established by the Law and other concordant rules. Therefore, in case of sensitive data processing, SOPHOS will ensure that:
Additionally, in the processing of personal data of children and / or adolescents carried out by SOPHOS, the limitations and obligations established in the Law, its regulatory decrees and / or other concordant regulations will be strictly observed. Therefore, in case of processing of personal data of children and/or adolescents, SOPHOS will ensure the following:
SOPHOS may transfer and transfer, including at international level, personal data that it has in its databases, mainly to other companies of the SOPHOS group, to public entities when these require, to customers who need to validate the personal information of SOPHOS collaborators, among other third parties, provided that the Company has the express authorization of the owner and / or has signed the contracts required by the regulations of personal data protection.
Therefore, SOPHOS will implement appropriate mechanisms that allow compliance with the provisions of this Policy by third parties, on the understanding that the personal information that they receive solely will be used for matters related to SOPHOS and in accordance with the purposes authorized by the owner.
The risk area of Sophos will be in charge of managing any request, complaint or claim related to the handling of personal data, should be sent to the email: habeasdata@sophossolutions.com
The holders of the information or authorized person under the terms of paragraph 3.15. of this Policy, may exercise their right to know, update, correct or delete information contained in the database, as well as may revoke the authorization granted to the controller for the Processing of the Information.
Any request for consultation, correction, updating or deletion must be submitted in writing by e-mail, in accordance with the information contained in this document. Sophos will attend to inquiries in compliance with the terms established by the applicable law. For inquiries and requests addressed to subsidiaries in which there is no special rule for the processing of personal data regulating response times, the Company will comply with the requirement in compliance with the term established by the Colombian regulations.
Complaints are intended to correct, update, delete or file a complaint about the alleged breach of any of the duties contained in the Act and this policy. In this regard, claims must be made by email, in accordance with the information contained in this document, and must contain at least the following information:
The maximum term for the complaint will be that defined by the applicable law from the following day to the date of your receipt.