PRIVACY NOTICE FORMAT OF SOPHOS SOLUTIONS S.A.S

Documento No: F-LGL-02
Versión: 02
Fecha: 21/01/2021
SOPHOS SOLUTIONS S.A.S., a Colombian commercial company, identified with NIT 900.074.316- 4, with its principal address in Kr 11 No. 71-73 office 404 of the city of Bogota, D.C. (hereinafter referred to as “SOPHOS”), for the proper development of its object and social purpose, develops the activities of collection, exchange, updating, processing, reproduction, compilation, storage, use, systematization, and organization (hereinafter referred to as “processing”) of personal data. Because of the above, SOPHOS, as the data controller, has a Personal Data Protection Policy, which guides its actions regarding this information. The processing of personal information is carried out for the following purposes:

Customers:

(i) Carry out all the activities and administrative procedures related to the services provided by SOPHOS; (ii) Carry out surveys and/or research studies to evaluate the process of attention and satisfaction of the service provided; (iii) Send information (e.g. to e-mails and contact numbers) of customers about the products, services, events and/or promotions of SOPHOS; (iv) Transfer and/or transmit corporate contact information to other entities of the SOPHOS group and to third parties for the purposes described above for the purposes described above; (v) Transfer the personal data of customers in the framework of the definition, structuring and execution of strategic transactions, such as the sale of assets or shares The Company or parts of its business are sold, merged or acquired by third parties.

Candidates:

(i) Request the supports and related information on the resume; (ii) Send and receive by email communications and requests related to the selection process; (iii) Verify and consult with third parties the information on the resume (authenticity of documents, work and academic certifications, home visit). This includes the company RISK SAS. identified with NIT 8300978716-2, or any company that acts in its stead to verify and/or consult in the financial or commercial sector risk centers the information in Datacredito; (iv) Record in the SOPHOS database the selection process in order to have support with internal and external authorities; (v) Communicate to the contact phones in order to schedule the interviews and tests required for SOPHOS workers or third parties to perform the validations of the information indicated in the resume and evaluations of all tests advanced in the process (vi) Retain for one year the personal data for possible selection processes; (vii) Assess the suitability of the candidate, taking into account the characteristics of the vacancy that is required to hire; (vii) Carry out the necessary checks and consultations in different restrictive lists; (ix) Consult and access at any time the databases of risk, credit, financial, judicial or security records legitimately constituted, of a state or private, national or foreign nature; (x) Carry out the relevant steps for the development of the pre-contractual, contractual and post-contractual stage; (xi) Contact them in compliance with the provisions of the contract and for the administrative management thereof; (xii) To ensure security in the facilities where appropriate; (xiii) To be invited to training, instructions, reinforcement, or the development of institutional activities; (xiv) To conduct satisfaction surveys; (xv) To transfer the personal data of candidates in the framework of the definition, structuring and execution of strategic transactions, such as the sale of assets or shares in case The Company or parts of its business are sold, merged or acquired by third parties.

Contributors:

(i) Identify the staff as SOPHOS collaborators; (ii) Communicate to the staff and make their knowledge relevant information in accordance with the quality of SOPHOS collaborator; (iii) Verify the fulfillment of the employee’s employment and contractual obligations; (iv) Review the criminal, contractual and fiscal records of the holders before the relevant authorities; (v) Full identification of the holders, by archiving and handling their contact data, professional and academic information, among others; (vi) Conclude the contract of work, apprenticeship, service provision or any other that applies; (vii) Fulfill the obligations of SOPHOS membership, such as: affiliation to the social security system, payment of contributions, to the compensation fund, holidays, delivery of vouchers, payments to DIAN, to issue certificates of income and withholding and employment certificates requested by the holders, and / or any national entity or authority that requires personal data, in accordance with current rules; (viii) To comply with any other benefit that derives from the contractual relationship between the collaborators and SOPHOS. To provide instructions on the occasion of the contract with the collaborators, if applicable; (ix) To evaluate the performance of the collaborators; (x) To manage the payroll, the payment of financial support, among others, by the Company or a third party; to manage and make the necessary payments in the bank account indicated by the collaborators; (xi) To contract life insurance and medical expenses with SOPHOS or a third party; (xii) To notify the relatives of the collaborators in cases of emergency during working hours or during the development of the contract; (xiii) The communication, reproduction and publication of photographs of the collaborators by SOPHOS for marketing, advertising, internal SOPHOS or other purposes; (xiv) Maintain the safety and health of employees in the workplace directly by the Company or by a third party, in accordance with the rules applicable to the System of Management of Safety and Health at Work (hereinafter “SG-SST”) and keep the documents indicated in Article 2.2.4.6.13 of Decree 1072 of 2015; (xv) Collect information and evidence for the purpose of carrying out disciplinary proceedings, if applicable; (xvi) Store the personal data of employees in the internal physical and computer file of SOPHOS, the other companies of the group and / or third parties in charge of storage; (xvii) Transfer and / or to other entities of the SOPHOS Group, to public entities and to third parties for the purposes described above; (xviii) to transfer the personal data of the partners in the framework of the definition, structuring and execution of strategic transactions, such as the sale of assets or shares in case The Company or parts of its business are sold, merged or acquired by third parties.

Providers:

(i) To carry out the relevant steps for the development of the pre-contractual, contractual and postcontractual phase with SOPHOS, regarding the commercial relationship with the supplier; (ii) Report to credit risk centers legally constituted in Colombia, under the terms of Law 1266 of 2008; (iii) Request information to suppliers and contractors for the purpose of concluding the applicable contract with SOPHOS; (iv) Compliance with SOPHOS obligations under the contractual relationship; (v) Investigation, verification and validation of information provided by suppliers and contractors, with any information from SOPHOS that legitimately has and lists; (vi) Management of information of suppliers and contractors for the authorization and sending of purchase orders and payment of invoices; (vii) Contact, meetings and visits with suppliers and contractors, their collaborators, shareholders and/or any person representing them in the framework of the contractual relationship; (viii) Communication, consolidation, organization, updating, control, accreditation, statistics, reporting, maintenance, interaction and management of the actions, information and activities in which suppliers and contractors are related or linked to SOPHOS; (ix) Other purposes necessary and provided in the environment of the contract; (x) Transfer and/or transmit the personal information of suppliers to other entities of the SOPHOS Group and to third parties for the purposes described above; (xi) Transfer the personal data of suppliers in the framework of the definition, structuring and execution of strategic transactions, such as the sale of assets or shares in case the Company or parts of its business are sold, merged or acquired by third parties.

Processing of Sensitive Data and Data on Children and Adolescents:

SOPHOS informs that it processes personal data of members of the family group of the human resource, including that of children and adolescents who integrate it, in order to grant the benefits offered by SOPHOS or for the registration of members of the family group in the events and welfare activities organized by SOPHOS. In the event of processing of personal data of children and/or adolescents, SOPHOS shall ensure that: (a) The processing responds to and respects the best interests of children and adolescents. (b) Treatment should ensure respect for the fundamental rights of children and adolescents. (c) Assess the child’s opinion when the child has the maturity, autonomy and ability to understand the matter.

In addition, the information processed may contain sensitive data, such as: the image, or any other physical trait that may be recorded in audio recordings, photographs and videos, the print and the signature. Similarly, health-related data may be required. In the processing of sensitive data, SOPHOS shall obtain the express consent of the data controller and inform the data controller that because sensitive data are not required to authorize their processing. SOPHOS will only collect information of a sensitive nature that is necessary and relevant to the fulfillment of the following purposes: (i) To verify whether the holders meet the physical requirements necessary to perform the position and/or obligations for which they are applying or were hired; (ii) To have the information necessary to attend any medical emergency that arises during the provision of services in the facilities of SOPHOS; (iii) To comply with occupational safety and health standards and implement the SG-SST, and any other program, system and/or plan that seeks to protect the health of the worker, holders and persons in the workplace; (iv) To carry out epidemiological surveillance activities within the framework of the Occupational Health program; (v) Compliance with the legal obligations arising from the employment and/or contractual relationship, such as, carrying out all the necessary formalities for the registration of beneficiaries with the Social Security System, or any other activity derived from the applicable legislation; (vi) Providing the respective security in the training and activities carried out by SOPHOS; (vii) Identifying the personnel who access the facilities of SOPHOS. In accordance with Law 1581/2012, the rights that you have as holder of the information are:

  1. Know, update, and rectify your personal data
  2. Revoke the authorization granted for the processing of your personal data.
  3. Request the deletion of your personal data.
  4. Request proof of the authorization granted.
  5. Be informed of the use of your data.
  6. File complaints with the Superintendency of Industry and Commerce (SIC) for violations of the provisions of the Law on Protection of Personal Data once you have exhausted the consultation or complaint procedure before SOPHOS.
  7. Access free of charge to your personal data that has been subject to Processing.


Any concerns related to your personal data can be directed to the email: habeasdata@sophossolutions.com or contact us at 7433001 Ext. 1041.
See our Personal Data Protection Policy on the website www.sophossolutions.com