Gold Data - Privacy Policy

Introduction

Taking as a reference Article 15 of the Political Constitution of Colombia, where the object is to know, update and rectify the information that has been collected in the databases and files, in Article 20, we find a reference to the fact that all people have the right to information. In compliance with the above, it is necessary to establish for Gold Data, the conformation of a policy aware of the responsibility that assists it in matters of Treatment and Protection of Personal Data, the application is mandatory for all natural or legal persons who make treatment to personal data recorded in the various databases of Gold Data, this in order to provide the necessary baseline in order to comply with legal obligations in terms of protection of personal data.

Gold Data, hereby informs that: the personal data obtained by virtue of the operation where they are or will be entered into with the Entity, will be treated in accordance with the principles set forth in Law 1581 of 2012 and other rules and decrees that are related and regulate the matter. For such purposes, the following address will be used as domicile:

Address: CR 9 80 15 OF 1003

Municipality: BOGOTÁ D.C.

Department: BOGOTÁ D.C.

Telephone: 6014897160

Email: backoffice@golddata.net

Purpose and Scope

This Policy of Treatment and Protection of Personal Data shall apply to all databases and files containing personal data and which are subject to treatment by Gold Data, considered responsible or in charge of the processing of personal data. However, it should be noted that the protection of the interests and needs of the owners of the personal information processed by Gold Data must be provided in the first instance, prioritizing compliance with the requirements of the current regulations on Personal Data Protection, as well as any requirement arising from the principle of proven responsibility. All employees of Gold Data Business Units, Contractors and third parties who have a relationship with Gold Data and who process personal data must comply with this policy and the procedures established for the processing of personal data.

Glossary

Privacy Notice: Verbal or written communication generated by the responsible party, addressed to the Data Subject for the processing of his/her personal data, by means of which he/she is informed about the existence of the Information Processing Policies that will be applicable, the way to access them and the purposes of the processing that is intended to be given to the personal data.

Data Base: Organized set of personal data that is subject to processing.

Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons.

Sensitive Data: Information that affects the privacy of individuals or whose improper use may lead to discrimination (racial or ethnic origin, political orientation, philosophical or religious beliefs, relevance to trade unions or social organizations or human rights, health data, sex life and biometric data).

Data Processor: Natural or legal person, public or private, that by itself or in association with others, carries out the processing of personal data on behalf of the data controller. In the events in which the controller does not act as Data Processor of the database, it shall be expressly identified who will be the Data Processor.

Data Controller: Natural or legal person, public or private, who by itself or in association with others, decides on the database or the processing of data.

Data Subject: Natural person whose personal data are subject to processing.

Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.

Transfer: The transfer of data takes place when the person responsible or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.

Transmission: Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia when the purpose of the processing is the performance of a processing by Responsibilities.

Policy

Treatment and Purposes

Gold Data will use the information provided solely and exclusively for the purposes indicated, therefore, will safeguard the databases containing the information collected, and will not allow access to unauthorized personnel, except for the constitutional and legal exceptions in force and applicable on the matter.

In that sense will take all necessary precautions and measures to ensure the confidentiality of the information, in accordance with the principle of confidentiality that deals with Law 1581 of 2012, and other information in force on the subject. Similarly, the holder has the rights granted by the applicable and current regulations regarding data protection and the right to information.

The treatment that Gold Data will perform will be to collect, store, process, use and transmit or transfer (as appropriate) personal data, in strict compliance with the duties of security and confidentiality mandated by Law 1581 of 2012 and Decree 1377 of 2013, with the following purposes:

To register personal data information in Gold Data’s databases, with the purpose of maintaining a commercial relationship with its clients and suppliers.

To facilitate the implementation of programs in compliance with legal mandates.

To send information to governmental or judicial entities upon their express request.

Support external and internal audit processes.

Gold Data will also provide personal data to third parties that provide services or with whom it has some type of cooperative relationship, in order to:

Provide technical assistance.

Facilitate the implementation of programs in compliance with legal mandates.

Manage and administer databases.

Respond to petitions, complaints and appeals.

Provide answers to control bodies.

When Gold Data receives information that has been transferred to it by other entities due to its request, it will give it the same treatment of confidentiality and security that it gives to the information produced by itself.

Rights and Legal Conditions for Processing

Rights of the Holder of Personal Data

As holder of personal data, you have the right to:

Access free of charge to the data provided to Gold Data that have been subject to processing.

Know, update, and rectify your information against partial, inaccurate, incomplete, fractioned, misleading data, or those whose processing is prohibited.

File a complaint before the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other rules that modify, add, or complement it, once the complaint process has been exhausted before the responsible or in charge of the processing of personal data.

Request the deletion of the data when the treatment does not respect the principles, rights, and constitutional and legal guarantees, which will proceed when the authority has determined that Gold Data, in the treatment has incurred in conduct contrary to the Constitution and current regulations.

Know the data processing policy of the entity and through it, the use or purpose that will be given to their personal data.

Identify the responsible in Gold Data that will process and respond to their requests.

The others indicated by Article 8 of Law 1581 of 2012.

Guiding Principles

Under legal interpretation and application, the following principles shall apply:

Principle of Legality in Data Processing: Processing is a regulated activity that must be subject to the provisions of Law 1581 of October 17, 2012, regulatory decrees and other provisions that develop it.

Principle of Purpose: Processing must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Data Subject.

Principle of Freedom: Processing may only be exercised with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent.

Principle of Truthfulness or Quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. The Processing of partial, incomplete, fractioned, or misleading data is prohibited.

Principle of Transparency: The Processing must guarantee the right of the Data Subject to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data concerning him/her.

Principle of Access and Restricted Circulation: Processing is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the Processing may only be carried out by persons authorized by the Holder and/or by the persons provided by law. Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties.

Security Principle: The information subject to Processing by the Data Controller or Data Processor referred to in the law, must be handled with the technical, human, and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

Principle of Confidentiality: All employees and contractors involved in the Processing of Personal Data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that comprise the Processing, and may only supply or communicate personal data when it corresponds to the development of the activities authorized by law and under the terms of the same. Gold Data, undertakes to treat the personal data of the holders as defined in paragraph g) of Article 3 of Law 1581 of 2012 in an absolutely confidential manner making use of these, exclusively, for the purposes indicated in the preceding paragraph, provided that the holder has not objected to such treatment. Gold Data, informs that it has implemented the necessary technical and organizational security measures to ensure the security of your personal data and prevent its alteration, loss, treatment and / or unauthorized access.

Principle of temporality: Personal data will be kept only for the reasonable and necessary time to fulfill the purposes that justified the processing, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical aspects of the information. The data will be kept when this is necessary to comply with a legal or contractual obligation. Once the purpose of the processing and the terms established above have been fulfilled, the data will be deleted.

Integral interpretation of constitutional rights: The rights shall be interpreted in harmony and in balance with the right to information provided for in Article 20 of the Constitution and with the applicable constitutional rights.

Principle of Necessity: The personal data processed must be those strictly necessary for the fulfillment of the purposes pursued with the database.

Data Categorization

Sensitive Data are understood as those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.

The Processing of sensitive data is prohibited, except when:

The Data Subject has given his explicit authorization to such Processing, except in those cases where by law the granting of such authorization is not required. – The Processing is necessary to safeguard the vital interest of the Data Subject and he is physically or legally incapacitated. In these events, the legal representatives must grant their authorization.

The Processing refers to data that are necessary for the recognition, exercise, or defense of a right in a judicial process.

The Processing has a historical, statistical, or scientific purpose. In this event, the measures leading to the suppression of the identity of the Data Controllers must be adopted.

Special Authorization of Sensitive Personal

DataGold Data, will inform through the various means of obtaining authorization to all its owners, that under the law 1581 of 2012 and regulatory standards, where they are not required to grant authorization for the processing of sensitive data. In case of treatment of health-related data, Gold Data will implement the necessary measures to protect the confidentiality of the information. The sensitive biometric data processed are intended for the identification of individuals, security, compliance with legal obligations and the proper provision of services.

Rights of Children and Adolescents

The processing of personal data of children and adolescents is prohibited, except in the case of data of a public nature, and when such processing complies with the following parameters and/or requirements:

That it responds to and respects the best interests of children and adolescents;

That respect for their fundamental rights is ensured. Once the above requirements have been met, the legal representative of the children or adolescents shall grant the authorization, after the minor has exercised his or her right to be heard, an opinion that shall be assessed taking into account the maturity, autonomy and capacity to understand the matter.

Specific Guidelines

Area Responsible For Handling Requests, Inquiries And Claims Regarding Personal Data

Gold Data is responsible for the development, implementation, training and monitoring of this Policy. The Technology Management is the unit that has been designated by Gold Data as responsible for the attention of requests, queries, complaints and claims before which the holder of the personal data may exercise his/her rights to know, update and rectify the data.

Procedure For Attention And Response To Requests, Inquiries, Complaints And Claims From Personal Data Holders

The Owners of Personal Data that is being collected, stored, processed, used, and transmitted or transferred by Gold Data, may at any time exercise their rights to know, update and rectify the information.

For this purpose, the following procedure shall be followed, in accordance with the Personal Data Protection Law:

Means for the presentation of petitions, queries, complaints and claims

Gold Data has provided the following means for the reception and attention of requests, queries, complaints, and claims that allow us to keep proof of these:

Written communication addressed to Gold Data, Technology Management. CR 9 80 15 OF 1003 in the city of Bogotá D.C.

Telephone communication: to the number: 6014897160 during office hours

Request via e-mail: backoffice@golddata.net

Web Site https://golddata.net/contact

Attention and response to requests and inquiries

The Data Subject or his proxy, may request Gold Data:

Information about the Personal Data of the Data Subject that are subject to Processing.

Information regarding Gold Data’s use of your personal data.

Requests and inquiries will be answered within a maximum term of ten (10) working days from the date of receipt thereof. When it is not possible to attend the request or consultation within such term, the interested party shall be informed, stating the reasons for the delay, and indicating when the request or consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

Attention and response to complaints and claims

The Data Subject or its attorneys-in-fact, may request Gold Data, through a complaint or claim filed through the aforementioned channels:

The correction or updating of the information.

That the alleged breach of any of the duties contained in the Personal Data Protection Law be corrected or remedied.

The request must contain at least a description of the facts giving rise to the complaint or claim, the address and contact details of the applicant. If the complaint or claim is incomplete, Gold Data shall require the interested party within five (5) days following receipt of the complaint or claim to correct the faults. After two (2) months from the date of the requirement, if the applicant does not submit the required information, it shall be understood that the complaint or claim has been withdrawn. In the event that the unit that receives the complaint or claim is not competent to resolve it, it shall transfer it to the Technology Management to forward it to the corresponding area in the organization, within a maximum period of two (2) working days and shall inform the interested party of what has happened.

Once the complete complaint or claim is received, it will be included in the Data Base, in the corresponding section, a legend that says “claim in process” and the reason for the same, in a term no longer than two (2) business days. Said legend shall be maintained until the complaint or claim is resolved.

The maximum term to address the complaint or claim shall be fifteen (15) business days from the day following the date of its receipt. When it is not possible to address the complaint or claim within such term, the interested party shall be informed of the reasons for the delay and the date on which the complaint or claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

National Database Registry

In compliance with Article 25 of Law 1581 of 2012. Gold Data, will register its databases along with this policy of treatment and protection of personal data, in the National Registry of databases, administered by the Superintendence of industry and commerce, in accordance with the procedure established for this purpose.

Database Period and Validity

All databases owned by Gold Data will have the period and validity corresponding to the purpose for which their processing was authorized and the special rules governing the matter, as well as those that establish the exercise of the legal functions assigned to the Entity.

Validity

This Policy of Treatment and Protection of Personal Data will come into force once this document has been approved and published.

Responsibilities

7.1. Sensitization of Employees and Collaborators

Gold Data, together with the Information Security team, will develop programs aimed at training, awareness, and appropriation of personal data protection, with the purpose of making this policy known on an annual basis.

The Human Resources area shall ensure that employees, contractors and third parties are aware of their responsibilities with respect to the protection of personal data; training and evaluation plans shall be established for employees, taking into account the regulatory changes that are updated, so that the plans are updated periodically.

SMS Terms of Use

By “Opting In” to or using a “Text Message Service” (as defined below) from GoldData, you accept these Terms & Conditions.

This agreement is between you and GoldData Inc. or one of its affiliates. All references to “GoldData inc.,” “we,” “our,” or “us” refer to GoldData Inc., 1000 Sawgrass Corporate Pkwy, Suite 588 Sunrise FL 33323.

DEFINITIONS

“Opting In,” “Opt In,” and “Opt-In” refer to requesting, joining, agreeing to, enrolling in, signing up for, acknowledging, responding to, or otherwise consenting to receive one or more text messages.

“Text Message Service” includes any arrangement or situation in which we send one or more messages addressed to your mobile phone number, including text messages (such as SMS, MMS, or successor protocols or technologies).

CONSENTING TO TEXT MESSAGING

By submitting this web form https://golddata.net/contact/, user consent to receive messages from Gold Data at the number provided. By consenting to receive text messages from us, you agreed to these Text Messaging Terms and Conditions, as well as our general privacy policy https://golddata.net/privacy-policy/, defined in the first part of this document

E-SIGN DISCLOSURE

By agreeing to receive text messages, you also consent to the use of an electronic record to document your agreement. You may withdraw your consent to the use of the electronic record by replying STOP.

SMS Privacy Policy

We do not share any mobile opt-in data with third parties. This includes your phone number, consent, or any other personal information collected through our SMS services. We will only use your data for the sole purpose of sending you transactional and security-related messages, as you have authorized.
You can opt out of receiving messages at any time by replying STOP to any message you receive. After we receive your message, you will receive one final confirmation that you have been unsubscribed and will no longer receive any further messages from this service.
The frequency of messages you receive will vary. We will only send messages for transactional and security purposes, such as one-time passwords and account alerts.

This policy is addressed to all persons and organizations that share with us their personal and/or confidential data, so that they have at their disposal the necessary and sufficient information about the processing and purposes for which their data will be used. The application of this policy is addressed to all databases, physical, digital and hybrid, and which are subject to processing by Gold Data, considering Gold Data as responsible. This policy is of mandatory compliance by all natural and legal persons responsible for the administration and management of Gold Data’s personal databases, especially those responsible for managing the databases, especially the groups that handle document management, attend, and respond to requests, complaints, and claims, specifically those related to the Law of Personal Data Projection.

We respect your privacy. We only use information you provide through this service to transmit your mobile messages and respond to you. This includes, but isn’t limited to, sharing information with platform providers, phone companies, and other vendors who assist us in the delivery of mobile messages. Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Nonetheless, we reserve the right always to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect our rights or property. This Text Message Service Privacy Policy applies to your use of the Text Message Service and isn’t intended to modify our general general privacy policy, incorporated by reference above, which may govern the relationship between you and us in other contexts.

COSTS OF TEXT MESSAGES

We do not charge you for the messages you send and receive via this text message service. But message and data rates may apply, so depending on your plan with your wireless or other applicable provider, you may be charged by your carrier or other applicable provider.

FREQUENCY OF TEXT MESSAGES

This Text Messaging Service is for conversational person-to-person communication between you and our employees. We may send you an initial message providing details about the service. After that, the number of text messages you receive will vary depending on how you use our services and whether you take steps to generate more text messages from us (such as by sending a HELP request).

OPTING OUT OF TEXT MESSAGES

If you no longer want to receive text messages, you may reply to any text message with STOP, QUIT, END, REVOKE, OPT OUT, CANCEL, or UNSUBSCRIBE. As a person-to-person communication service, opt-out requests are specific to each conversation between you and one of our employees and their associated phone number. After unsubscribing, we may send you confirmation of your opt-out via text message.

Related Documents

The General Data Protection Regulation (GDPR)

Sole Decree 1074 of 2015

Decree 090 of January 18, 2018.

Law 1266 of 2008

Law 1581 of 2012