Return to Ditar.co

PRIVACY POLICIES

DICTATE S.A.., a company dedicated to a) The production, marketing, import and export of notebooks, school supplies, continuous forms of paper, office supplies, lithographs, graphic arts, and commercial forms b) The acquisition of raw materials and other supplies required by the previous activities announced c) Conclude agency contracts, distributions, concessions, supplies and appropriation for the activities listed in ordinal a. d) Buying, selling, mortgaging, pledging and managing all kinds of real estate and movable property in development of its corporate purpose; the company may conclude all kinds of commercial, labor, civil, administrative and financial contracts necessary for the performance of its activities; Print all types of Security documents, securities and forms for betting on chance, the company may enter into all kinds of commercial, labor, civil, administrative and financial contracts necessary for the performance of this activity; Adaptation, installation of furniture, office equipment, provision and administration of guidelines, among other activities planned in its corporate purpose, identified with NIT 802.005.820-5 with main address at Km 7 via Juan Mina Parque Industrial Clavería Bodega No.1 in Barranquilla, Colombia. DITAR S.A. recognizes the importance of the security, privacy and confidentiality of the personal data of its workers, customers, suppliers and in general of all its stakeholders with respect to whom it processes personal information, and therefore, in compliance with constitutional and legal mandates, it presents the following document containing its policies for the processing of personal data.

TITLE I DEFINITIONS The concepts presented below are the result of what was stated by Law 1581 DE 2012. Therefore, they must be interpreted comprehensively and in accordance with the fundamental right they develop.1.Authorization: Prior, express and informed consent of the owner of the personal information for the company to carry out the processing of their personal data. Consent can be granted in writing, orally or through unambiguous conduct on the part of the owner that leads to the conclusion that he granted the authorization.2. Database: Organized set of personal data subject to the3. Personal data: Any information linked to or that can be associated with one or more specific natural persons o4. Public data: It is the data qualified as such according to the mandate of the Law and/or the Political Constitution. Public data, among others, are those contained in public documents, those relating to the civil status of individuals, their profession or profession, their status as a merchant or public servant and those that can be obtained without reservation5. Private Data: This is data that, due to its intimate and reserved nature, is only relevant to the owner.6. Sensitive data: Data that affects the privacy of the Data Controller, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social or human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sexual life and biometric data, among others, the capture of still or moving images, fingerprints, photographs , iris, voice, facial or clap recognition7. Eligible cause: A person who has succeeded another cause of death (heir or legatee) .8. Data processor: Natural or legal person, public or private, who, on their own or in association with others, processes personal data on behalf of the person responsible for the9. Data controller: Natural or legal person, public or private, who, on their own or in association with others, decides on the database and/or data processing.10. Owner: Natural person whose personal data are subject to Processing11. Data processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

TITLE II PRINCIPLES TO WHICH THE TREATMENT IS SUBJECT
In any case, the processing of personal data carried out on the occasion of this treatment policy must be strictly governed by the following principles: 1. Principle of legality in the matter of data processing: The processing referred to in this law is a regulated activity that must be subject to what is established in it and in the other provisions that develop it. Principle of freedom: Unless otherwise required by law, the collection of data can only be carried out with the prior, express and informed authorization of the owner. Personal data may not be obtained or disclosed without the prior consent of the owner, or in the absence of a legal or judicial mandate relieving consent.3. Principle of purpose: The treatment must comply with a legitimate purpose in accordance with the Constitution and the Law, which must be informed al4. Principle of veracity or quality: In accordance with Article 22 of Decree 1377 of 2013, the information subject to treatment must be true, complete, accurate, updated, verifiable and 5. Security principle: DICTAR, as responsible for the processing of personal data, provides the technical, human and administrative measures that are necessary to provide security to records, preventing their tampering, loss, consultation, use or unauthorized access o6. Principle of transparency: In the processing of information, the right of the owner to obtain, at any time and without restrictions, information about the existence of data that he reads7 must be guaranteed. Principle of access and restricted circulation: The processing is subject to the limits derived from the nature of personal data, the provisions of this policy, the Law, and the Constitution.8. Principle of confidentiality: All persons who are involved in the processing of personal data, who are not public in nature, are obliged to guarantee the confidentiality of information, even after the end of their relationship with any of the tasks included in the treatment, and may only provide or communication of personal data when this corresponds to the development of activities authorized by law.

TITLE III PURPOSES OF THE TREATMENT
DICTATE S.A. has different types of databases, which are classified into the following categories and purposes:No. TYPE OF DATABASE PURPOSE 1 Human management. This category includes all physical and automated databases and files related to human management processes, such as payroll settlement, compliance with legal obligations, labor certifications, schedule control, training records, for effective personnel management.2 Process management. This category includes the administration of the management system, auditing, recording and monitoring of occupational accidents that may occur in compliance with the contractual object, in order to implement controls and policies for risk mitigation. Record of absenteeism and cases in the process of being qualified or qualified as an occupational disease. Manage and control traffic violations by employees of the organization 3. Sales. This category includes all physical and automated databases and files related to customer management, and its purpose is to strengthen relationships by sending relevant information, taking orders and dealing with Requests, Complaints and Complaints (PQR), evaluating the quality of your customer service.4. Shopping. This category includes all physical and automated databases and files related to supplier management, with the purpose of consolidating timely and quality supply with their Suppliers, through the invitation to participate in selection processes, the evaluation of compliance with their obligations.

TITLE IV RIGHTS OF HOLDERS OF PERSONAL DATA
1. Know, update and rectify your personal data at any time with DITAR S.A. regarding data that you consider partial, inaccurate, incomplete, fractional and those that induce a2. Request proof of the existence of the authorization granted to DICTAR A., except in cases where the law exempts authorization.3. To be informed, upon request, of the use that has been given to your data.4 Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or supplement it.5. Modify and revoke the authorization and/or request the deletion of data, when the treatment given does not respect the principles, rights and legal and constitutional safeguards6. Have knowledge and free access to your personal data that have been processed by DITAR S.A.

TITLE V DUTIES OF DICTATE, S.A. WITH RESPECT TO THE HOLDERS OF PERSONAL DATA
DICTATE S.A.. keep in mind that Personal Data is the property of the people to whom they refer and only they can decide on them. Likewise, it will use such data only for the purposes for which it is duly empowered and in compliance, in any case, with current regulations on the Protection of Personal Data, for which purpose, it will comply with the following obligations:1. Guarantee the Owner, at all times, the full and effective exercise of the right to habeas data.2. Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the3. Duly inform the Owner about the purpose of the collection and the rights granted to him by virtue of the authorization4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized access o5. Inform at the request of the owner about the use given to their data.6 Process inquiries and complaints made in the terms indicated in this policy.7. Ensure that the principles for the processing of personal data set out in this policy are complied.a8 Inform the data protection authority when there are violations of security codes and there are risks in the management of the Data Controllers' information.9. Update, rectify personal data when appropriate, or delete them when appropriate at the request of the10. Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

TITLE VI PROCESSING OF PERSONAL DATA
1. RecoleccionDitar S.A. collects personal information through different activities related to its corporate purpose, and within the framework of its obligations as an employer. The information is requested directly from the owner. b) Storage The storage of personal information contained in the databases is located on our servers, located in the main office of DITAR S.A., with all physical, technical and administrative security measures, and has access controls to information, guaranteeing the principle of access and restricted circulation.c) Uses and purposes of collecting the information The use and purpose of the information collected and stored in the databases, has different objectives, including: A. Management of internal statistics, customer service (PQR Management), customer loyalty, sending communications.1. Billing, Purchasing, Relationship History1. Shift control, staff training, personnel management, temporary work management, social benefits, occupational risk prevention, promotion and selection of 1. Accounting, fiscal and administrative management: requirements by supervisory bodies, private and sensitive data, attention to and monitoring of judicial authority requests or Notwithstanding the above, all communication channels where information is transmitted by the owners, establish the purpose of collecting the information. d) Circulación Ditar S.A. does not share and/or transmit the personal data it collects with third parties, and internally it has established access controls for the entry of its employees to information systems of the organization, exclusively to the information that, according to the role and/or position, the employee must know. In the event that DITAR S.A. transmits personal information to third parties, it guarantees adequate security and confidentiality measures during transmission to prevent loss, unauthorized or fraudulent use. e) Deletion Personal information that is requested when complying with aspects: legal, contractual, tax, for auditing purposes, among others, will be stored in accordance with the maximum time established in Colombian legislation for its retention. The deletion of personal information collected in databases, whose purposes are not mandatory by law, will be carried out once the purpose has been fulfilled, in accordance with the authorizations, contracts and/or agreements that the owner of the information has previously agreed with DITAR S.A., however, some information may be kept for auditing purposes.

TITLE VII AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA
DICTATE S.A.. will request prior and informed authorization from the holders of the information for their processing. This may be written, verbal or through unambiguous behavior. The organization will keep proof of the authorizations obtained for the processing of the data. In the case, where the owner of the information decides to request to delete their information, the authorization obtained will be preserved for as long as the organization requires it.

TITLE VIII PROCEDURE FOR FILING COMPLAINTS, INQUIRIES AND REQUESTS.
Any request, query or complaint submitted to DITAR S.A. by any owner or its root causes regarding the management and treatment given to the Policy for the processing of personal data. The request will be resolved in accordance with the law regulating the right to habeas data and will be processed under the following rules: a) ConsultationsThe owner of the information, his or her dependants or any other person with a legitimate interest, will make inquiries through written communication or by email, in which: 1.Determine your identity, including your name and identification number.2. The reason for the3 must be clearly and explicitly specified. The legitimate interest with which it acts is accredited, by attaching in any case the appropriate supports.4. Indicate the physical or electronic address of correspondence to which the response can be sent in accordance with article fourteen (14) of Law 1581 of 2012: “The consultation will be answered within a maximum period of ten (10) business days from the date of its receipt. When it is not possible to respond to it within the above-mentioned term, the interested party will be informed before the deadline has expired of the reasons why their query has not been answered, which in no case may exceed five (5) business days following the expiration of the first term.” b) ComplaintsThe Owner or his dependants who consider that the information contained in a database should be corrected, updated or deleted or when they notice the alleged breach of any of the duties contained in the regulations on Personal Data Protection, they may file a complaint with the data controller. The claim may be submitted by the holder taking into account the information indicated in article 15 of Law 1581 of 2012 and these rules:1. The complaint must: i) include the identity of the complainant, including their name and identification number; ii) clearly and explicitly specify the reason for the consultation; iii) prove the legitimate interest with which the complainant acts, attaching in any case the appropriate supports and, iv) indicate the physical or electronic address of correspondence to which the response to the request should be sent. If the complaint is found to be incomplete, “the interested party will be required within five (5) business days following receipt of the complaint to rectify the faults. After two (2) months have elapsed from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn the claim.” In the event that whoever receives the complaint is not competent to resolve it, it will be transferred to the appropriate person within a maximum period of two (2) business days and will inform the interested party of the situation.2. “Once the complete claim has been received, a legend that says “pending claim” and the reason for the claim will be included in the database, within a period not exceeding two (2) business days. This legend must be kept until the claim is decided.” 3. “The maximum period for dealing with the claim will be fifteen (15) business days from the date of its receipt. When it is not possible to attend to it within the period indicated above, the interested party will be informed before the deadline of the deadline of the reasons for which there has been no response to their query, which in no case may exceed eight (8) business days following the expiration of the first term”. The request to delete the information and the revocation of the authorization will not proceed when the owner has a legal or contractual duty to remain in the database. If the respective legal term has expired, the responsible and/or manager, as the case may be, have not deleted the personal data, the owner will have the right to request the Superintendency of Industry and Commerce to order the revocation of the authorization and/or deletion of personal data. For these purposes, the procedure described in article 22 of Law 1581 of 2012 will be applied.

TITLE IX RESPONSIBLE FOR COMPLIANCE WITH THE POLICY FOR THE PROCESSING OF PERSONAL DATA.
The area responsible for receiving, responding to and resolving inquiries and complaints from holders of personal data or individuals entitled to do so is Administrative and Financial Management, contacted via email at info@ditar.co

TITLE X CHANGES TO THE POLICY
DITAR S.A. reserves the right to modify the policy for the processing of personal data at any time. For this purpose, it will use any mechanism it determines to give notice to the owners of the information five (5) business days before its implementation and for the duration of the policy (Email, publication of a notice on a website, among others). If they do not agree with the new personal information management policies, the owners of the information or their representatives may request the organization to withdraw their information through the means indicated above. However, you cannot request the removal of the data while maintaining a link of any order with the organization.

TITLE XI EFFECTIVE
This policy will be in effect from April 2019.