efamaa
HomeControl PanelEmailContactFree Consultation
ESPANOL

0 Years of experience

0 Years
of experience

+ 0 Happy clients

+ 0 Successful projects

Efamaa

Info & TelephonyContact Us
Artificial Intelligence (AI)SystemsSecurityWeb & DesignInfo & TelephonyConsulting

Privacy and Data Processing Policy

This Policy outlines the measures taken by Efamaa SAS to secure your Personal Data, as well as the procedures followed for the collection, use, and disclosure of such data.

Information of the Data Controller

  • Business Name

    Efamaa SAS

  • Tax Identification Number (TIN)

    9011178799

  • Address

    Cra. 7 #156-80, Torre 3 Oficina 1805, Bogotá – Colombia

  • Phone

    +57 601 743-2271

  • Legal Representative

    Esael Angel

  • Privacy Officer

    Esael Angel

  • Email

    contacto@efamaa.com

  • Website

    www.efamaa.com

Application and Regulatory Framework

Based on Article 15 of the Colombian Constitution, Law 1581 of 2012, and Regulatory Decrees 1377 of 2013 and 886 of 2014 (now contained in Chapters 25 and 26 of the Single Decree 1074 of 2015), which develop the general framework for data protection in Colombia, Efamaa SAS has implemented this Personal Data Processing Policy, which will govern all areas of the company and third parties entrusted with the processing of the provided personal data. This is to respect the rights and guarantees of data subjects regarding privacy and to comply with applicable regulations.

MANDATORY COMPLIANCE

This Policy is mandatory and must be strictly followed by all employees, contractors, and third parties acting on behalf of Efamaa SAS (including its Data Processors). All must observe and respect this Policy in the performance of their duties. In cases where there is no employment relationship, a contractual clause must be included requiring those acting on behalf of Efamaa SAS to comply with this Policy. Non-compliance will result in labor sanctions or contractual liability, without prejudice to the obligation to compensate for damages caused to data subjects or the company due to improper processing of Personal Data. For all purposes, this Policy will serve as an internal manual of policies and procedures, as well as an information processing policy, as provided in Articles 17 (literal k), 18 (literal f), and 25 of Law 1581 of 2012.

Glossary of Terms

  • Affiliate

    Companies with which Efamaa SAS shares one or more shareholders.

  • Data Subject Authorization

    Physical, electronic, or any other format document containing the prior, express, and informed consent granted by the Data Subject for the processing of their Personal Data by Efamaa SAS.

  • Database

    An organized set of Personal Data subject to processing, including physical, electronic, and automated files.

  • Public, Private, and Semi-private Personal Data

    According to the classification established in the Personal Data Protection Law, distinguished by the degree of confidentiality required for its processing.

  • Sensitive Data

    Information that affects the privacy of the Data Subject or whose misuse could lead to discrimination (e.g., data on racial origin, political orientation, religious beliefs, health data, among others).

  • Data Processor

    A natural or legal person who, independently or in association, processes Personal Data on behalf of Efamaa SAS.

  • Privacy Officer

    The person designated by Efamaa SAS whose primary function is to protect the Personal Data of data subjects, monitor compliance with this Policy, and process requests for the exercise of rights.

  • Data Controller

    Efamaa SAS, which acts in relation to the data subjects whose personal data it decides to process.

  • Data Subject

    A natural person whose Personal Data is subject to processing.

  • Processing

    Any operation or set of operations performed on Personal Data, whether automated or not, such as collection, recording, organization, storage, consultation, use, disclosure, among others.

  • Transmission and Transfer of Personal Data

    Processes through which Personal Data is communicated or sent to a third party, either within or outside the national territory, as long as the Law permits it.

  • Personal Data Breach

    Any incident involving the destruction, loss, alteration, unauthorized disclosure, or illegal access to Personal Data.

Principles for Personal Data Processing

Principles related to the collection of Personal Data
  • Principle of freedom: The collection of Personal Data will only be carried out with the prior, express, and informed authorization of the Data Subject, except for exceptions provided by law.
  • Principle of limitation of collection: Only the Personal Data necessary to fulfill the specific purposes of the processing will be collected.
Principles related to the use of Personal Data
  • Principle of purpose: The processing will comply with a legitimate purpose previously informed to the Data Subject.
  • Principle of temporality: Personal Data will only be retained for the time necessary to fulfill the purpose of the processing or to comply with legal or contractual obligations.
  • Principle of non-discrimination: Any act of discrimination based on the collected information is prohibited.
  • Principle of reparation: In case of damages caused by failures in the processing, Efamaa SAS will compensate for the damages caused.
Principles related to the quality of information
  • Principle of truthfulness or quality: The information must be truthful, complete, accurate, up-to-date, verifiable, and understandable, avoiding inaccurate or incomplete records.
Principles related to the protection, access, and circulation of Personal Data
  • Principle of security: Technical, human, and administrative measures will be adopted to protect Personal Data against alteration, loss, unauthorized access, or disclosure.
  • Principle of transparency: The Data Subject's right to obtain information about the processing of their Personal Data will be guaranteed.
  • Principle of restricted access and circulation: Access to Personal Data will be limited to authorized persons, including the Data Subject, their representatives, and those authorized by law.
  • Principle of confidentiality: All persons involved in data processing must ensure the confidentiality of the information, even after their relationship with the company has ended.

Purpose of Personal Data Processing

The purposes for which Personal Data is collected by Efamaa SAS will be established in the Authorization granted by the Data Subject. By way of example, the following purposes may be authorized:

For customers, users, suppliers, contractors, and others:
  • Develop the corporate purpose and provide the services offered.
  • Negotiate, enter into, and execute contracts, manage correspondence, and handle requests.
  • Conduct studies, surveys, market analysis, and loyalty activities.
  • Send offers, news, and commercial or promotional communications via email, SMS, phone calls, etc.
  • Create databases based on the profiles and characteristics of data subjects.
  • Manage legal, administrative, and accounting matters.
For employees and former employees:

The processing will be carried out to comply with legal and regulatory obligations in labor, tax, and social security matters, among other administrative and internal management activities.

For candidates in selection processes:

The processing will be aimed at preventing illegal activities, evaluating profiles, verifying information, and other purposes related to recruitment.

Rights of Personal Data Subjects

  • Know, update, and rectify their Personal Data.
  • Request proof of the Authorization granted for the processing.
  • Be informed about the use of their Personal Data.
  • Access, free of charge and at least once a month, the information of their processed Personal Data.
  • Revoke the Authorization and/or request the deletion of their Personal Data, provided there are no legal or contractual obligations preventing such deletion.
Exceptions:
  • Efamaa SAS is legally obligated to retain certain Personal Data.
  • The deletion hinders judicial or administrative proceedings.
  • The Data is necessary to protect legally protected interests, comply with legal obligations, or serve public interests.
The rights may be exercised by:
  • The Data Subject themselves, by sufficiently proving their identity.
  • Their heirs, after proving their status.
  • Representatives or attorneys, by proving the corresponding representation.

Duties of Efamaa SAS as Data Controller

Regarding the Data Subject:
  • Request and retain a copy of the Authorization granted by the Data Subject.
  • Clearly and sufficiently inform the purpose of data collection and the rights of the Data Subject.
  • Guarantee the full and effective exercise of the right to habeas data.
  • Handle inquiries and complaints related to the use of Personal Data.
Regarding the quality, security, and confidentiality of information:
  • Observe the principles of truthfulness, quality, security, and confidentiality.
  • Retain information under security conditions that prevent its alteration, loss, or unauthorized access.
  • Update and rectify information when necessary.
When using a Data Processor:
  • Provide only the Personal Data previously authorized.
  • Ensure the truthfulness and accuracy of the information provided to the Processor.
  • Communicate any changes or rectifications to the information in a timely manner.
  • Require the Processor to respect the established security and privacy conditions.
Regarding the Superintendency of Industry and Commerce:
  • Report any breaches of security codes or risks in the administration of Personal Data.
  • Comply with the instructions and requirements of the Superintendency.

Authorization for Personal Data Processing

The Personal Data Protection Law requires that the Authorization to collect Personal Data be granted in advance, expressly, and informed. Efamaa SAS will obtain this Authorization before proceeding with the processing, except in cases provided by law.
To obtain the Authorization, the following must be done:
  • Clearly and expressly inform the Data Subject about:
  • The processing that will be applied to their Personal Data and its purpose.
  • The optional nature of responses in the case of Sensitive Data.
  • The rights they have.
  • The identification, physical or electronic address, and phone number of Efamaa SAS.
  • Keep a record of compliance in the process of obtaining consent, which may be in writing or through unequivocal actions demonstrating the Data Subject's willingness to authorize the processing.
  • The following are authorized to grant consent:
  • The Data Subject themselves, duly accredited.
  • Their heirs, after proving their status.
  • Representatives or attorneys, by proving the corresponding representation.
  • By stipulation in favor of another or for another, as the case may be.

Sensitive Personal Data

In general, Efamaa SAS does not process Sensitive Data, except in exceptional cases where:

  • The Authorization is explicit.
  • The Data Subject is informed that, since it is Sensitive Data, they are not obligated to authorize it.
  • It is clearly and previously specified which Personal Data will be processed and the purpose of the processing.

Consultation Procedure

1. Consultation Procedure

1.1 Guaranteed Rights:

Efamaa SAS guarantees the Data Subject the right to consult the information contained in their individual record and any other information linked to their identification, in accordance with the law.

1.2 Responsible for Handling Consultations:

The Privacy Officer of Efamaa SAS will be responsible for receiving and processing consultation requests.

1.3 Means to Submit Consultations:

  • Email: contacto@efamaa.com
  • Phone: +57 601 743-2271
  • Office: Cra. 7 #156-80, Torre 3 Oficina 1805, Bogotá – Colombia

1.4 Response Times:

Requests will be processed within a maximum term of ten (10) business days from receipt. In case of impossibility, the interested party will be informed before the expiration of the term, indicating the reasons and the new response date (which will not exceed five (5) additional business days).

2. Claims Procedure

2.1 Guaranteed Rights Through the Claims Procedure:

Efamaa SAS guarantees the Data Subject the right to request the correction and updating of their Personal Data, as well as to revoke the Authorization or request the deletion of their Personal Data, provided that legal parameters are met.

2.2 Responsible for Handling Claims:

The Privacy Officer of Efamaa SAS will be responsible for receiving and processing claims, in accordance with current regulations.

2.3 Means and Requirements to Submit Claims:

  • Email: contacto@efamaa.com
  • Phone: +57 601 743-2271
  • Office: Cra. 7 #156-80, Torre 3 Oficina 1805, Bogotá – Colombia

The claim must contain, at a minimum:

  • Identification of the Data Subject.
  • Description of the facts giving rise to the claim.
  • Address of the Data Subject.
  • Documents or evidence to be attached.

2.4 Deadlines and Additional Procedures:

  • If the claim does not meet the requirements, the claimant will be asked to rectify the deficiencies within five (5) days.
  • If two (2) months pass without rectifying the deficiencies, the claim will be considered withdrawn.
  • Once the complete claim is received, Efamaa SAS will include the label 'claim in process' in the database until the situation is resolved.
  • The maximum term to process the claim will be fifteen (15) business days, extendable to eight (8) business days in case of justified circumstances.

2.5 Personal Data Deletion Procedure:

If the deletion of Personal Data is appropriate in accordance with the claim, Efamaa SAS will carry out the deletion in such a way that the information is not recoverable, except when legal retention obligations require certain data to remain in historical records.

International Transmission or Transfer of Personal Data

When Efamaa SAS carries out an international transmission or transfer of Personal Data, it will only do so when:

  • The Personal Data Protection Law allows it.
  • There is prior, express, and unequivocal Authorization from the Data Subject.
  • A contractual, commercial, and/or legal link is established that guarantees the proper processing of the data at the destination.

Acceptance of the Personal Data Processing Policy

The Data Subject accepts the processing of their Personal Data in accordance with the terms of this Policy. Efamaa SAS may continue processing Personal Data for the described purposes, as long as the right to revoke or delete such authorization is not exercised.

Privacy Officer

In accordance with current regulations, Efamaa SAS has designated a Privacy Officer, who will be responsible for:

  • Ensure the implementation of this Policy.
  • Administer the Personal Data protection program.
  • Process requests for the exercise of rights by Data Subjects.

The Privacy Officer is:

  • • Nombre: Esael Angel
  • • Cargo: Legal Representative and Privacy Officer
  • • Contacto:
  •   Email: contacto@efamaa.com
  •   Phone: +57 601 743-2271

National Database Registry

Efamaa SAS will proceed to register its Databases and this Policy in the National Database Registry administered by the Superintendency of Industry and Commerce, in accordance with the provisions of the Circular and other applicable regulations.

Personal Data Breach or Risk in Administration

In the event of any breach of Personal Data or risk in its administration, Efamaa SAS will immediately inform the Superintendency of Industry and Commerce, in accordance with the provisions of the Personal Data Protection Law.

Scope and Purpose of Granted Authorizations

The term of the authorizations for the use of Personal Data will be understood as the duration of the commercial relationship or association with Efamaa SAS, or while the corresponding services are provided, unless regulations require their retention for longer periods.

Validity of the Policy

This Policy is effective as of August 20, 2020, and will remain in force indefinitely, as long as Efamaa SAS maintains activities that require the processing of Personal Data. Data Subjects are advised to periodically review this Policy on the website www.efamaa.com, where any modifications will be published.

The most recent modification of this Policy is as of June 13, 2024. Any changes will be communicated to Data Subjects in a timely manner.

Efamaa SAS
Legal Representative and Privacy Officer:
Esael Angel

Contact us

Let's talk about your project and how we can help you achieve your goals. Fill out the form below and we'll get back to you as soon as possible.

Contact

Phone fijo:+57 601 743-2271

Whatsapp:+57 312 248 7805

Email: contacto@efamaa.com

Customer service: sac@grupoefamaa.com

Address:Cra. 7 #156-80, Torre 3 Oficina 1805 Bogotá - Colombia

OfficeHours:
Monday to Friday 8am to 6pm. , Saturday 8am to 12pm.

Send us a message