Generalities
This document establishes the Personal Data Processing Policies of the National Federation of Coffee Growers of Colombia, acting as a private sector trade union entity and as Administrator of the National Coffee Fund (hereinafter, the ENTITY), in compliance with the provisions of the Law 1581 of 2012 and Decree 1377 of 2013, and it describes the mechanisms through which the ENTITY guarantees an adequate management of the personal data collected in its databases, in order to allow the holders the exercise of the right of Habeas Data.
Responsable
The ENTITY is a private, non-profit legal entity, domiciled in Bogotá, with legal status recognized by the National Government by executive resolution No. 33 of September 2, 1927, published in the Official Gazette No. 20,894 of 1928 , with NIT 860.007.538-2, whose contact details are as follows:
Address: Calle 73 No. 8 – 13, Bogotá D.C., Colombia
Telephone: 3136600
Email: datos.personales@cafedecolombia.com
Definitions
Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data;
Database: Organized set of personal data that is the object of Treatment;
Personal data: Any information linked or that can be associated with one or several determined or determinable natural persons;
Person in charge: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller;
Responsible: Natural or legal person, public or private, that by itself or in association with others, decides on the basis of data and / or the Processing of data;
Owner: Natural person whose personal data is subject to Treatment;
Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
Principle of legality: The processing of personal data is a regulated activity that must be subject to the provisions of the law and the other provisions that develop it;
Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder;
Principle of freedom: The Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent;
Principle of truthfulness or quality: The information subject to Treatment must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractional or error-inducing data is prohibited;
Principle of transparency: In the Treatment, the right of the Holder to obtain information about the existence of data concerning him must be guaranteed from the Data Controller or the Data Controller, at any time and without restrictions;
Principle of access and restricted circulation: The Treatment is subject to the limits derived from the nature of personal data, the provisions of the law and the Constitution. In this sense, the Treatment may only be done by persons authorized by the Holder and / or by the persons provided by law.
Personal data, except public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to Holders or third parties authorized under the law;
Security principle: The information subject to Treatment by the Person Responsible for the Treatment or Treatment Manager must be handled with the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or access. authorized or fraudulent;
Principle of confidentiality: All persons involved in the Processing of personal data that do not have the nature of audiences are obliged to guarantee the reservation of information, even after the end of their relationship with any of the tasks included in the Treatment, being only make provision or communication of personal data when it corresponds to the development of the activities authorized in the law and in the terms thereof.
Content of the databases
General information is stored in the ENTITY’s databases such as full name, number and type of identification, gender and contact information (email, physical address, landline and mobile phone). In addition to these, and depending on the nature of the database, the ENTITY may have specific data. In the databases of employees and contractors, additional information on work and academic history, sensitive data required by the nature of the employment relationship (photography, family group formation, biometric data) is included.
In the databases, sensitive information may be stored with the prior authorization of its owner, in compliance with the provisions of articles 5 and 7 of Law 1581 of 2012.
Treatment
The information contained in the entity’s databases is subject to different forms of treatment, such as collection, exchange, update processing, reproduction, compilation, storage, use, systematization and organization, all of them partially or totally in compliance with the purposes set forth herein. The information may be delivered, transmitted or transferred to public entities, business partners, contractors, affiliates, subsidiaries, solely for the purpose of fulfilling the purposes of the corresponding database. In any case, the delivery, transmission or transfer will be made prior subscription of the necessary commitments to safeguard the confidentiality of the information. Personal information, including sensitive information, may be transferred, transmitted or delivered to third countries, regardless of the level of security of the regulations governing the handling of personal information. In compliance with legal duties, the ENTITY may provide personal information to judicial or administrative entities. The ENTITY will ensure the correct use of personal data of minors, ensuring that the applicable legal requirements are met and that all treatment is previously authorized and is justified in the best interests of minors.
Purpose
The information collected by the ENTITY is intended to allow the proper development of its object as a trade union entity, as well as the mandates in its capacity as administrator of the National Coffee Fund, including the national coffee policy. In addition, the ENTITY keeps the information necessary to comply with legal duties, mainly in accounting, corporate, and labor matters.
Information on customers, suppliers, partners and employees, current or past, is kept in order to facilitate , promote, allow or maintain labor, civil and commercial relations.
Information on coffee market actors is stored in order to comply with the activities of its object, particularly those related to development, planning and implementation of programs, projects, plans, policies, contracts or agreements necessary to promote coffee growing in Colombia.
Rights of the owners
In accordance with the provisions of article 8 of Law 1581 of 2012, holders may:
- Know, update and rectify your personal data against the ENTITY or the Managers. This right may be exercised, inter alia, against partial, inaccurate, incomplete, fractional, error-inducing data, or those whose Treatment is expressly prohibited or has not been authorized.
- Request proof of authorization granted to the ENTITY, except when expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of this law.
- Ser informed by the ENTITY or the Manager, upon request, regarding the use he has given to his personal data.
- Submit to the Superintendence of Industry and Commerce complaints for violations of the provisions of this law and the other regulations that modify, add or complement it.
- Revoke the authorization and / or request the deletion of the data when the Constitutional and legal principles, rights and guarantees are not respected in the Treatment. The revocation and / or deletion will proceed when the Superintendence of Industry and Commerce has determined that the ENTITY or the Person in Charge has incurred in conduct contrary to this law and the Constitution.
- Access free of charge to your personal data that have been subject to Treatment.
Obligations of the entity
The ENTITY shall:
– Guarantee to the Holder, at all times, the full and effective exercise of the right of habeasn data.
– Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the Owner.
– To duly inform the Holder about the purpose of the collection and the rights that they have by virtue of the authorization granted.
– Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
– Ensure that the information provided to the Manager is true, complete, accurate, up-to-date, verifiable and understandable.
– Update the information, communicating the Treatment Manager in a timely manner , all the news regarding the data that you have previously provided and take the other necessary measures so that the information provided to it is kept up to date.
– Rectifi Carry out the information when it is incorrect and communicate the pertinent to the Person in Charge.
– Provide the Person in Charge, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of this law.
– Require the Person in Charge in at all times, respect for the conditions of security and privacy of the information of the Holder.
– To process the queries and claims made in the terms indicated in this law.
– Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and especially for the attention of inquiries and complaints.
– Inform the Manager when certain information is under discussion by the Holder, once the claim has been submitted and has not finalized the respective procedure.
– Inform at the request of the Holder about the use given to their data;
– Inform the data protection authority when they appear security code and there are risks in the administration of the information of the Owners.
– Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
Person or responsible area
Person or responsible area
Any request, complaint or claim related to the handling of personal data, in accordance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, should be sent to:
Entity : National Federation of Coffee Growers of Colombia
Unit: Legal Department
Address: Calle 73 No. 8-13 Bogotá DC, Colombia
Email: datos.personales@cafedecolombia.com
Telephone: 3136600
Procedures for submitting and responding to queries
The holders of personal data contained in the ENTITY’s databases, or their successors, may consult the data provided by the information in the terms provided in the applicable legislation. Any request for consultation, correction, update or deletion must be submitted in writing or by email, according to the information contained in this document. Inquiries will be answered within ten (10) business days from the date of receipt of the respective request. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.
Procedures for submitting and responding to queries complaints and claims
Complaints must be made in writing or by email, according to the information contained in this document, and must contain at least the following information:
- Holder ID
- description of the facts that give rise to the claim
- holder’s address
- documentation that you want to present as evidence.
If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has given up the claim.
In the event that the person receiving the claim is not competent to resolve it, they will transfer it to the appropriate party within a maximum period of two (2) business days and inform the interested party of the situation.
Once the complete claim is received, a legend that says “claim in process” and the reason for it will be included in the database, in a term not exceeding two (2) business days. This legend must be maintained until the claim is decided.
The maximum term to handle the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.
Validity of the database
The Policies of Treatment of Personal Information of the ENTITY will be effective as of the twenty-seventh (27) of July 2013. The ENTITY reserves the right to modify them, in the terms and with the limitations provided by law. < br> The databases managed by the ENTITY will be maintained indefinitely, while developing its purpose, and as long as necessary to ensure compliance with legal obligations, particularly labor and accounting, but the data may be deleted at any time at the request of its owner, as long as this request does not contravene a legal obligation of the ENTITY or an obligation contained in a contract between the ENTITY and the Holder.