Goiânia +55 (62) 99328 6605
Santiago de Chile +56 (2) 240 533 89
Microsyslabs S.A.S, identified with NIT 900663379-5, with main address at Carrera 30 # 4A – 45 Ed. Forever W&L, Medellín, Colombia; website: www.wolkvox.com, email: [email protected], phone: +57 (604) 322 98 80, has appointed the Risk Leader in Information Security and Continuity as the role responsible for enforcing the regulations and these policies for the processing of personal data.
To establish the criteria for Microsyslabs S.A.S as the data controller to collect, store, use, circulate, transfer, update, and delete information of the authorized data provided by the data subjects and for the purposes established by the entity.
The Policy for the Treatment of Personal Data was prepared in accordance with the provisions of articles 15 and 20 of the Political Constitution of Colombia, Law 1581 of 2012, Regulatory Decree 1377 of 2013, and other complementary provisions. It will be applied by Microsyslabs regarding the collection, storage, use, circulation, deletion, and all other activities that constitute the processing of personal data.
This Policy for Personal Data Processing is directed to active and inactive personnel of Microsyslabs, contractors, clients, and other individuals who have had any type of relationship with Microsyslabs and whose personal data is included in the Company’s Databases.
This policy is mandatory for Microsyslabs as the data controller, as well as for the processors who process personal data on behalf of the company, in accordance with the obligations established in Law 1581 of 2012, Title IV, articles 17 and 18.
For the purpose of understanding this policy and in accordance with legal regulations, the following definitions, contained in Law 1581 of 2012, will be applicable: “Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.”
For the understanding of terms not included in the previous list, you must refer to the current legislation, especially Law 1581 of 2012 and Decree 1377 of 2013, interpreting the terms whose definition is in doubt according to the meaning used in said regulations.
For the purpose of guaranteeing the protection of personal and sensitive data, Microsyslabs will apply in a harmonious and comprehensive manner the guiding principles of Law 1581 of 2012:
PARAGRAPH: The Data Subject may refuse to authorize the processing of their sensitive, personal, and semi-private data.
PRIOR AND/OR AT THE TIME OF COLLECTING PERSONAL DATA, Microsyslabs will request authorization from the data subject to collect and process their data. This authorization should be obtained through any means or mechanism, including electronic ones, that may be subject to subsequent consultation, all in accordance with the law.
In compliance with the principles of purpose and freedom, data collection shall be limited to relevant and adequate personal data for the purposes for which they are collected or required, as stipulated by current regulations and stated in this policy. Except in cases expressly provided for by law, personal data shall not be collected without the data subject’s authorization.
PARAGRAPH 1: The data subject’s authorization will not be necessary according to the causes established in Article 10 of Law 1581 of 2012.
PARAGRAPH 2: The data subject may request from Microsyslabs, as the data controller, the deletion of their personal data and/or revoke the authorization granted for their processing, at any time. To do so, the channels enabled in Section 18 of this Policy may be used.
Microsyslabs may process personal, private, and/or sensitive data for the following purposes, as well as those expressed in the law:
• Execution of contractual relationships with clients and suppliers, including national and international business management, purchasing, sales, historical data storage, offering new or improved products and services, and customer loyalty strategies.
• Execution of contractual relationships with employees, including personnel management, schedule control, employee training, payroll, temporary work management, occupational risk prevention, job promotion and management, employee selection, storage of images and diagnostic exams, declaration and payment of social security contributions, inspection and control of safety and social protection.
• Verification of judicial records, Contraloría and Procuraduría certifications, Simit, Clinton List, job references, and study certificates.
• Provision and information about services, new products, or changes in them requested by users.
• Evaluation of product and service quality.
• Sending commercial, advertising, or promotional information about products, services, events, or promotions by physical mail, email, cellphone, text messages (SMS and/or MMS), or any other analog or digital communication means created or to be created, aimed at promoting, inviting, directing, executing, informing, and, in general, conducting commercial or advertising campaigns, promotions, or contests conducted by Microsyslabs and/or third parties.
• Data marketing.
• Management of cultural, recreational, sports, social, educational, training, and similar events, as well as associated certification processes.
• Customer/citizen support (PQR management).
• Internal statistics and decision-making support systems, sociological and opinion surveys, profile analysis, and advertising.
• Provision of communication services.
• Marketing, e-commerce, and publications.
• Document entry and exit records.
• Development of accounting, fiscal, administrative, and economic management, inventory control, collections, payments, billing, and attention to judicial or administrative authority requirements.
• Public debt management, treasury, tax management, and collection.
• Judicial procedures.
• Security and access control to Microsyslabs facilities.
• Promotion and prevention programs.
• Data update campaigns and information on changes in the processing of personal data.
• Custody and management of information and databases.
• Data and reference verification, legal, technical, and/or financial requirements.
• Information systems administration, key management, user administration, etc.
• Sending information to data subjects related to the organization’s corporate purpose.
• Sharing, sending, or delivering personal data to Microsyslabs’ subsidiary, affiliated, or subsidiary companies located in Colombia or any other country when such companies require the information for the purposes stated here.
The policy and procedures contained in this document extend to the various areas that make up the company and are part of the processing of personal data and apply to the databases and/or files that contain digital or physical personal and/or sensitive data, making them subject to processing.
Data subjects themselves or through their representative and/or legal proxy or their heirs may exercise the following rights concerning their personal data that are subject to processing by Microsyslabs, in accordance with Article 8 of Law 1581 of 2012:
PARAGRAPH: In accordance with Article 20 of Decree 1377 of 2013, which partially regulates Law 1581 of 2012, the rights of data subjects established in the Law may be exercised by the following persons: [Not provided in the original text]
TREATMENT: Microsyslabs is obligated to comply with the duties established in Law 1581 of 2012 for data controllers and data processors, as well as any other duties imposed by the law. Accordingly, the following obligations must be met:
A. Duties as Data Controller, Article 17 of Law 1581 of 2012:
B. Duties as Data Processor, Article 18 of Law 1581 of 2012:
FIRST PARAGRAPH: If data processing is performed on behalf of another entity or organization (Data Controller), it must be established that the Data Controller is authorized to provide the personal data that will be processed as a data processor.
SECOND PARAGRAPH: If data processing is carried out through an external data processor, it shall be considered a Personal Data Transmission relationship, for which the scope of data processing, as well as the activities to be carried out by the data processor on behalf of the Data Controller and the obligations with the Data Subject and Data Controller, must be indicated.
In accordance with the content of Article 25 of Decree 1377 of 2013, “the data processor shall undertake to comply with the obligations of the Data Controller under the Data Processing Policy established by the latter and to carry out data processing according to the purposes authorized by the Data Subjects and applicable laws.”
In accordance with the content of Article 4 of Decree 1377 of 2013, the collection of personal data will be limited to those that are relevant and appropriate for the purposes established by Microsyslabs or the current regulations.
Microsyslabs may collect data, after obtaining the Authorization from the Owner:
The personal data provided by the information owner for the purposes stated here will not be sold, licensed, transmitted, transferred, or disclosed, except when:
Microsyslabs may subcontract third parties for the processing of certain functions or information. Therefore, when personal information is provided to third-party service providers, Microsyslabs will notify these third parties about the need to protect such personal information with appropriate security measures. Furthermore, Microsyslabs will prohibit the use of the information for their own purposes and its disclosure to others, except in cases where there is explicit authorization from the owner.
The Company acknowledges that its employees and shareholders have the right to expect a reasonable level of privacy, taking into account their responsibilities, rights, and obligations with the company.
In the related information, sensitive data may be found in accordance with Law 1581 of 2012 and Decree 1377 of 2013, regarding which the Owner has the rights established in the aforementioned regulations and any additional, substitute, or modifying regulations.
As part of the relationship established between the data subject and the Company, the following information will be collected, stored, used, and transferred to companies located within and outside Colombia. Such personal data and information include, among others:
A. From Customers and Suppliers:
B. From Employees:
C. From Shareholders:
In the event that Microsyslabs is unable to provide the data subject with this information processing policy, a privacy notice will be published, and its text will be kept for future reference by the data subject and/or the Superintendence of Industry and Commerce, on the website www.wolkvox.com and on the bulletin boards at Microsyslabs’ premises.
Microsyslabs may only collect, store, use, or disclose personal data for a reasonable and necessary period, according to the purposes that justified the processing, taking into account the applicable provisions regarding the subject matter and the administrative, accounting, fiscal, legal, and historical aspects of the information. Once the purposes of the processing have been fulfilled, and without prejudice to legal provisions stating otherwise, Microsyslabs will proceed to delete the personal data in its possession. However, personal data must be retained when required for compliance with a legal or contractual obligation.
The areas responsible for the processing of data, according to their objective and scope, will be in charge of addressing the requests, complaints, and claims made by the data subject in the exercise of the rights contemplated in item 10 of this policy. This service will be subject to the procedure outlined in item 18 of this policy.
THE PROCEDURE FOR EXERCISING THE RIGHT OF HABEAS DATA:
The data subject or their representative may submit their request, complaint, or claim from Monday to Friday, from 7:00 a.m. to 6:00 p.m., to the email address or [email protected], call the Microsyslabs helpline in Medellin at +57(604)322-98-80, and in Bogotá at +57(601) 381-9040, or submit it in person at the physical address in Medellín: Carrera 30 # 4A – 45 Ed. Forever W&L, Bogotá Carrera 17 # 89 – 31 Of. 503 Ed. Gaia Rincón del Chicó, or through the website www.wolkvox.com.
The request, complaint, or claim must include:
If the claim is incomplete, the interested party will be required to remedy the deficiencies within five (5) days following the receipt of the claim.
After two (2) months from the date of the request, if the claimant has not provided the requested information, it will be understood that they have withdrawn the claim.
If the recipient of the claim is not competent to resolve it, they will forward it to the appropriate authority within a maximum term of two (2) business days and inform the interested party of the situation.
Once the complete claim is received, a note will be included in the corresponding database stating “claim under process” and the reason for it, within a term not exceeding two (2) business days. This note will be kept until the claim is resolved.
The maximum term to address the claim will be fifteen (15) business days from the day following its receipt. If it is not possible to address the claim within this term, the interested party will be informed of the reasons for the delay and the date when their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial term.
The data subject may request Microsyslabs, as the Data Controller, at any time to delete their personal data and/or revoke the authorization they have granted for the processing of such data by submitting a claim, in accordance with Article 15 of Law 1581 of 2012.
However, it is important to note that your request for data deletion and revocation of authorization will not be granted when, as the data subject, you have a legal or contractual obligation to remain in Microsyslabs’ database.
The mechanisms provided by Microsyslabs, easily accessible and free of charge, for the data subject to submit the request for data deletion or revocation of the granted authorization, are those outlined in Item 18 of this Policy.
If, after the term established in Item 18, Microsyslabs, as the Data Controller, fails to delete your personal data from its databases, you will have the right to request the Superintendence of Industry and Commerce to order the revocation of the authorization and/or the deletion of your personal data. For these purposes, the procedure described in Article 22 of Law 1581 of 2012 will be applied.
In accordance with the provisions of numeral 3 of article 10 of Regulatory Decree 1377 of 2013, Microsyslabs will proceed to publish a notice addressed to the holders of personal data in order to make known the present information processing policy and the way to exercise their rights as holders of personal data hosted in Microsyslabs’ databases, through the website www.wolkvox.com.
The Personal and Sensitive Data Handling Policy (Habeas Data) was created and published on April 3, 2019.
Any changes that may occur regarding this policy will be communicated through the website www.microsyslabs.com or the email address [email protected], or for those who request the information directly at the locations in Medellín: Carrera 30 # 4A – 45 Ed. Forever W&L, Bogotá Carrera 17 # 89 – 31 Office. 503 Ed. Gaia Rincón del Chicó.