Last review date: 10 December 2024

☒   the identity and the contact details of the controller and, where applicable, of the controller's representative
☒   the contact details of the data protection officer, where applicable
☒   the purposes of the processing for which the personal data is intended
☒   the legal basis for the processing
☒   the categories of personal data concerned
☒   the recipients or categories of recipients of the personal data, if any
☒   information regarding data transfers to third countries, where applicable, and reference to appropriate or suitable safeguards and the means by which by to obtain a copy of them or where they have been made available
☒   the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period
☒   the existence of data subjects' rights, such as the right to access, rectification, erasure, data portability, etc.
☒   the existence of the right to withdraw consent if processing is based on consent
☒   the security provided to the data
☒   the right to lodge a complaint with a supervisory authority
☒  other

According to the applicable laws in Colombia, a privacy notice can (as it is optional) be used by a data controller in Colombia to inform data subjects of the existence of the privacy policy. A privacy notice is not mandatory, but it can be used to inform data subjects that the privacy policy exists.

A privacy notice (optional and different to the privacy policy) should include the following information according to applicable laws:

• Name of the data controller and contact information
• Indicate data processing and purpose
• The rights of the data subject according to applicable laws
• Mechanisms to have access to the privacy policy and to be informed of any significant changes made to such policy

The privacy policy is mandatory and must include the following to fulfill local law requirements:

• Name, domicile, address, email and phone number of the data controller
• Indicate data processing and purpose when this has not been previously informed to the client through a privacy notice
• The rights of the data subject according to applicable laws in Colombia
• Indicate an area within the company or a specific person appointed as a privacy officer
• Procedures for the data subject to exercise their rights to update, rectify, delete personal data and revoke consent for its processing
• Effective date of the privacy policy and term of the database

Last review date: 10 December 2024

Yes.

Data subjects have the following data privacy rights, although the specifics of the scope and conditions for each of these vary depending on the circumstances and local law:

☒   right to access the data subject’s own personal data
☒   right to rectify/correct the data subject’s own personal data where inaccurate or incomplete
☒   right to erasure of personal data
☒   right to restrict data processing
☒   right to object to the processing of personal data
☒   right to withdraw consent
☒   other: Right to file complaints before the Data Protection Authority

Last review date: 10 December 2024

There are accountability and governance requirements to:

☒   take privacy by default and design measures for all processing of personal data
☒   implement appropriate measures to comply with data privacy and security
☒   demonstrate compliance with data privacy and security
☒   identify a specific individual as the data privacy contact for data subject or data protection authority inquiries