Skip to main content

POLICIES ON THE TREATMENT OF INFORMATION

Regulatory Framework.

The legal and constitutional framework (hereinafter the “Regulatory Framework”) under which the information processing policies of Mosquera Abogados S.A.S. (hereinafter the “Policies”) are governed is as follows:

  • Political Constitution of Colombia, Article 15.
  • Law 1266 of 2008.
  • Law 1581 of 2012.
  • Regulatory Decrees 1727 of 2009, 2952 of 2010 and 1377 of 2013.
  • Rulings of the Constitutional Court: C-1011 of 2008 and C-748 of 2011.
  • All those norms that modify or add to the laws and decrees listed herein.

Definitions.

For the purposes of this document, the definitions of the terms used shall be those included in the Regulatory Framework, especially Laws 1266 of 2008 and 1581 of 2012 and Decree 1377 of 2013, of which those expressly used in these Policies are included, as follows:

  • (i) Law 1266 of 2008 – Definitions:
    • Personal Data: It is any piece of information linked to one or several determined or determinable persons or that can be associated with a natural or legal person. Impersonal data are not subject to the data protection regime of Law 1266 of 2008. When Law 1266 of 2008 refers to data, it is presumed that it is for personal use. Personal data may be public, semi-private or private. For the purposes of these Policies, the Personal Data defined in Law 1266 of 2008 shall be referred to as “Personal Credit Data”, with the understanding that it includes financial, credit, commercial and service information, and information from third countries, with the scope given by the Constitutional Court in Ruling C-748 of 2011. Consequently, any Personal Credit Data will be exclusively any financial or commercial information intended to calculate the level of credit risk of the Data Subject.
    • Semi-private data: Semi-private data is data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of persons or to society in general, such as financial and credit data of commercial activity or services referred to in Title IV of Law 1266 of 2008.
    • Private Data: It is data that, due to its intimate or reserved nature, is only relevant to the Data Subject.
    • Financial, credit, commercial and service information, as well as information from third countries: For all purposes of Law 1266 of 2008 and the Policies, financial, credit, commercial, service and third country information shall be understood as information referring to the creation, execution and extinction of monetary obligations, regardless of the nature of the contract that gives rise to them.
  • (ii) Law 1581 of 2012 – Definitions:

    • Personal Data: Any information linked or that can be associated to one or several determined or determinable natural persons. For the purposes of these Policies, when reference is made to the term “Personal Data”, it shall be understood to refer exclusively to the personal data defined in Law 1581 of 2012, with the scope granted therein.
    • Data Processor: Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller.
    • Responsible for the treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the Database and/or the Processing of the data.
    • Treatment: Any operation or set of operations on Personal Data (Law 1581 of 2012), such as collection, storage, use, circulation, or deletion. For the purposes of these Policies, it shall be understood that Processing also includes the collection, capture, storage, use, circulation, transmission, transfer, or deletion of “Protected Information”, as this term is defined in Section III of this document.
  • (iii) Decree 1377 of 2013 – Definitions:
    • Sensitive Data: Sensitive data are understood as those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or those that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life, and biometric data.
    • Transfer: The transfer of data takes place when the Controller and/or the Processor of Personal Data, located in the Republic of Colombia, sends the information or Personal Data to a recipient, which in turn is the Controller and is located inside or outside the Republic of Colombia.
    • Transmission: Processing of Personal Data that involves the communication of such data within or outside the territory of the Republic of Colombia when the purpose of the Processing is carried out by the Data Processor on behalf of the Data Controller.

The above definitions established by Laws 1266 of 2008 and 1581 of 2012 and Decree 1377 of 2013 shall be applicable and shall have the scope granted to them in each regulation; consequently, for the purposes of their interpretation and application within the Policies, it is necessary to take into consideration the specific meaning and scope of each concept within the corresponding regulation. The Regulatory Framework is an integral part of the Policies, and in particular, Laws 1266 of 2008 and 1581 of 2012, together with Decree 1377 of 2013.

Other terms defined herein shall have the meanings assigned to them herein.

Policy Guiding Principles.

Mosquera Abogados S.A.S. (hereinafter “Mosquera Abogados”) and the companies affiliated to Mosquera Abogados by control links in Colombia or abroad (hereinafter the “Related Companies”), in the Processing of the information collected from its clients, users, employees, suppliers and subcontractors, and any other third party (hereinafter the “Data Subjects”), whether Personal Data and/or Credit Personal Data (hereinafter the “Protected Information”), respects the rights of each of these subjects, applying and guaranteeing the following guiding principles of the Policies:

a) Principle of Legality: In the Processing of Protected Information, the provisions in force and applicable, which govern the Processing thereof and other related fundamental rights, including the contractual provisions agreed by Mosquera Abogados with the Holders, as appropriate, shall be applied.

b) Principle of Liberty: The Processing of Personal Data and Personal Credit Data will only be carried out with the prior, express, and informed consent of the Data Subject. Personal Data and Credit Personal Data, which do not have the character of Public Data, may not be obtained or disclosed without prior authorization, or in the absence of legal, statutory, or judicial mandate that relieves consent.

c) Principle of Finality: The Processing of Protected Information that is not Public Data, to which Mosquera Abogados has access and which is collected and gathered by Mosquera Abogados, will be subordinated and will serve a legitimate purpose, which will be informed to the respective Owner of the Protected Information.

d) Principle of Truthfulness or Quality: The Protected Information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned, or misleading data is prohibited. Mosquera Abogados shall not be liable to the Holder when partial, incomplete, or fractioned or misleading data or information provided by the Holder is processed without the possibility of verification of its veracity or quality by Mosquera Abogados, or when such data or information has been provided or disclosed by the Holder declaring or guaranteeing, in any way, its veracity or quality.

e) Principle of Transparency: In the Processing of Protected Information, the right of the Data Subject to obtain from Mosquera Abogados, at any time and without restrictions, information about the existence of any type of Protected Information that is of interest (legal, judicial, or contractually justified) or ownership, shall be guaranteed.

f) Principle of Access and Restricted Circulation: The Protected Information shall not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable in order to provide restricted knowledge only to Mosquera Abogados, the Related Companies, the Holders or duly authorized third parties. For these purposes, the obligation of Mosquera Abogados will be of medium, as established in the current regulations.

g) Safety Principle: The Protected Information under the Policy subject to Treatment by Mosquera Abogados, will be subject to protection to the extent that technical resources and minimum standards allow it, through the adoption of technological protection measures, protocols, and administrative measures that are necessary to provide security to electronic records and repositories avoiding their adulteration, modification, loss, consultation, and in general against any unauthorized use or access.

h) Principle of Confidentiality: Each and every person at Mosquera Abogados who administers, manages, updates or has access to Protected Information that is not of a public nature, and is contained in Information Systems or databases of duly authorized third parties, undertakes to keep and maintain strictly confidential and not to disclose to third parties all or any of the personal, commercial, accounting, technical, commercial or any other type of information provided in the performance and exercise of their duties.

Mosquera Abogados and its Related Companies may use the following information systems and databases owned by Mosquera Abogados and/or its Related Companies (hereinafter the “Information Systems”) for the Processing of Protected Information.

i) Principle of Timeliness of Information: In the case of Personal Credit Data, the same will not be provided to users or third parties when they cease to serve the purpose of the corresponding database.

Scope of the Policies.

The present Policies shall have the same scope of application enshrined in the legal norms that are part of the Regulatory Framework, and shall be extended to regulate and enshrine the general and comprehensive policies for the Treatment of Protected Information by Mosquera Abogados.

Consequently, they shall be applicable to all operations carried out by Mosquera Abogados in Colombia, safeguarding the eventual use or Processing of the Protected Information carried out, in compliance with the legal requirements, by the Related Companies.

In the event that any of the Related Companies has access to or carries out the legitimate and authorized Processing of Protected Information of the Holders, notwithstanding the provisions of Section XI, the provisions of Section III and V, as applicable, shall be guaranteed. Mosquera Abogados shall be solely responsible for ensuring compliance with these Policies by its Related Companies.

Rights of Owners.

The Holders shall have the rights set forth in the Regulatory Framework and in the contracts entered into with Mosquera Abogados, as applicable, taking into consideration the Protected Information subject to Processing by Mosquera Abogados and/or its Related Companies.

The Data Controllers of which the Processing of Personal Data is carried out shall specifically have the rights provided by Law 1581 of 2012, specifically but not limited to those described in Article 8, and all those rules that regulate, add, or complement it.

The Data Controllers of which the Processing of Credit Personal Data is carried out shall specifically have the rights provided by Law 1266 of 2008, specifically but not limited to those described in Article 6, and all those rules that regulate, add, or complement it.

For the purpose of interpreting the laws and decrees issued in this area, the rulings of the Constitutional Court of Colombia will be used as a parameter of legal and constitutional interpretation. The rights of the Holders shall be interpreted in harmony and in balance with the right to information provided for in Article 20 of the Political Constitution of Colombia and with the other applicable constitutional rights.

For all Protected Information, which is collected by Mosquera Abogados and/or its Related Companies, and which does not have the character of: (i) Private or semi-private Personal Data; and (ii) Private or semi-private Personal Credit Data, the rights of the Holders shall only be those established and agreed contractually with Mosquera Abogados. In any case, Mosquera Abogados will guarantee the security and confidentiality of this information when it is subject to it and the guiding principles of the applicable Policies.

In the case of information or data of a public nature, Mosquera Abogados shall guarantee the veracity and quality of the information that holds this quality and that is stored in the Information Systems.

General Duty of Mosquera Abogados in the Treatment of Information.

Mosquera Abogados, in general, and in accordance with the Regulatory Framework, the legal rules that regulate its legal relations with the Holders, and especially, the specific obligations it assumes towards the Holders, has as a general duty in the Processing of Protected Information to respect and guarantee at all times the rights of the Holders, ensuring, when applicable and according to the nature of the information used, the confidentiality, reserve, security and integrity of the same.

Special Duties of Mosquera Abogados in its capacity as Responsible for the Processing of Personal Data and Credit Personal Data.

The following shall be, among others, special duties of Mosquera Abogados, when acting as Controller of Personal Data and Credit Personal Data:

  • Guarantee to the Data Subject, at all times, the full and effective exercise of the right of habeas data.
  • Request and keep a copy of the respective authorization granted by the Data Subject, when dealing with Personal Data and private or semi-private Personal Credit Data.
  • Duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
  • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
  • Ensure that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.
  • Update the information, communicating in a timely manner to the Data Processor, all developments regarding the data previously provided and take other necessary measures to ensure that the information provided to it is kept up to date.
  • Rectify the information when it is incorrect and communicate the pertinent to the Data Processor.
  • To provide to the Data Processor, as the case may be, only data whose Processing is previously authorized.
  • To require the Data Processor at all times to respect the security and privacy conditions of the Data Subject’s information.
  • Handle inquiries and claims formulated.
  • Inform the Data Processor when certain information is under discussion by the Data Subject once the claim has been filed and the respective process has not been completed.
  • Inform upon request of the Data Subject about the use given to their data.
  • Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Holders.

Authorizations, Consent and Means.

The Processing of Personal Data and private or semi-private Personal Credit Data by Mosquera Abogados and/or its Related Companies requires the free, prior, express, and informed consent of the Data Subject. Mosquera Abogados will at all times leave a record of the authorization given by the Holder, through the appropriate means that guarantee that it was given in an express, free, prior, and informed manner.

The aims and purposes of the Processing of Personal Data and private or semi-private Personal Credit Data shall always be clearly and expressly established in those suitable means through which Mosquera Abogados requires the authorization of the Data Controllers. Mosquera Abogados will not use the Personal Data and private or semi-private Personal Credit Data for purposes other than those expressly authorized by the Data Controllers.

These Policies may be modified and added to from time to time, in compliance with the requirements established by the corresponding legal norms. The duly updated Policies, indicating the date of update, will be published in a timely manner on the Mosquera Abogados website.

Mosquera Abogados, under the Regulatory Framework, shall not be obliged to delete from its Information Systems the Protected Information, for which the Holder has a legal or contractual duty with Mosquera Abogados and/or the Related Companies to remain in the Information Systems.

Purpose of Processing:

Mosquera Abogados, as the party responsible for the processing of personal data, will do so for the purposes indicated below:

  • Attend to customers and other parties with whom we have any kind of relationship.
  • Promote and offer your services.
  • Facilitate communication.
  • Conduct credit and debt capacity studies.
  • Make information reports to CIFIN.
  • Compliance with legal and/or contractual obligations.
  • Market research.
  • For other purposes such as product development and improvement, commercial and promotional initiatives, data updates, identification and prevention of fraud and criminal activity.

Data processing by Mosquera Abogados and its staff:

Mosquera Abogados collects, stores, and uses personal information only for the defined commercial and administrative purposes, and in order to support and improve its relationship with the different stakeholders. Mosquera Abogados employees are responsible for the correct use, storage, and transmission of personal data. Such information may not be used for personal gain or disclosed to any other person. The information will continue to be considered confidential even after the employee has left the company, and as such may never be disclosed to third parties or used for personal or third-party interests.

Information Security.

In development of the Security Principle established in the current regulations and in accordance with the legal obligations that Mosquera Abogados has, the company will adopt the technological, operational, and administrative measures that are necessary to provide security to the records and Protected Information of the Owners, avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.

Sensitive Data and Information.

In the event that Mosquera Abogados, in the exercise of its own activities, must carry out the Processing of Sensitive Data, it shall comply with the guidelines established in the Regulatory Framework.

Use and International Transfer of Protected Information by Mosquera Abogados.

In the event that Mosquera Abogados, in the exercise of its own activities, uses or transfers Protected Information internationally, it shall ensure compliance with the applicable principles set forth in Section III of these Policies.

When it comes to the transfer of Personal Data, Mosquera Abogados shall comply with the provisions of Law 1581 of 2012, especially Article 26, and other rules that modify, add, or complement it.

Specifically, Mosquera Abogados, in the ordinary course of its business with suppliers and clients, and in its relationship with its direct employees in Colombia, may incorporate the Protected Information within the Information Systems. Mosquera Abogados, as Data Controller, guarantees that the Information Systems fully comply with the Policies and the Regulatory Framework, and consequently, guarantees that any Data Subject may: (i) know at any time the information contained in the Information Systems; (ii) request the updating or rectification of the data incorporated therein; and (iii) request, except in those events provided for in Section VIII of the Policies, the deletion of their data by notifying Mosquera Abogados, for which the procedure set forth in Section XIII of this document shall be followed.

Attention to Claims and Consultations.

The Data Subject or his/her assignees who consider that the Protected Information contained in an Information System, or in a database, should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the Regulatory Framework, may submit a claim or request to Mosquera Abogados, sending it in the first instance through the following email address enabled for this purpose by Mosquera Abogados: [email protected] (hereinafter the “Authorized Email”). In order to proceed with any request, it is important that the Holder completes the Claims and Inquiries Form (hereinafter the “Form”), which is available at the offices of Mosquera Abogados and sends it scanned to the Authorized Email or in physical form to the offices of Mosquera Abogados at the following address: Cra 7 N. 71 – 21, Torre A, 6th Floor, Bogota, Colombia, to the attention of the Legal Representative.

Mosquera Abogados will attend and respond to the claims or requests of the Holders within the terms and periods established for such purpose by the Regulatory Framework.

Information of the Person Responsible for the Processing of Protected Information.

For all legal purposes, the Controller of the Protected Information shall be:

Mosquera Abogados S.A.S.
NIT. 860.056.098-2
Teléfono: +57 1 317 3040
Dirección: Cra 7 N. 71 – 21, Torre A, Piso 6. Bogotá, Colombia.
Área Responsable: Representante Legal
Correo Electrónico Autorizado: [email protected]
Página web: http://mosquera-abogados.com/es/inicio/

The Holder, notwithstanding the foregoing, and in the event that his request or claim has not been attended by Mosquera Abogados, may in any case subsequently resort to a second instance, before the Superintendence of Industry and Commerce (www.sic.gov.co). In such event, the nature of the Protected Information shall be taken into consideration for the filing of the claim before the Superintendence of Industry and Commerce, being appropriate when such information: (i) does not have the character of public information or is Public Data, and (ii) Mosquera Abogados is in violation of the principles applicable to public information or Public Data.

 Term

This Policy is effective as of December 2012 and the databases subject to processing will remain in force as long as it is necessary for the purposes established for each of them.

This site is registered on wpml.org as a development site.