GLOBAL PRIVACY AND PERSONAL DATA PROCESSING POLICY - LAT ONE GROUP
Lat One Group, as responsible for the processing of personal data provided by the owners of the information at international level, in each of the offices where it is located and considering the right to privacy and the right to the protection of personal data as fundamental rights of the owners, is aware of the importance of the protection and safeguarding of the information and therefore defines and informs the owners of the following global policy of privacy and processing of personal data.
Lat One Group is currently composed of the following companies:
- LATITUDE MARKETING SOLUTIONS S.A.S in Colombia with identification Nit: 900.109.756-4
- GRUPO LAT ONE S.A. CV in Mexico with RFC ID GLO1708309V2
- GRUPO MARKETING LAT ONE S.R.L in Argentina with identification CUIT: 30-71569577.
- LATITUDE MARKETING SOLUTIONS SAC in Peru with RUC ID 20516503361
- LAT ONE INTERNATIONAL LLC in Miami EIN ID: 45-4832235
This policy applies to all information stored, managed or collected by Lat One Group that includes personal data of data subjects.
The provisions of the privacy and personal data processing policy must be complied with by Lat One Group, its directors, collaborators, contractors, employees and third parties with whom it has any relationship.
1. OBJECTIVE
With the implementation of the privacy policy and treatment of personal data, Lat One Group guarantees the protection of personal data contained in databases and/or files obtained in the development of its corporate purpose, in order to materialise the effectiveness of the right to privacy of information and other constitutional and legal guarantees recognised to the owners.
2. DEFINITIONS
a) Authorisation: Prior, express and informed consent of the Data Subject to carry out the Processing of personal data;
b) Privacy notice: verbal or written communication generated by the data controller, addressed to the data subject for the processing of his/her personal data, through which he/she is informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the processing of personal data.
c) Data Base: Organised set of personal data that is subject to processing;
d) Consent: Manifestation of the will of the data owner by means of which the processing of the data is carried out.
e) Personal data: Any piece of information linked to one or several determined or determinable persons or that may be associated with a natural or legal person. Personal data may be public, semi-private or private.
f) Sensitive data: Personal data revealing racial and ethnic origin, political opinions, religious, philosophical or moral convictions, trade union membership and information concerning health or sex life.
g) Data Processor: Natural or legal person, public or private, who by himself or in association with others, carries out the Processing of personal data on behalf of the Data Controller;
h) Habeas Data: Legal remedy available to any individual that allows access to an information bank or data registry that includes informative references about himself. The subject has the right to demand that part or all of the data be corrected in the event that they cause him/her any kind of damage or are erroneous.
i) Data Controller: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the Processing of the data;
j) Data Subject: Natural or legal person whose personal data are subject to Processing;
k) Processing: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
l) Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Controller of the Processing and is located within or outside the country.
m) Transmission: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when the purpose of the Processing is carried out by the Processor on behalf of the Controller.
3. ON THE PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
In order to achieve the objective of the privacy and personal data processing policy defined by Lat One Group, the following principles must be complied with:
a) Principle of legality
Lat One Group guarantees that the processing of the personal data of the owners will be carried out in accordance with the provisions of the corresponding laws and the provisions that develop them.
b) Principle of finality:
Lat One Group defines in the privacy policy and treatment of personal data, the purposes for collecting the information and makes them available for knowledge at all times by the owners of the information.
c) Principle of freedom:
Lat One Group guarantees that the processing of data subjects' data will only be carried out with the prior, express and informed consent of the data subject. Personal data will not be obtained or disclosed without prior authorisation, or in the absence of a legal or judicial mandate that relieves consent. It shall be understood that the data subject tacitly consents to the processing of his or her data when, having been provided with the privacy notice, he or she does not express his or her opposition.
Consent may be revoked at any time by the data subject.
d) Principle of truthfulness or quality:
Lat One Group undertakes to ensure that the information subject to processing is truthful, complete, accurate, up-to-date, verifiable and comprehensible. Likewise, it undertakes not to process partial, incomplete, fragmented or misleading data.
e) Principle of transparency:
Lat One Group guarantees that the holder can obtain the information subject to processing at any time and without restrictions.
In the event of the transfer of information, the owners shall be informed of the information to be transferred.
(f) Principle of restricted access and movement:
Lat One Group will only allow access to the holder's information with the prior consent of the holder, and in the event that the transfer of the information is required, it will inform about the corresponding purpose. Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the data subjects or authorised third parties in accordance with this law;
(g) Safety principle:
Lat One Group, as the party responsible for the processing of personal data, undertakes to adopt the technical, human and administrative measures necessary to ensure the security of the records, avoiding their adulteration, loss, consultation, unauthorised or fraudulent use or access. The obligation and responsibility of Lat One Group is limited to having the appropriate means for this purpose.
Lat One Group does not guarantee the total security of your information nor is it responsible for any consequences derived from technical failures or improper access by third parties to the database or file containing the personal data processed by Lat One Group and its agents.
Lat One Group shall require the service providers it contracts to adopt and comply with the appropriate technical, human and administrative measures for the protection of the Personal Data in relation to which these providers act as Processors.
(h) Principle of confidentiality:
Lat One Group guarantees that all persons involved in the processing of personal data that are not of a public nature will maintain appropriate confidentiality of the information even after the end of their relationship with any of the tasks involved in the processing.
4. INFORMATION OF THE CONTROLLER AND PROCESSOR
Name or Company Name: LAT ONE GROUP
Nit. 900.109.756-4
Address: Carrera 51 # 102 A 39. Carrera 51 # 102 A 39 Bogotá D.C, Colombia.
E-mail. dataprivacy@latonegroup.com
Website. https://latonegroup.com
5. ON THE PURPOSE OF THE PROCESSING OF PERSONAL DATA
Lat One Group, in the development of its corporate purpose and marketing and advertising activities, such as the provision of logistical services for the organisation, assembly and execution of events, needs to convene target audiences in accordance with the requirements of its customers, which requires the collection, storage, use and disposal of this data.
Lat One Group may collect, store, use, circulate, update, transfer, transmit, delete personal data, as appropriate, for administrative, financial, employment, commercial, promotional, informational, marketing and sales purposes.
Below is a list of the purposes for which Lat One Group processes the personal data of the owners of the information. Prior to the processing, authorisation is requested from the owner of the personal data, who must accept the processing of the same in an explicit, express, voluntary and unequivocal manner. The purposes of processing include the following:
a) Collect or gather personal data and incorporate and store them in our database.
b) Sort, catalogue, classify, divide or separate the information provided.
c) Use the data provided in communication campaigns, dissemination and promotion or offers of products, activities or services developed as part of internal company strategies.
d) Use them for internal administrative or commercial purposes such as: credit studies, preparation and presentation of quotations, commercial references of experience, market research, statistical analysis, conducting satisfaction surveys, offering or recognition of benefits of our loyalty programme and after-sales service.
e) Keep historical records of the company and maintain contact with the owners of the data.
f) Verify, check or validate the data provided.
g) Study and analyse the information provided for the monitoring and improvement of products, service and care.
h) Deliver the information collected to third parties with whom the company contracts the storage and administration of personal data, under the standards of security and confidentiality to which we are obliged.
i) Transfer personal data to any country or server in another country.
j) Communicate and allow access to personal data provided to third party providers of general support services and natural or legal persons shareholders of Latitude Marketing Solutions S.A.S.
k) Perform processes for the management of human talent and contractual management that advance the company.
l) Control and prevention of fraud.
m) Control and prevention of money laundering and terrorist financing.
n) Conclusion, execution and management of business proposals and contracts for the services provided.
o) The information provided by the Holder will not be used for illegal activities, and will also be handled with the technical, human and administrative measures necessary to ensure the Holder that the information will not be adulterated, lost, accessed without permission or used fraudulently.
p) Send communications via email or SMS, for informational or promotional purposes.
6. ON THE RIGHTS OF DATA SUBJECTS
Lat One Group, in accordance with the Law, informs the holder of the information of the rights to which he/she is entitled:
a) To know, update, rectify and, where appropriate, request the deletion of their personal data collected in any database of the data controller. This process must not generate any charge to the owner of the information.
b) To have access to the information subject to processing whenever required.
c) To request proof of the authorisation granted.
d) To be informed by Lat One Group or by the data processor regarding the processing of their information, upon request sent by the owner, their successors in title or legal representatives.
e) Submit queries and complaints to the person responsible or in charge of the processing of personal data.
f) Submit complaints to the SIC for breaches of the provisions of the law.
g) Revoke the authorisation and/or request the deletion of personal data.
h) Access their data free of charge.
Note: It is important to note that in some cases deletion of transaction data will not be possible as the company is legally obliged to keep a record of transactions in accordance with the law. We may refuse a request where to do so would undermine our legitimate use of the data for anti-fraud and security purposes.
7. ON DUTIES AS DATA CONTROLLERS
Lat One Group, as data controller, shall have the following duties, without prejudice to the other provisions set forth in the data protection laws and in other laws governing its activity:
a) Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data.
b) Carry out the processing of personal data only with the prior informed, express and unequivocal consent of the data subject.
c) Not collect personal data by fraudulent, unfair or unlawful means.
d) Not to use personal data processed for purposes other than those for which they were collected, unless the information is anonymised.
e) To request and keep, under secure conditions, a copy of the respective authorisation granted by the Data Subject.
f) To delete or complete the information processed when it is known to be inaccurate or incomplete. Similarly, to delete personal data when they are no longer necessary or relevant to the purpose of processing. In the event of not being able to delete the information, it will do so in accordance with the provisions of the laws of habeas data and will inform the holder of its decision.
g) Duly inform the Holder about the purpose of the collection and the rights to which he/she is entitled by virtue of the authorisation granted.
h) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorised or fraudulent use or access.
i) Ensure that the information provided to the Data Controller is truthful, complete, accurate, updated, verifiable and understandable.
j) Update the information, communicating in a timely manner to the Data Processor, all developments regarding the data previously provided and take other necessary measures to ensure that the information provided to it is kept up to date;
k) Rectify the information when it is incorrect and communicate the relevant information to the Data Processor.
l) Provide the Data Processor, as appropriate, only data whose processing is previously authorized.
m) Require the Data Processor at all times to respect the conditions of security and privacy of the Data Subject's information;
n) Process queries and claims made by the data subject.
o) Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the handling of queries and claims;
p) Inform the Data Processor when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed;
q) Inform the Data Subject upon request about the use given to his/her data.
r) Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the Data Subject's information.
s) Register the personal data bases before the competent body.
8. ON THE DUTIES AS PROCESSOR
Lat One Group, as data processor, shall have the following duties, without prejudice to the other provisions set forth in the data protection laws and other laws governing its activity:
a) Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data.
b) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorised or fraudulent use or access.
c) Update, rectify or delete data in a timely manner under the terms of this law.
d) Update the information reported by data controllers within five (5) working days of receipt.
e) Process queries and claims made by data subjects.
f) Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the handling of queries and claims by Data Subjects.
g) Refrain from circulating information that is being disputed by the Data Subject and whose blocking has been ordered by the corresponding legal regulatory body.
h) Allow access to the information only to those persons who may have access to it.
i) Inform the corresponding legal regulatory body when there are violations to the security codes and there are risks in the administration of the data subject's information.
j) Comply with the instructions and requirements issued by the regulatory bodies.
9. ON PERSONAL DATA OBTAINED FROM OTHER COMPANIES
Lat One Group may receive personal data from businesses, partners or third parties as a transfer and/or transmission. For these purposes, Lat One Group shall comply with the provisions of the relevant personal data protection laws, as shall the businesses, partners or third parties that share information with Lat One Group.
10. ON THE TRANSFER OF PERSONAL DATA BETWEEN COUNTRIES
Lat One Group 's services connect with different countries. To make this possible, personal data may be transferred or consulted by international entities.
Lat One Group as data controller and/or data processor will protect the rights of data subjects in international transfers to third countries, taking into account security standards and compliance with laws on the transfer of personal data between countries to help ensure data protection everywhere.
The responsibility for the processing of personal data may vary depending on the place where the data subject resides, making it known that the personal data, including sensitive data, currently or in the future contained in our databases, will be processed and/or used by: Lat One Group and/or our affiliated and/or subsidiary companies and/or those third parties who, by the nature of their work or functions have the need to process and/or use your personal data exclusively.
Lat One Group undertakes not to transfer personal data of any kind to countries or organisations that do not provide adequate levels of protection unless there is express and clear authorisation from the owner of the data.
11. THE PERSON OR AREA RESPONSIBLE FOR DEALING WITH REQUESTS, QUERIES AND CLAIMS BEFORE WHICH THE OWNER OF THE INFORMATION MAY EXERCISE HIS/HER RIGHTS TO KNOW, UPDATE, RECTIFY AND DELETE THE DATA AND/OR REVOKE THE AUTHORISATION.
In order for the holder of the information to be able to exercise their rights in accordance with the framework of international laws covering Lat One Group 's activity, a Data Privacy & Management area has been set up within the company. This area will be responsible for the attention of requests, queries and claims to any request made by the owners of the information.
12. PROCEDURE FOR DEALING WITH QUERIES AND COMPLAINTS (PQRS)
Lat One Group guarantees the right of consultation and claim of personal data, providing the owner of the data, their successors or legal representatives, with all the information related to the identification of the owner, contained in the company's databases.
The procedure is described below:
For all information request procedures, the data subject, his or her successors in title or legal representatives must submit the following information:
- Full name of the holder, assignee or legal representative.
- Address or means of communicating the response.
- Documents proving identity.
- Clear description of the request.
- Additional documents that support the identification of the information requested.
a) CONSULTATIONS
Data subjects may send a request to dataprivacy@latonegroup.com to consult their information.
If the request complies with the legal requirements and those required herein, the response will be sent to the address provided by the petitioner within a period of no more than ten (10) working days, counted from the date on which the request was filed. When it is not possible to respond to the request within this period, the holder, assignee or legal representative shall be informed of the reasons for the delay and the date on which it will be responded to, which in no case may exceed 5 working days following the expiry of the first period.
b) COMPLAINTS
When the owner of the personal data, their successors in title or legal representatives consider that the information should be corrected, updated, or partially or totally deleted, they shall proceed as follows:
- Submit the request to the e-mail address dataprivacy@latonegroup.com, supporting the reason for the claim and attaching the documentation that serves as proof.
- The response to the request will be made within a maximum period of fifteen (15) working days from the day following the date of receipt of the request. When it is not possible to respond to the claim within this period, the interested party will be informed of the reasons for the delay and the date on which the claim will be dealt with, which in no case may exceed eight (8) working days following the expiry of the first period.
- Lat One Group will rectify, and update information that is found to be inaccurate or incomplete and report as provided herein.
13. ON THE PROCESSING OF SENSITIVE DATA OR INFORMATION ON CHILDREN OR ADOLESCENTS
The Processing of Personal Data of a sensitive nature is prohibited, except with the express, prior and informed authorisation of the Data Subject. In this case, in addition to complying with the requirements established for authorisation, Lat One Group will inform the Data Subject:
- That, as it is sensitive data, he/she is not obliged to authorise its processing.
- Which of the data to be processed are sensitive and the purpose of the processing.
Additionally, Lat One Group will treat the sensitive data collected under security and confidentiality standards corresponding to its nature. For this purpose, Lat One Group has implemented administrative, technical and legal measures contained in its Policies and Procedures Manual, which are mandatory for its managers, employees and, as applicable, its suppliers, related companies and business partners.
In the case of collecting personal data of children or adolescents, Lat One Group will ensure that there is written, express and unequivocal authorisation from the guardian of the child or adolescent to carry out the respective processing of the information.
14. ACCEPTANCE OF THE POLICY
The holder of the personal data declares that he/she has read and accepts the present Privacy and Personal Data Processing Policy of Lat One Group. Likewise, the holders of personal data collected prior to the application of the laws may at any time request the deletion of their personal data and exercise their rights under the legal terms.
15. TERM AND DURATION
The present privacy and personal data treatment policy of Lat One Group is effective as of the date of its signature, and will be in force indefinitely or until substantial changes occur, which will be informed to the holders of the information.
