GLOBAL PRIVACY AND PERSONAL DATA PROCESSING POLICY
Lat One Group, as responsible for the processing of personal data provided by the owners of the information at international level, in each of the offices where it is located and considering the right to privacy and the right to the protection of personal data as fundamental rights of the owners, is aware of the importance of the protection and safeguarding of the information and therefore defines and informs the owners of the following global policy of privacy and processing of personal data.
Lat One Group is currently comprised of the following companies:
- LATITUDE MARKETING SOLUTIONS S.A.S in Colombia with identification Nit: 900.109.756-4
- GRUPO LAT ONE S.A. CV in Mexico with RFC ID GLO1708309V2
- GRUPO MARKETING LAT ONE S.R.L in Argentina with CUIT ID: 30-71569577.
- LATITUDE MARKETING SOLUTIONS SAC in Peru with identification RUC 20516503361
- LAT ONE INTERNACIONAL LLC in Miami with EIN ID: 45-4832235
This policy is applicable to all information stored, managed or collected by Lat One Group where personal data of owners are included.
The provisions of the privacy policy and treatment of personal data is mandatory for Lat One Group, its directors, collaborators, contractors, employees and third parties with whom it has any link.
1. OBJECTIVE
With the implementation of the privacy policy and treatment of personal data, Lat One Group guarantees the protection of personal data contained in databases and/or files obtained in the development of its corporate purpose, in order to materialize the effectiveness of the right to privacy of information and other constitutional and legal guarantees recognized to the owners.
2. DEFINITIONS
a) Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of personal data;
b) Privacy Notice: verbal or written communication generated by the responsible party, addressed to the Data Subject for the processing of his/her personal data, through which he/she is informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the processing intended for the personal data.
c) Data Base: Organized set of personal data that is subject to processing;
d) Consent: Manifestation of the will of the owner of the data through which the processing of the same is carried out.
e) Personal data: Any piece of information linked to one or more persons determined or determinable or that can be associated with a natural or legal person. Personal data may be public, semi-private or private.
f) Sensitive data: Personal data revealing racial and ethnic origin, political opinions, religious, philosophical or moral convictions, union membership and information concerning health or sex life.
g) Data Processor: Natural or legal person, public or private, who by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller;
h) Habeas Data: legal remedy available to any individual that allows access to an information bank or data registry that includes informative references about himself/herself. The subject has the right to demand that part or all of the data be corrected in the event that they cause him/her any kind of damage or are erroneous.
i) Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data;
j) Data Subject: Natural or legal person whose personal data are subject to processing;
k) Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
l) Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is the Data Controller and is located inside or outside the country.
m) Transmission: Processing of personal data that involves the communication of the same inside or outside the territory of the Republic of Colombia when the purpose of the Processing is carried out by the Processor on behalf of the Controller.
3. ON THE PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
In order to achieve the objective of the privacy and personal data treatment policy defined by Lat One Group, the following principles must be complied with:
a) Principle of legality
Lat One Group guarantees that the treatment made to the personal data of the holders will be made in accordance with the provisions of the corresponding laws and in the dispositions that develop them.
b) Principle of finality:
Lat One Group defines in the privacy policy and treatment of personal data, the purposes of information collection and makes them available for knowledge at all times by the owners of the information.
c) Principle of freedom:
Lat One Group guarantees that the treatment of the data of the holders will only be exercised with the prior, express and informed consent of the Holder. The personal data will not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent. It will be understood that the holder tacitly consents to the processing of his data, when the privacy notice has been made available to him and he does not express his opposition.
Consent may be revoked at any time by the data subject.
d) Principle of truthfulness or quality:
Lat One Group is committed to that the information subject to Treatment is truthful, complete, exact, updated, verifiable and understandable. In the same way it commits itself not to carry out the treatment of partial, incomplete, fractioned or misleading data.
e) Principle of transparency:
Lat One Group guarantees that the holder can obtain the information subject to treatment at any time and without restrictions.
In case of transferring the information, the holders will be informed about the information to be transferred.
(f) Principle of restricted access and movement:
Lat One Group will only allow access to the holder's information, with the prior consent of the holder and in case the information is required to be transferred, it will inform about the corresponding purpose. Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties in accordance with this law;
(g) Safety principle:
Lat One Group as responsible for the treatment of personal data is committed to adopt the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. The obligation and responsibility of Lat One Group, is limited to have the appropriate means for this purpose.
Lat One Group, does not guarantee the total security of your information nor is responsible for any consequence derived from technical failures or the undue entrance on the part of third parties to the Database or file in which the personal data object of treatment on the part of Lat One Group, and its Agents, rest.
Lat One Group shall require the service providers it contracts to adopt and comply with the appropriate technical, human and administrative measures for the protection of the Personal Data in relation to which these providers act as Processors.
(h) Principle of confidentiality:
Lat One Group guarantees that all the people who intervene in the treatment of personal data that do not have the nature of public keep adequate reserve of the information even after the end of their relationship with any of the tasks included in the treatment.
4. INFORMATION OF THE CONTROLLER AND PROCESSOR
Name or Company Name: LAT ONE GROUP
Nit. 900.109.756-4 Address. Cra. 59 #152-25 P3 OF 418 - Bogotá D.C, Colombia.
E-mail. dataprivacy@latonegroup.com
Website. https://latonegroup.com
5. ON THE PURPOSE OF THE PROCESSING OF PERSONAL DATA
Lat One Group, in the development of its corporate purpose and marketing and advertising activities, such as the provision of logistical services for the organisation, assembly and execution of events, needs to convene target audiences in accordance with the requirements of its customers, which requires the collection, storage, use and disposal of this data.
Lat One Group may collect, store, use, circulate, update, transfer, transmit, delete personal data, as the case may be, for administrative, financial, labor, commercial, promotional, informational, marketing and sales purposes.
The purposes for which Lat One Group processes the personal data of the owners of the information are listed below. Prior to the treatment, the authorization is requested to the holder of the personal data, who must accept the treatment of the same in an explicit, express, voluntary and unequivocal way. The purposes of processing include the following:
a) Collect or gather personal data and incorporate and store them in our database.
b) Order, catalog, classify, divide or separate the information provided.
c) Use the data provided in communication campaigns, disclosure and promotion or offers of products, activities or services developed as part of internal strategies of the company.
d) Use them for internal administrative or commercial purposes such as: credit studies, preparation and presentation of quotations, commercial references of experience, market research, statistical analysis, conducting satisfaction surveys, offering or recognition of benefits of our loyalty program and after-sales service.
e) Keep historical records of the company and maintain contact with the owners of the data.
f) Verify, check or validate the data provided.
g) Study and analyze the information provided for monitoring and improvement of products, service and care.
h) Deliver the information collected to third parties with whom the company contracts the storage and administration of personal data, under the standards of security and confidentiality to which we are obliged.
i) Transfer personal data to any country or server in another country.
j) Communicate and allow access to personal data provided to third party providers of general support services and natural or legal persons shareholders of Latitude Marketing Solutions S.A.S.
k) Perform processes for the management of human talent and contractual management that advance the company.
l) Control and prevention of fraud.
m) Control and prevention of money laundering and financing of terrorism.
n) Conclusion, execution and management of business proposals and contracts for services rendered.
o) The information provided by the Holder will not be used for illegal activities, and will be handled with the technical, human and administrative measures necessary to guarantee the Holder that the information will not be adulterated, lost, consulted without permission or used fraudulently.
p) Send communications via email or SMS, for informational or promotional purposes.
6. ON THE RIGHTS OF DATA SUBJECTS
Lat One Group in development of the Law informs to the holder of the information the rights that assist him:
a) To know, update, rectify and, where appropriate, request the deletion of their personal data collected in any database of the data controller. This process should not generate any charge to the holder of the information.
b) To have access to the information object of treatment at the moment he/she requires it.
c) To request proof of the authorization granted.
d) To be informed by Lat One Group or by the person in charge of the treatment regarding the treatment of his/her information, previous request sent by the holder, his/her assignees or legal representatives.
e) To present consultations and claims before the person in charge or in charge of the treatment of the personal data.
f) To present before the SIC complaints for infractions to the arranged thing in the law.
g) To revoke the authorization and/or to request the suppression of the personal data.
h) To accede in free form to its data.
Note: It is important to note that in some cases deletion of transaction data will not be possible as the company is legally obliged to keep a record of transactions in accordance with the law. We may refuse a request where to do so would undermine our legitimate use of the data for anti-fraud and security purposes.
7. ON DUTIES AS DATA CONTROLLERS
Lat One Group as responsible for the treatment will have the following duties, without prejudice of the other dispositions foreseen in the laws of habeas data and in others that govern its activity:
a) Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data.
b) Carry out the processing of personal data, only with the prior informed, express and unequivocal consent of the holder.
c) Not to collect personal data by fraudulent, unfair or unlawful means.
d) Not to use personal data processed for purposes other than those for which they were collected, unless the information is anonymized.
e) To request and keep, under secure conditions, a copy of the respective authorization granted by the Data Subject.
f) To delete or complete the information processed when it is known that it is inaccurate or incomplete. Likewise, to delete personal data when they are no longer necessary or relevant to the purpose of processing. In case of not being able to delete the information, it will do so in accordance with the provisions of the laws of habeas data and will inform the holder of its decision.
g) Duly inform the Holder about the purpose of the collection and the rights they have by virtue of the authorization granted.
h) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
i) Guarantee that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.
j) Update the information, communicating in a timely manner to the Data Processor, all developments regarding the data previously provided and take other necessary measures to keep the information provided to it updated;
k) Rectify the information when it is incorrect and communicate the relevant information to the Data Processor.
l) To provide the Data Processor, as the case may be, only data whose Processing has been previously authorized.
m) To require the Data Processor at all times to respect the security and privacy conditions of the Data Owner's information;
n) To process the queries and claims made by the Data Owner.
o) Adopt an internal manual of policies and procedures to ensure proper compliance with this law and especially for the attention of queries and claims;
p) Inform the Data Processor when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed;
q) Inform at the request of the Data Subject about the use given to his/her data.
r) Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Controllers.
s) Register the personal data bases before the competent body.
8. ON THE DUTIES AS PROCESSOR
Lat One Group as data processor will have the following duties, without prejudice of the other dispositions foreseen in the laws of habeas data and in others that govern its activity:
a) Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data.
b) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
c) Timely update, rectify or delete the data under the terms of this law.
d) Update the information reported by the data controllers within five (5) working days from its receipt.
e) Process the queries and claims made by the Data Controllers.
f) Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the handling of queries and claims by the Data Controllers.
g) Refrain from circulating information that is being disputed by the Data Controller and whose blocking has been ordered by the corresponding legal regulatory body.
h) Allow access to the information only to the persons who may have access to it.
i) Inform the corresponding legal regulatory body when there are violations to the security codes and there are risks in the administration of the information of the Holders.
j) Comply with the instructions and requirements issued by the regulatory bodies.
9. ON PERSONAL DATA OBTAINED FROM OTHER COMPANIES
Lat One Group will be able to receive personal data, from businesses, partners or third parties in quality of transfer and/or transmission. For these effects it will comply with the described in the corresponding laws of protection of personal data, as well as the businesses, partners or third parties that share information with Lat One Group will have to do it.
10. ON THE TRANSFER OF PERSONAL DATA BETWEEN COUNTRIES
Lat One Group services connect with different countries. To make it possible, personal data may be transferred or consulted by international entities.
Lat One Group as data controller and/or data processor will protect the rights of data subjects in international transfers made to third countries, taking into account security standards and compliance with laws on the transfer of personal data between countries to help ensure data protection everywhere.
The responsibility for the processing of personal data may vary depending on the place where the owner of the data resides, making it known that the personal data, including sensitive data, currently or in the future contained in our databases, will be processed and/or used by: Lat One Group and/or our affiliated and/or subsidiary companies and/or those third parties who, by the nature of their jobs or functions have the need to treat and/or use your personal data exclusively.
Lat One Group undertakes not to transfer personal data of any kind to countries or organizations that do not provide adequate levels of protection unless there is an express and clear authorization from the owner of the data.
11. THE PERSON OR AREA RESPONSIBLE FOR DEALING WITH REQUESTS, QUERIES AND CLAIMS BEFORE WHICH THE OWNER OF THE INFORMATION MAY EXERCISE HIS/HER RIGHTS TO KNOW, UPDATE, RECTIFY AND DELETE THE DATA AND/OR REVOKE THE AUTHORISATION.
In order that the holder of the information can exercise their rights in accordance with the framework of international laws, which covers the activity of Lat One Group, an area of Data Privacy & Management has been assigned in the company. This area will be responsible for the attention of requests, consultations and claims before any request made by the owners of the information.
12. PROCEDURE FOR DEALING WITH QUERIES AND COMPLAINTS (PQRS)
Lat One Group guarantees the right of consultation and claim of the personal data, supplying to the holder of the data, its successors or legal representatives, all the information related to the identification of the holder, contained in the data bases of the company.
The procedure is described below:
For all information request procedures, the data subject, his or her successors in title or legal representatives must submit the following information:
- Full name of the holder, assignee or legal representative.
- Address or means to communicate the response.
- Documents proving identity.
- Clear description of the request.
- Additional documents that support the identification of the requested information.
a) CONSULTATIONS
The holders of the information may send a request to the e-mail dataprivacy@latonegroup.com, to consult their information .
If the request complies with the legal requirements and those required herein, the response will be sent to the address provided by the petitioner within a period not exceeding ten (10) working days, counted from the date of filing of the request. When it is not possible to respond to the request within this term, the holder, assignee or legal representative will be informed of the reasons for the delay and the date on which it will be responded to, which in no case may exceed 5 working days following the expiration of the first term.
b) COMPLAINTS
When the owner of the personal data, its assignees or legal representatives consider that the information should be corrected, updated, partially or totally deleted, the following procedure shall be followed:
- Submit the request to the e-mail dataprivacy@latonegroup.com, supporting the reason for the claim and attaching the documentation that serves as proof.
- The response to the request will be made within a maximum period of fifteen (15) working days from the day following the date of receipt of the request. When it is not possible to respond to the claim within this period, the interested party will be informed of the reasons for the delay and the date on which the claim will be dealt with, which in no case may exceed eight (8) working days following the expiry of the first period.
- Lat One Group will rectify, and update information that is found to be inaccurate or incomplete and report as provided herein.
13. ON THE PROCESSING OF SENSITIVE DATA OR INFORMATION ON CHILDREN OR ADOLESCENTS
The Processing of Personal Data of a sensitive nature is prohibited, except with the express, prior and informed authorization of the Holder. In this case, in addition to complying with the requirements established for the authorization, Lat One Group will inform the Holder:
- That, as it is sensitive data, he/she is not obliged to authorise its processing.
- Which of the data to be processed are sensitive and the purpose of the processing.
Additionally, Lat One Group will treat the sensitive data collected under security and confidentiality standards corresponding to its nature. For this purpose, Lat One Group has implemented administrative, technical and legal measures contained in its Policies and Procedures Manual, of mandatory compliance for its managers, employees and, as applicable, its suppliers, related companies and business partners.
In case of collecting personal data of children or adolescents, Lat One Group will make sure that there is a written, express and unequivocal authorization of the guardian of the child or adolescent to carry out the respective treatment of the information.
14. ACCEPTANCE OF THE POLICY
The holder of the personal data declares that he/she has read and accepts the present Privacy and Personal Data Treatment Policy of Lat One Group. Likewise, the holders of personal data collected prior to the application of the laws may at any time request the deletion of their personal data and exercise their rights under the legal terms.
15. TERM AND DURATION
The present policy of privacy and treatment of personal data of Lat One Group enters from the date of its signature, and will have an indefinite validity or until when there are substantial changes, which will be informed to the holders of the information.
