INTERNAL MANUAL OF POLICIES AND PROCEDURES TO GUARANTEE THE COMPLIANCE OF LAW 1581 OF 2012 AND ITS COMPLEMENTARY RULES

Presentation.

homebasexbusiness.com is a website belonging to PMOTION, which is governed by the rules and privacy policies of PMOTION. As of now, homebasexbusiness.com will be called PMOTION.  PMOTION is operated and administered from Colombia, it is governed by the laws and the political constitution of Colombia, as well as by its administrators and personnel. If you do not agree with this, stop using the PMOTION services immediately.

This document responds to the need to comply with the provisions of Law 1581 of 2012, by which general provisions are issued for the protection of personal data, exactly as provided in subparagraph k) of Article 17, that regulates the duties that assist those responsible for the processing of personal data, that is, the obligation to adopt an internal manual of policies and procedures to ensure proper compliance with the law and, in particular, for the attention of inquiries and complaints.

In literals d) and e), article 3 of Law 1581 of 2012 expressly mentions the person in charge and the person responsible for the treatment, respectively. Thus, the person responsible for the treatment is the natural or legal person, public or private, that by itself or in association with others, decides on the data base and / or the data processing, while the person in charge of the treatment is the natural or legal person, public or private, that by itself or in association with others, perform the processing of personal data on behalf of the Responsible.

However, current technologies allow companies to efficiently manage, manage and store the personal information they use for the fulfillment of their corporate and business objectives, such as in their personnel selection and hiring processes or processes. related to the service and attention to customers, users, suppliers, shareholders and managers, among others. The fundamental right to habeas data is intended precisely to guarantee citizens the power of decision and control they have over the information that concerns them, specifically about the use and destination that is given to their personal data.

In this sense, the right to the protection of personal data gives the holder of powers to maintain control over his personal information. These range from the right to know who retains personal data, the uses to which they are being submitted, to the definition of who has the possibility of consulting them. The law even attributes to them the power to oppose such possession and use. Law 1581 of 2012 develops a series of guarantees and instruments designed to guarantee the validity of the referred fundamental right.

In this context, the purpose of this manual is to cover said guarantees and instruments taking into account our condition as responsible for the processing of personal data provided for in the aforementioned law. This manual allows implementing important organizational changes to lay down the procedures for collecting and processing personal data to the provisions of the Law.

CHAPTER I

GENERAL DISPOSITION

ARTICLE 1. APPLICABLE LEGISLATION. This manual was prepared in accordance with the mandates of the Political Constitution of Colombia (articles 15 and 20), Law 1581 of 2012, which establishes general provisions for the protection of personal data, as well as its Regulatory Decree 1377 of 2013.

ARTICLE 2. SCOPE OF APPLICATION. This manual applies to the processing of personal data that is obtained and managed by PMOTION

ARTICLE 3. DATABASES. The policies and procedures contained in this manual apply to the databases of suppliers, customers, collaborators, affiliates of PMOTION and the website administrator, employees or any other person registered on the website or who has provided voluntary the information with any purpose, whose period of validity will last for the time in which PMOTION develops its activity.

ARTICLE 4. OBJECT. Through this manual, the provisions contained in Law 1581 of 2012 are complied with, especially as indicated in subparagraph k) of article 17 and in subparagraph f) of article 18, which regulate the duties that assist those responsible and responsible for the processing of personal data, among which is to adopt an Internal Manual of Policies and Procedures to ensure proper compliance with the law and in particular, for the attention of inquiries and complaints. It also aims to determine the processes of collection, storage, custody and treatment of personal data that PMOTION collects in development of its corporate purpose, to ensure and protect the fundamental right of Habeas Data that all natural persons have .

ARTICLE 5. DEFINITIONS. For the proper interpretation of this manual and as established in article 3 of Law 1581 of 2012 and article 3 of Decree 1377 of 2013, it is understood as:

  • Authorization : Prior, express and informed consent of the Holder to carry out the processing of personal data; For website users, this authorization will be made at the moment you press the “I understand and accept” button that will be available when you access any page of the website, and which will not allow any user to enter the website, until the user presses the aforementioned button. If, in the event that the user does not accept, you must leave the website, the user will be redirected to the search page of Google Inc. known as Google.com, so you can continue looking for information that we can not provide until you accept, the policies and conditions of privacy and use of the website, in conjunction with the use of Cookies.
  • Privacy Notice : physical document, electronic or in any other format generated by the Responsible that is made available to the Owner for the processing of their personal data.In the Privacy Notice, the Owner is informed about the existence of the information treatment policies that will be applicable to them, the way to access them and the characteristics of the treatment intended to give personal data;
  • Database : Organized set of personal data that is subject to Treatment;
  • Personal Data : Any information linked to or associated with one or several natural persons determined or determinable;
  • Private Data : is that which, due to its intimate or reserved nature, is only relevant for the Holder.
  • Public Data : It is the data that is not semi-private, private or sensitive. They are considered public data among others, the data relative to the civil status of the people, to their profession or trade and to their quality of merchant or public servant. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins and judicial sentences duly executed that are not subject to reservation.
  • Semi-private personal data : Data that has no private, reserved, or public nature is semi-private, and its knowledge or disclosure may be of interest not only to its owner but to a certain sector or group of people or society in general, such as, among others, the data regarding compliance or non-compliance with financial obligations or data related to relations with social security entities.
  • Sensitive Data : Sensitive data are those that affect the privacy of the owner or whose misuse can lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, union membership, social, human rights organizations or organizations that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life and biometric data.
  • Responsible for the Treatment : Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the Treatment Manager;
  • Responsible for the Treatment : Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data;
  • Owner : Natural person whose personal data are subject to Treatment;
  • Treatment : Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
  • Transfer : The transfer of data takes place when the person in charge of the processing of personal data, located in Colombia, sends the information or personal data to a receiver, who in turn is responsible for the treatment and is inside or outside from the country.
  • Transmission : Treatment of personal data that implies the communication of the same inside or outside the territory of the Republic of Colombia when it has for its object the realization of a Treatment by the Person in Charge of the Responsible Person.

ARTICLE 6. PRINCIPLES. The principles set out below constitute the general parameters that will be respected by PMOTION in the processes of collection, storage, custody and processing of personal data:

  • Principle of purpose : The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder;
  • Principle of freedom : The Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent;
  • Principle of truth or quality : The information subject to Treatment must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited;
  • Principle of transparency : In the Treatment the right of the Holder must be guaranteed to obtain from the Person in Charge of the Treatment or the Person in Charge of the Treatment, at any time and without restrictions, information about the existence of data that concerns him;
  • Principle of access and restricted circulation : The Treatment is subject to the limits that derive from the nature of personal data, the provisions of the law and the Constitution. In this sense, the Treatment can only be done by persons authorized by the Holder and / or by the persons provided by law. Personal data, except public information, may not be available on the Internet or other means of dissemination or mass communication, unless the access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties;
  • Principle of security : The information subject to Treatment by the Person in Charge of the Treatment or in charge of the Treatment, shall be handled with the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or access unauthorized or fraudulent;
  • Principle of confidentiality : All persons involved in the processing of personal data that do not have the nature of public are required to guarantee the reservation of information, even after the end of your relationship with any of the tasks involved in the treatment.

CHAPTER II

AUTHORIZATION

ARTICLE 7. AUTHORIZATION . The collection, storage, use, circulation or deletion of personal data by PMOTION requires the free, prior, express and informed consent of the owner thereof PMOTION, as the person responsible for the processing of personal data, has provided the necessary mechanisms to obtain the authorization of the Owner, guaranteeing in any case that it is possible to verify the granting of such authorization, in the case of the users of the site web, the verification of this procedure will be subject to the technology implemented, and this is that you can not access the website unless you authorize the processing of personal data, privacy, conditions and use of cookies, managed on the website.

ARTICLE 8. FORM AND MECHANISMS TO GRANT THE AUTHORIZATION . The authorization can be recorded in a physical, electronic document, in an audio file, technological mechanisms or in any other format that guarantees its subsequent consultation. The authorization will be issued by PMOTION and made available to the Owner prior to the processing of their personal data, in accordance with what is established by Law 1581 of 2012, for users of the website, the fact of being able to navigate within the site or being able to sign up (register) shows that you gave the corresponding authorization, otherwise you would be redirected to the search page of Google Inc. to continue searching for the required information on that website.

With the consented authorization procedure, it is guaranteed that the holder of the personal data has been informed, both the fact that his / her personal information will be collected and used for determined and known purposes, and that he / she has the option of knowing any alteration to the themselves and the specific use that has been made of them.The foregoing in order for the Owner to make informed decisions regarding their personal data and have control over the use made of their personal information. The authorization is a statement that informs the owner of the personal data:

  • Who collects data from the person responsible or in charge of the data base;
  • For what it collects the data (the purposes of the treatment);
  • How to exercise rights of access, correction, updating or deletion of the personal data provided;
  • If sensitive data is collected, and the possibility of not disclosing them.

ARTICLE 9. PROOF OF AUTHORIZATION . PMOTION will adopt all the necessary measures to maintain records of the obtaining of authorization by the holders of personal data for the treatment thereof, for the users of the website, the fact of being able to navigate within the site or being able to give High (register) shows that you gave the corresponding authorization, otherwise, you would be redirected to the search page of Google Inc. To continue with the search of the required information, on that website.

ARTICLE 10. PRIVACY NOTICE . The Privacy Notice is the physical document, electronic or in any other format, which is made available to the Owner for the processing of their personal data. Through this document, the Owner is informed about the existence of the information treatment policies that will be applicable to them, the way to access them and the characteristics of the treatment intended to give personal data. The PMOTION Privacy Notice is available, among other media, on the website https://www.homebasexbusiness.com/

ARTICLE 11. MINIMUM CONTENT OF THE PRIVACY NOTICE . The Notice of

Privacy, as a minimum, must contain the following information:

  • Name or business name and contact details of the Treatment Manager.
  • The treatment to which the data and the purpose of it will be submitted.
  • The rights that the Holder assists.
  • The general mechanisms provided by the Responsible so that the Holder knows the policy of treatment of the information and the substantial changes that take place in it or in the corresponding Privacy Notice. In all cases, you must inform the Owner how to access or consult the information processing policy.

ARTICLE 12. NOTICE OF PRIVACY AND INFORMATION PROCESSING POLICIES .PMOTION will keep the model of the Privacy Notice that was transmitted to the Card Holders while personal data is processed and the obligations derived from it endure. For the storage of the model, PMOTION may use computer, electronic or any other technology.

CHAPTER III

RIGHTS AND DUTIES

ARTICLE 13. RIGHTS OF THE HOLDERS . In accordance with the provisions of Law 1581 of 2012, in article 8, the following are the rights of the Holders of the information:

  • Know, update and rectify your personal data against PMOTION in its capacity as Responsible for the Treatment or in charge of the Treatment. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized;
  • Request proof of the authorization granted to PMOTION in its capacity as Responsible for the Treatment except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of Decree 1377 of June 2013, for site users web, the fact of being able to navigate within the site or be able to register (register) shows that you gave the corresponding authorization, otherwise you would be redirected to the search page of Google Inc. To continue with the search of the required information , on that website.
  • Be informed by PMOTION, regarding the use you have given to your personal data.
  • Submit to the Superintendency of Industry and Commerce complaints for infractions of the provisions of Law 1581 of 2012 and other rules that modify, add or complement, after exhaustion the respective process of consultation and / or claim to PMOTION
  • Revoke the authorization and / or request the deletion of the data when in the Treatment the principles, rights and constitutional and legal guarantees are not respected. The revocation and / or suppression will proceed when the Superintendence of Industry and Commerce has determined that in the Treatment the Responsible or Person in Charge has incurred in conducts contrary to the Law and the Constitution;
  • Access free of charge to your personal data that have been subject to Treatment.

ARTICLE 14. DUTIES IN RELATION TO THE PROCESSING OF PERSONAL DATA.  PMOTION, in its capacity as Responsible for Treatment, shall comply with the provisions contained in the National Constitution, Law 1581 of 2012 and regulatory decree 1377 of 2013, make use of the data that is collected and stored, only for the purposes for which it has been empowered according to the respective authorization of the owner obtained prior to the collection of the data. In this way PMOTION, is committed to comply with data processing with the following duties:

  • Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data.
  • Request and keep a copy of the respective authorization granted by the Holder, according to the procedure used for it.
  • Properly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.
  • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Perform timely, this is in the terms provided in articles 14 and 15 of Law 1581 of 2012, updating, rectification or deletion of data.
  • Process the queries and claims made by the Holders in the terms set forth in article 14 of Law 1581 of 2012.
  • Ensure that the information provided to PMOTION is accurate, complete, accurate, updated, verifiable and understandable.
  • Update the information, communicating in a timely manner to PMOTION, all the news regarding the data previously provided and adopt the other necessary measures so that the information provided to it is kept up-to-date.
  • Rectify the information when it is incorrect and communicate the pertinent to the Person in charge of the Treatment.
  • Provide the Data Processor, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of this law.
  • Insert in the database the legend “information in judicial discussion” once notified by the competent authority about judicial processes related to the quality or details of the personal data.
  • Refrain from circulating information that is being controverted by the Holder and whose blockade has been ordered by the Superintendence of Industry and Commerce.
  • Allow access to information only to people who can access it.
  • Inform the Superintendence of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the Owners.
  • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

CHAPTER IV

ACCESS, CONSULTATION AND CLAIM PROCEDURES

ARTICLE 15. RIGHT OF ACCESS : The owner of the data has the right to access and know what information is subject to treatment by PMOTION, which is the obligation of PMOTION to guarantee the Holder his right of access which will be made in the following way:

  • The owner of the information may know, if requested, if indeed his / her data (s) are being processed by PMOTION
  • The Owner may have access to personal data held by PMOTION
  • The Owner will have the right to know the circumstances in which the processing of their information is carried out, and PMOTION must inform about the type of personal data processed and each and every one of the purposes that justify the Treatment.

PARAGRAPH: PMOTION will guarantee the right of access, previous accreditation of the identity of the Owner or the quality of his representative or successor in title, making available to him, free of charge, the detail of personal data through physical or electronic means that allow direct access of the Holder to them, so that the Holder can make effective its right to rectify, correct or request the deletion of all or part of their data.

ARTICLE 16. CONSULTATIONS . In accordance with the provisions of article 14 of Law 1581 of 2012, the holders or their successors in title may consult the personal information of the Holder that rests in the database managed by PMOTION Consequently, PMOTION, will guarantee the right of consultation, supplying to them all the information contained in the individual record or that is linked to the identification of the Holder.

For the attention of requests of consultation of personal data PMOTION guarantees the qualification of communication channels that allow to receive and to take care of the consultations opportunely, between these a line of national attention, a mechanism of electronic contact, as it is its portal web, e-mail customer service, as determined in the policy of treatment of information and others that you consider pertinent at the time and that will be effectively announced through modifications to your Privacy Notice.

In any case, regardless of the mechanism implemented for the attention of requests for consultation, these will be attended within a maximum term of ten (10) business days from the date of its full receipt. When it is not possible to attend the consultation within said term, the interested party will be informed before the expiration of the ten (10) days, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case exceed the five (5) business days following the expiration of the first term.

ARTICLE 17. CLAIMS . In accordance with the provisions of article 15 of Law 1581 of 2012, the Holder or his successors in title who consider that the information contained in a database must be subject to correction, updating or deletion, or when they notice the presumed breach of any of the duties contained in Law 1581 of 2012, may submit a claim to the Responsible for Treatment, which will be processed under the following rules:

  • The claim will be formulated by means of a request addressed to PMOTION, at least with the identification of the Holder, the description of the facts that give rise to the claim, the address, and including the documents that support the claim.
  • If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it shall be understood that the claim has been abandoned.
  • Once the complete claim has been received, a legend that says “claim in process” and the reason for it will be included in the database, in a term not exceeding two (2) business days.This legend must be maintained until the claim is decided.
  • The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first finished.

ARTICLE 18. IMPLEMENTATION OF PROCEDURES TO GUARANTEE THE RIGHT TO PRESENT CONSULTATIONS AND CLAIMS . At any time and for free, the Owner or his representative, after proof of identity, may request from PMOTION information about the use of their personal data, inquiries, or claims in which rectification, updating or deletion of these are requested. , will be processed when:

All requests must be submitted through the means enabled by PMOTION, indicated in the Privacy Notice, and contain, as a minimum, the following information:

Basic information:

  • First and last names, for the users of the website, you must also attach your username and / or email.
  • Contact data (Address, physical and / or electronic and contact numbers),
  • Means to receive a response to your request,
  • Reason (s) / fact (s) that give rise to the query or claim
  • Description of the Law that you wish to exercise before PMOTION and the personal data on which it rests.
  • Signature, identification number and corresponding validation footprint or procedure.
  • Present the information in the offices of PMOTION or through the channels for it supplied.

Annexes:

  • Copy of the identity document of the holder of the information extended to One Hundred Fifty Percent (150%).
  • If the request is made by the successor, representative of the owner or agent, the document that grants said quality must be provided.
  • Additional documents that support the request to be made.

PMOTION guarantees that the means made available to the holders of the information allow a response to be provided in the terms established by Law 1581 of 2012. Each time PMOTION makes available a new tool to facilitate the exercise of rights of the holders of information or modify existing ones, it will inform you through its website and in its Privacy Notice.

ARTICLE 19. RECTIFICATION, UPDATING OF DATA . The Holder of the information or his successors or representatives, after proof of identity, have the right at all times, to request PMOTION, the rectification or update of their personal data, for which it must indicate the corrections requested and provide the documentation that supports your request.

PARAGRAPH: When the request is submitted by a person other than the owner, who does not show that he / she acts as proxy, assignee, or any other condition that gives him / her the right to represent the Holder, it will be understood that the request was not presented.

ARTICLE 20. DELETING DATA . The Owner of the information or his successors or representatives, after proof of his identity, have the right at all times, to request PMOTION, the suppression of his personal data when:

  • Consider that they are not being treated in accordance with the principles, duties and obligations set forth in Law 1581 of 2012.
  • There is no contractual relationship with PMOTION, or no longer necessary or relevant for the purpose for which they were collected.

This deletion implies the total or partial elimination of personal information in accordance with the request by the Owner in the records, files, databases or treatments performed by PMOTION It is important to take into account that the right of cancellation is not absolute and the person in charge can deny the exercise of the same in the following cases:

  • The request to suppress the information will not proceed when the Holder has the legal or contractual duty to remain in the database.
  • It is not possible to eliminate the data by the order of a judicial or administrative authority with competence in the National Territory.
  • The data are necessary to protect the legally protected interests of the Holder, or to guarantee the fulfillment of an obligation legally acquired by the Holder.

PARAGRAPH : When the request is submitted by a person other than the owner, who does not show that he / she acts as proxy, assignee, or any other condition that gives him / her the right to represent the Holder, it will be understood that the request was not presented.

ARTICLE 21. REVOCATION OF THE AUTHORIZATION . The holders of personal data may revoke the consent to the processing of their personal data at any time, provided that it is not prevented by a legal or contractual provision or ceases to exist the reason that led to the collection of the data. The holder of the information may request a total or partial revocation of the purposes for which it was conferred, an event in which, in the request, it must indicate which of these corresponds and if it is partial, indicate for which purpose it wishes to revoke the authorization. There will be cases in which the consent, for its character of necessary in the relation between the holder and PMOTION, for effects of the fulfillment of a valid contract or by legal disposition will not be able to be revoked. On the other hand, the users of the website, the system will be requesting the renewal of all authorizations required to navigate the website, every 30 days. Therefore, if a non-registered user of the website wishes to completely revoke such authorization, they should stop browsing the website, their authorization will remain until their last registered entry, in the same way, the personal data acquired by the website may be deleted by the owner, erasing the cookies of his navigated, or likewise, the validity of said cookies are of 30 days, after that, said information will be deleted from the browser of the unregistered user; For users who have registered (registered) on the website, they must request the deletion of their account by email CONTACT US

CHAPTER V

SECURITY OF THE INFORMATION

ARTICLE 22. SECURITY MEASURES . In development of the security principle established in Law 1581 of 2012, PMOTION will adopt the technical and technological measures, its human and administrative resources that are necessary to grant security to the data avoiding its adulteration, loss, consultation, use or access not authorized or fraudulent.

ARTICLE 23. IMPLEMENTATION OF SECURITY MEASURES . PMOTION will maintain security protocols of mandatory compliance for its employees with access to personal data and information systems. The procedure must consider, at least, the following aspects:

  • The use of information security tools, reasonably accepted in the industry, such as firewalls, access control procedures, among others.
  • Measures, norms, procedures, rules and standards aimed at guaranteeing the level of security required by Law 1581 of 2012.
  • Functions and obligations of the staff: The personnel linked to PMOTION has received and accepted a commitment of confidentiality and good use of the information to which they have access in their daily work.
  • The personnel of PMOTION will have authorized access only to those data and resources that they need for the development of their functions, according to the criteria established by the person in charge of the information.
  • Incident registration: PMOTION officials must report incidents that may affect the confidentiality and / or integrity of the company’s information, indicating the type of incident, the time it occurred, the person performing the notification, to whom it is communicated and the effects that would have derived from it.
  • Identification and authentication: PMOTION has chosen to provide security measures that guarantee the correct identification and authentication of the officials to access the information.
  • Transfer of Information: PMOTION has implemented controls that limit or disable the transfer of information to destinations or unauthorized items.
  • Implementation of security policies: PMOTION has implemented policies for the proper use, administration and control of Computer Resources
  • Audit: PMOTION will carry out periodic audits related to the use of the company’s resources and the management of the information specific to the position.
  • PMOTION has taken measures to destroy the information or delete it, to guarantee its total destruction.
  • Updating procedures that are consistent with the goals pursued and changes in the structure of the organization. The content of the procedure must be adapted at all times to the current provisions on the security of personal data.

ARTICLE 24. TERCERIZATION OF THE PROCESSING OF PERSONAL DATA.   PMOTION, may subcontract to third parties for the processing or treatment of certain functions or information. When the processing or processing of personal information is effectively subcontracted with third parties or personal information is provided to third party service providers, PMOTION warns said third parties about the need to protect such personal information with appropriate security measures.

CHAPTER VI

FINAL PROVISIONS

ARTICLE 25. PMOTION, designates the BACK OFFICE area or whoever acts as responsible for protecting the database. Likewise, the BACK OFFICE area will process the internal requests of the holders, for the exercise of their rights to access, consult, rectify, update, suppress and revoke that referred to in law 1581 of 2012. The foregoing will be carried out with the permanent support of the CUSTOMER SERVICE area, for website users, they can communicate through CONTACT US

ARTICLE 26. VALIDITY This document is effective as of October 13, 2017 and until such time as it is expressly revoked or modified.