InMONTES & WARREN SAS(hereinafter MW) we respect and protect the privacy of visitors to our website, employees, suppliers and customers who use our services, treating their data in accordance with the provisions of Statutory Law 1581 of 2012 " Personal Data Protection Law” and Decree 1377 of 2013 and other regulations that modify, add, complement or develop them.

 

Goal: This Personal Data Processing Policy (hereinafter PTDP) describes MW's practices for processing and managing information obtained in the development of its corporate purpose, commercial and marketing activities. This PTDP develops the guiding principles for the treatment of information, collection, storage, use, circulation and deletion of personal data of the Holders to which MW has access by any means, with prior informed and express authorization from the Holders. , except for the exceptions provided by law.

 

Scope and Obligations: This policy applies to all personal information registered in the databases of MONTES & WARREN SAS, who acts as the person responsible for the processing of personal data. This PTDP is mandatory and strict compliance for MONTES & WARREN SAS who will guarantee the Holder, at all times, the full and effective exercise of the right of habeas data.

Regarding the processing of information and personal data, MW must:

​

1. Duly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

2.  Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

3. Guarantee that the information provided to the Manager is true, complete, accurate, updated, verifiable and understandable.

4. Require the Manager at all times to respect the security and privacy conditions of the Holder's information.

5. Process all queries and claims formulated in the terms indicated in Law 1581 of 2012.

6. Inform at the request of the Owner about the use given to their data.

7. Inform the competent data protection authority when there are violations of the security codes and there are risks in the administration of the Holders' information.

​

Glossary: For the purposes of applying the rules contained in this policy and in accordance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, it is understood as:

 

Personal data- Any Information linked or that can be associated with a specific person, such as their name or identification number, or that can make it determinable, such as their physical features.

public data- They are considered public data, those related to the marital status of the people, their profession or trade and their quality as a merchant or public servant. These may be contained in public records and documents, official gazettes and bulletins, among others.

private data- It is the data that due to its intimate or reserved nature is only relevant for the owner. The tastes or preferences of people, for example, correspond to private data.

Sensitive Data - It is the data that affects the privacy of the Holder, are those that reveal their racial or ethnic origin, their political orientation, religious or philosophical convictions, as well as data related to health, sexual life, and biometric data, among others.

Authorization - It is the consent granted by any person so that those responsible for the processing of information can use their personal data.

Database- Organized set of personal data that are subject to treatment.

Treatment- Any operation or set of operations carried out on personal data, such as collection, storage, use, circulation or deletion.

Transfer- This is the operation carried out by the person in charge or in charge of processing personal data, when sending the information to another recipient, who, in turn, becomes responsible for the processing of said data.

Treatment Manager- It is the natural or legal person that performs the processing of personal data, based on a delegation made by the Data Controller, receives instructions about the way in which the data should be managed.

Responsible for the treatment- Is the natural or legal person, public or private, who decides on the purpose of the databases and/or their treatment.

Headline- Is the natural person whose personal data is being processed.

Notice of Privacy- It is one of the verbal or written communication options provided by law to inform the holders of the information of the existence and ways of accessing the information treatment policies and the purpose of its collection and use.

 

 

Rights of the holders:

 

The Holders of personal data have the right to:

 

1. Free access to the data provided that have been processed.

2. Know, update and rectify your information against partial, inaccurate, incomplete, fragmented, misleading data, or those whose treatment is prohibited or has not been authorized.

3. Request proof of authorization granted.

4. Submit to the Superintendency of Industry and Commerce (SIC) complaints for violations of the provisions of current regulations.

5. Revoke the authorization and/or request the deletion of the data, provided that there is no legal or contractual duty that prevents their deletion.

6. Refrain from answering questions about sensitive data. The answers that deal with sensitive data or data of children and adolescents will be optional.

 

Who is Responsible for the Treatment of your data?

 

Montes & Warren S.A.S.legally constituted company, identified with NIT No. 900.998.777-1, with main address at Calle 106 No. 56-33 office 403, in the city of Bogotá DC, Colombia. Telephone +571 4672868, Email (contact Data Protection Officer):contacto@mwabogados.com, Websitehttp://www.mwabogados.co/

 

What type of data do we process?

 

Personal data registered in any database that makes them susceptible to treatment by MW, are the following types of information:

 

1. Personally Identifiable Information: full name, age, nationality, photographs (in the case of marketing and advertising campaigns), telephone numbers, home address and email, economic activity, registration of needs in the consulting areas offered by MW.

2. Formal identification information: number of personal identification; citizenship card, immigration card, passport number.

3. Financial information: bank account information (when provided by clients), financial information obtained by consulting and reporting in credit bureaus.

4. Employment and professional information:level of education, position or description of the function, data of the address of companies and commercial establishments.

5. usage data: Survey responses, information provided to our support team, public social media posts.

6. AnyAdditional Informationthat is necessary to provide any service or information requested by the Owner or to comply with legal obligations.

 

It is important to specify that to access our website it is not necessary to provide any personal data, except in the case of requests for a specific service, registration for webinars, conferences, events or promotions, in which case the corresponding form should be filled out by entering the required data. All the fields included in these forms are mandatory, except those specifically indicated as optional.

 

For what purpose and how do we treat your personal data?

 

MW processes your data, with a variable scope depending on the use made of our services and for a variety of reasons and purposes, mainly:

 

1. Contract with the MW firm, use its services and execute the contractual relations and requests made by our clients.

2. Provide the contracted services, informing the Holders of the information on the matters that are of interest to them.

3. Carry out administrative procedures related to the development of our corporate purpose and provision of services.

4. Keep our clients informed on issues related to their market sector and the development of their corporate purpose.

5. Hire suppliers that MW requires for its proper operation of its physical facilities and website.

6. Prepare accounting, statistical and administrative records.

7. Submit reports to control and surveillance authorities.

8. Adopt measures for the prevention of illicit activities, money laundering and the financing of terrorism.

9. Execute commercial transactions that involve our clients, such as sales, mergers, reorganizations, liquidations, among others.

10. Send commercial offers, surveys, advertising and general information about MW products and/or services.

11. Carry out credit studies aimed at determining the possibility of granting credit payment facilities to the Holder or its guarantors, and carry out inquiries or reports in credit bureaus based on compliance or non-compliance with the obligations acquired with MW.

 

We will not use your personal information without your permission for purposes other than those detailed in this DWCP. From time to time, we may request your permission to allow us to share your personal information with third parties (if and when necessary and/or required by the applicable jurisdiction or essential for the provision of a Service). Keep in mind that you can choose to refuse the sharing of your personal information with third parties or to allow us to use your personal information for purposes that are incompatible with those for which we originally collected it or later obtained your authorization.

​

How long will we keep your data?

 

The data will be kept while you are a user of our services until you request its deletion and, in any case, for the period necessary to comply with legal obligations.

 

1. What is the legitimacy for the treatment of your data?

2. Contract execution. The processing of the data, as indicated, is necessary for the provision of the company's services.

3. Compliance with a legal obligation. As indicated, the applicable regulations, especially those related to money laundering and financing of terrorism, require that we process many of the data that are required.

4. Legitimate interest of the person in charge. Some of the treatments that are carried out, such as the referral of advertising, are carried out on the basis of the legitimate interest of the company.

5. Authorization. In any case, you consent to this privacy policy in the use of our services.

​

To which recipients will your data be communicated?

 

We take care to allow your personal information to be accessed only by those who need it to perform their tasks and duties, and to share it with third parties who have a legitimate purpose for accessing it. We will only share your information in the following circumstances:

 

1. Your information may be shared by court order or by the competent authority in any of the jurisdictions in which we have a presence.

2. We may share your information with law enforcement agencies, officials, or other third parties when compelled by a subpoena, court or administrative order, or similar legal process, or when we believe in good faith that disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activities, or to investigate violations of any other applicable policies or in compliance with regulations on money laundering and financing of terrorism.

3. To the extent that it is necessary for the proper provision of the contracted services or for which a quote is requested, we may share your information with third parties to the extent that their participation is necessary for the execution of the contracted tasks and, in any case, , guaranteeing compliance with the terms of this DWCP.

​

Data transfers to third countries

 

The only transfer of data to third countries outside of Colombian territory that are contemplated are those that can be made to our subsidiary Montes & Warren SLU in Spain, only to the extent that it is necessary according to the services required by the client.

 

What are your rights when you provide us with your data?

 

Any Holder has the right to obtain confirmation on whether or not MW is processing personal data that concerns them.

 

Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. You also have the right to the portability of your data.

 

In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.

 

In the same way, the interested parties may oppose the processing of their data. In this case, MW will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.

 

When commercial communications are sent using the legal basis of the legitimate interest of the person in charge, the interested party may oppose the processing of their data for that purpose.

 

If you have given your consent for a specific purpose, you have the right to withdraw the consent granted at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal.

 

Users may exercise the rights contained in this Policy and those guaranteed by applicable laws through the emails or physical contact addresses previously listed.

 

In the event that you feel your rights have been violated with regard to the protection of your personal data, especially when you have not obtained satisfaction in the exercise of your rights, you can file a claim with the Control Authority for the Protection of Personal Data, Superintendency of Industry and Commerce on its websitehttps://www.sic.gov.co/que-es-la-delegatura-datos-personales

 

How have we obtained your data?

 

The personal data we process comes from:

 

• The interested party

 

In turn, the information you provide us may be processed by MW, either because you have provided such data in the forms that you must fill out for requests for services, registrations for webinars, conferences or events.

 

• external sources

 

From time to time, we may obtain information about you from third party sources as required or permitted by applicable law, such as public databases, credit or net worth information systems, resellers, marketing partners, social media platforms, service providers of verification of identification and risks linked to money laundering or financing of terrorism; The latter use a combination of government records and publicly available or duly licensed information about you to verify your identity. Such information includes your name, address, job function, public employment profile, status on any sanctions list maintained by public authorities, and other relevant data.

 

• Treatment of data of minors

 

As a general rule, we do not request the collection of personal information from persons under 18 years of age. If their provision is strictly necessary, they will be treated respecting the fundamental rights of the least and with lawful purposes.

 

Attention to Petitions, Queries and Claims:The customer service area is the unit in charge of processing the requests of the Holders to make their rights effective. Through emailcontacto@mwabogados.co  requests, inquiries and complaints will be received and attended to.

 

 

Procedure for the exercise of the right of habeas data: In compliance with the regulations on personal data protection, Montes & Warren SAS presents the procedure and minimum requirements for the exercise of your rights:

 

For the filing and attention of your request, we ask you to provide the following information:

 

1. Full name and surname

2. Contact information (Physical and/or electronic address and contact telephone numbers),

3. Means to receive a response to your request,

4. Reason(s)/event(s) giving rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of the authorization granted, revoke it, delete it, access information)

5. Signature (if applicable) and identification number.

 

The maximum term provided by law to resolve your claim is fifteen (15) business days, counted from the day following the date of receipt. When it is not possible to attend the claim within said term, Montes & Warren SAS will inform the interested party of the reasons for the delay and the date on which their claim will be attended, which in no case may exceed eight (8) business days following the expiration of the first term.

​

Validity: This Policy for the Treatment of Personal Data is effective as of April 22, 2020.

The databases in which the personal data will be recorded will have a validity equal to the time in which the information is maintained and used for the purposes described in this policy. Once that purpose(s) is/are fulfilled and provided that there is no legal or contractual duty to keep your information, your data will be removed from our databases.

​

We reserve the right to modify this Privacy Policy at any time and, when required by applicable laws and competent authorities; changes made to this Privacy Policy will be notified. If material changes are made, you will be notified by email or by means of a notice posted on our website.http://www.mwabogados.co/