In compliance with the provisions of Law 1266 of 2008, the Statutory Law 1581 of 2012 and its Regulatory Decrees, the Demonstrated Responsibility Guide of the Superintendence of Industry and Commerce and other complementary guides, as well as the guidelines established by the General Data Protection Regulation (GDPR) and the General Personal Data Protection Law (LGPD),the company SIMETRIK INC, SIMETRIK SAS, its affiliates and subsidiaries (hereinafter "SIMETRIK"), adopts this policy for the treatment of Personal Data, which will be informed to all Data Subjects or that in the future will be obtained in the exercise of their business activities.
This document describes the mechanisms through which SIMETRIK guarantees an adequate management of the Personal Data collected in its databases, in order to allow the Data Subjects to exercise their fundamental right to habeas data and privacy protection.
OBLIGATIONS:This policy is of mandatory and strict compliance for SIMETRIK.
GENERAL PROVISIONS
SIMETRIK INC., a Delaware corporation domiciled in the city of San Francisco, California, identified by EIN No. 61-1863197, as parent company. SIMETRIK S.A.S., a Colombian company, incorporated under the laws of the Republic of Colombia, domiciled in the city of Bogotá D.C., identified with TIN. 901.030.030-8, in its capacity as a subsidiary.
Paragraph. For cases in which personal data is collected from non-citizens or non-residents of Colombia or the collection activity takes place outside the Colombian territory, the regulatory framework and technical tools of the jurisdiction where the main domicile of SIMETRIK SAS is defined, as the main responsible for the treatment of the personal data. The exercise of rights of the data subjects shall be in accordance with the provisions of this policy including the applicable reference standards and best practices.
Customers, Suppliers, Contractors, Subcontractors, Visitors, Collaborators or Employees of SIMETRIK, who have provided the information or Personal Data by virtue of the service provided by SIMETRIK.
This Policy establishes the general guidelines for the protection and treatment of Personal Data within SIMETRIK, thus allowing to strengthen the level of trust between the Controller and the Data Subjects, and other persons in charge of the handling and treatment of personal data, in relation to the collection, registration, handling, transfer and treatment of identifiable personal data carried out by SIMETRIK in the ordinary exercise of its corporate purpose.
This Policy of Treatment and Protection of Personal Data will be applied to all databases and/or files that include Personal Data that are subject to Treatment by SIMETRIK as Responsible for the Treatment of Personal Data.
The principles set forth below constitute the general parameters that SIMETRIK applies and safeguards in the exercise of the processes of capture, registration, management, use and treatment of Personal Data:
The treatment of Personal Data will be carried out for the time that is reasonable and necessary, in accordance with the purposes that justify the treatment. Once the purposes of the treatment have been fulfilled and notwithstanding any legal regulations to the contrary, the Personal Data provided will be deleted.
It is any information linked to one or several determined or determinable persons or that may be associated with a natural or legal person. Impersonal data are not subject to the data protection regime of the present law.
Personal data can be public, semi-private or private and Sensitive.
The Data Subject has the right to control when and who can access this information that is part of his or her private life.
Semi-private data has a limitation, which is that it requires an order from an administrative or judicial authority and that it is for the purposes of its own functions.such as, for example: credit histories, financial data, reports in credit bureaus, specifying that this type of data requires prior authorization from the Data Subject to be reported to databases or credit bureaus.
Sensitive data are considered those that reveal characteristics such as ethnic or racial origin, health data, sexual preference, political affiliation, religion, ideology, union membership, social organizations, biometric data, among others.The treatment of sensitive data is prohibited with the exception of the following cases:
The information collected by SIMETRIK has as main purpose to allow the proper development of the company's corporate purpose in what has to do with the fulfillment of the object of the contract with the Data Subject information, as well as other purposes are taken into account such as:
To provide information to third parties with which Simetrik has a contractual relationship and that it is necessary to deliver it to them for the fulfillment of the contracted object.
Therefore, whoever accesses the services and / or products of SIMETRIK, must voluntarily provide certain physical or personal identification data, such as among others: name, surname, ID, age, gender, telephone, physical and electronic address, country, city and other necessary data requested in the registration process as an employee, supplier, visitor or customer of SIMETRIK.
Limitation in the possibilities of disclosure, publication or transfer of the same, in accordance with the principles that regulate the process of personal data management.
Limitation on the use of information. Personal data and user data sent through the platforms and in general the information generated, produced, stored, sent or shared in the provision of Simetrik's services, may not be subject to marketing or economic exploitation of any kind, except with the express authorization of the owner of the data and in accordance with the limits imposed by the Personal Data Protection Act.
SIMETRIK declares to be responsible for the treatment of the Personal Data that have been provided by the Data Subject and that are stored in databases or storage media owned or managed by SIMETRIK. The information contained in SIMETRIK's databases is subjected to different forms of treatment, such as collection, exchange, updating, processing, reproduction, compilation, storage, use, systematization and organization, all of them partially or totally in compliance with the established purposes.The information may be given, transmitted or transferred to public entities, business partners, contractors, affiliates, subsidiaries and affiliates, as long as it is to fulfill the established purposes. In any case, the delivery, transmission or transfer will be made after the execution of the necessary documents to safeguard the confidentiality of the information. Likewise, in compliance with legal duties, SIMETRIK may provide personal information to judicial or administrative entities. When SIMETRIK processes Personal Data of Data Subjects residing abroad, it will adopt the provisions in compliance with the General Data Protection Regulation (GDPR). Conduct a prior impact assessment, when it is likely that a particular Data treatment, due to its nature, scope, purposes or context, entails a high risk to the rights of Data Subjects. The assessment shall: (i) contain a description of the treatment operations and the purposes thereof; (ii) an assessment of the necessity and proportionality of the treatment; (iii) an assessment of the risks to the rights of the Data Controllers; and (iv) the measures envisaged to ensure the protection of the Personal Data. Consult the Data Protection Authority before carrying out a treatment, when the prior impact assessment shows that the treatment would entail a high risk to the rights of the Data Subjects, if the necessary measures are not taken to mitigate it.
The information collected by SIMETRIK from its employees is primarily for the following purposes:
The information collected by SIMETRIK from its shareholders is mainly for the purpose of
SIMETRIK collects the Personal Data of its Clients and users through the subscription of contracts for the provision of services in the cloud and/or through the domain simetrik.com domain, where for purposes of authentication and access to the service, the Customer and/or user will be asked for certain personally identifiable information that can be used to contact or identify him/her ("Personal Data"). Personally identifiable information may include, but is not limited to: email address, name, address, country, zip code, city, cookies and usage data. SIMETRIK stores the data in a database, which is classified by the company as confidential, and will only be disclosed with the express authorization of the owner or when requested by a Competent Authority. The purposes for which the Personal Data of SIMETRIK's Customers are used are:
SIMETRIK, collects the Personal Data of its Suppliers and stores them in a database which, although it is composed mostly of public data, is qualified by the company as of The company will only disclose private data with the express authorization of the owner or when requested by a Competent Authority.The purposes for which the Personal Data of SIMETRIK's Suppliers are used are:
SIMETRIK collects biometric data of its employees and visitors through its Surveillance Cameras and stores them in a database which is classified by the company as confidential, and will only be disclosed with the express authorization of the owner or when requested by a Competent Authority. The purposes for which the Personal Data contained in SIMETRIK's Surveillance Cameras are used are:
SIMETRIK does not directly process Personal Data of minors. However, in particular, the company collects and processes the Personal Data of its employees' minor children for the sole purpose of complying with the obligations imposed by law on employers in relation to affiliations to the social security and parafiscal systems, and in particular to allow the enjoyment of children's fundamental rights to health and recreation. In any case, SIMETRIK will collect, when appropriate, the respective authorization for its treatment, always bearing in mind the best interest of the minor and the respect of the prevailing rights of children and adolescents.
The company currently performs International Transmission of Personal Data, to perform the International Transmission of Personal Data, in addition to informing the Data Subject and having his authorization SIMETRIK will ensure that the action of transmitting is regulated by a contract and the technical annex that SIMETRIK develops for this purpose both for the transmission and transfer and that contemplates the requirements set in Colombia by the Statutory Law 1581 of 2012, its regulatory decrees and other applicable regulations.
SIMETRIK protects the Personal Data provided by the Data Controllers, through the adoption of guidelines and controls aimed at preventing unauthorized access, modification, disclosure or destruction of the information stored in its databases. In compliance with the obligation described above, SIMETRIK adopts the following protocols:
Security protocols to prevent unauthorized access to databases, stored both physically and electronically. Implementation and improvement of controls in the physical facilities, to protect the data contained in physical form, in order to mitigate the harmful effect that could originate the materialization of any risk faced by the sensitive data managed by SIMETRIK. Notwithstanding the foregoing, SIMETRIK may disclose personal information when required to do so by a Data Protection Authority and/or by a public or administrative entity in the exercise of its legal functions. In this case, SIMETRIK shall notify the Data Subjects three (3) business days prior to the date on which the information is to be delivered. In the event of a breach of security of Personal Data of Data Subjects residing in the European Union, the Controller shall notify the competent Data Protection Authority, at the latest within 72 hours after becoming aware of the breach, unless such breach of security is unlikely to constitute a risk to the rights of the Data Subjects.If the notification to the competent Data Protection Authority does not take place within 72 hours, the notification shall contain the reasons for the delay in time. The notification shall include at least the following:Describe the nature of the Personal Data security breach and, when possible, the approximate number of Personal Data and data subjects affected, and the type of Personal Data breached.The name and contact details of the Data Protection Officer or other contact with whom further information can be obtained. Describe the possible consequences of a breach of Personal Data security.Describe the measures taken by the Data Controller to mitigate the security breach and its possible negative effects. In turn, the Data Processor shall promptly notify the Controller of any breach of security of the Personal Data Subject residing abroad.
For the treatment of Personal Data, SIMETRIK will request prior and informed authorization from the Data Subject, which may be obtained by any means that may be subject to subsequent consultation.
The Owners of Personal Data shall enjoy the following rights, and those granted to them by law:
SIMETRIK as Responsible for the treatment of Personal Data, shall comply with the following duties:
Databank operators are obliged to:
Sources of information shall comply with the following obligations:
Users of the information shall:
page 1 of 2