Select page

PERSONAL DATA PROCESSING POLICY LABORATORIOS EDO SAS

Company Name: LABORATORIOS EDO SAS
Tax ID: 890.308.184-1
Address: Calle 13 38-86 Acopi (Yumbo)
Phone: (2) 664 4408 Ext. 100
Email: [email protected]
Website: www.laboratoriosedo.com

 

1- LEGAL REGULATIONS AND SCOPE OF APPLICATION:

This Personal Data Processing Policy is prepared in accordance with the provisions of the Political Constitution, Law 1581 of 2012, Regulatory Decree 1377 of 2013 and other complementary provisions and will be applied by LABORATORIOS EDO with respect to the collection, storage, use, circulation, deletion and all those activities that constitute the processing of personal data.

 

2- DEFINITIONS:

For the purposes of implementing this policy and in accordance with legal regulations, the following definitions shall apply:
Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.
Privacy Notice: A physical, electronic, or other format document generated by the Data Controller and made available to the Data Subject for the processing of their personal data. The Privacy Notice informs the Data Subject about the existence of the applicable data processing policies, how to access them, and the purpose of the intended processing of their personal data.
Database: An organized set of personal data that is subject to Processing.
Personal Data: Any information linked to or that can be associated with one or more identified or identifiable natural persons.
Public Data: Data classified as such according to the mandates of the law or the Political Constitution, and data that is not semi-private, private, or sensitive. Public data includes, among others, information relating to a person's marital status, profession or occupation, status as a merchant or public servant, and any other information that can be obtained without restriction. By their nature, public data may be contained in, among other sources, public registries, public documents, official gazettes, and bulletins.
Private data: This is data that, due to its intimate or confidential nature, is relevant only to the data subject.
Sensitive data: Sensitive data is understood to be data that affects the privacy of the data subject or whose misuse could lead to discrimination, such as data revealing racial or ethnic origin, political affiliation, religious or philosophical beliefs, membership in trade unions, social or human rights organizations, or organizations that promote the interests of any political party or guarantee the rights and protections of opposition political parties, as well as data relating to health, sex life, and biometric data.
Data Processor: A natural or legal person, public or private, who, alone or jointly with others, processes personal data on behalf of the Data Controller.
Data Controller: A natural or legal person, public or private, who, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Subject: A natural person whose personal data is being processed.
Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or erasure.

 

3- PURPOSE FOR WHICH PERSONAL DATA IS COLLECTED AND PROCESSED:

LABORATORIOS EDO SAS may use personal data for:

– To execute the existing contractual relationship with its clients, suppliers and employees, including the payment of contractual obligations.

– To provide the services and/or products required by its users.

– To inform about new products or services and/or changes to them.

– Evaluate the quality of service.

– Conduct internal studies on consumption habits.

– To send via physical mail, email, cell phone or mobile device, via text messages (SMS and/or MMS) or through any other analogous and/or digital means of communication created or to be created, commercial, advertising or promotional information about the products and/or services, events and/or promotions of a commercial or non-commercial nature, in order to promote, invite, direct, execute, inform and in general, carry out campaigns, promotions or contests of a commercial or advertising nature, carried out by the company and/or by third parties.

– Develop the process of selection, evaluation, and job placement.

– Support internal or external audit processes.

– Register employee information (active and inactive) in the company's databases.

– Those indicated in the authorization granted by the data subject or described in the respective privacy notice, as the case may be.

 

4- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA: The processing of personal data at LABORATORIOS EDO SAS will be governed by the following principles:
Principle of purpose: The processing of collected personal data must have a legitimate purpose, which must be communicated to the Data Subject.
Principle of freedom: Processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives the requirement for consent.
Principle of accuracy or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. Partial, incomplete, fragmented, or misleading data will not be processed.
Principle of transparency: The processing must guarantee the right of the data subject to obtain information from LABORATORIOS EDO SAS at any time and without restrictions regarding the existence of data concerning them.
Principle of access and restricted circulation: The processing is subject to the limits derived from the nature of the personal data, the provisions of this law, and the Constitution. Personal data, except for public information and as provided in the authorization granted by the data subject, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted access only to the data subjects or authorized third parties.
Security Principle: Information subject to processing by the company must be protected through the use of the necessary technical, human, and administrative measures to ensure the security of the records, preventing their alteration, loss, unauthorized or fraudulent access, use, or consultation.
Confidentiality Principle: All persons involved in the processing of personal data are obligated to guarantee the confidentiality of the information, even after their relationship with any of the tasks involved in the processing has ended. In the event that sensitive personal data is collected, the data subject may refuse to authorize its processing.

 

5- RIGHTS OF DATA SUBJECTS WHOSE PERSONAL DATA IS PROCESSED BY LABORATORIOS EDO SAS: Data subjects, either directly or through their representative and/or attorney or their successor, may exercise the following rights with respect to the personal data processed by the company:
Right of access: By virtue of which they may access the personal data under the control of the company, for the purpose of consulting it free of charge at least once every calendar month, and whenever there are substantial modifications to the Information Processing Policies that warrant new consultations.
Right to update, rectify and delete: By virtue of which they may request the updating, rectification and/or deletion of the personal data being processed, in such a way that the purposes of the processing are satisfied.
Right to request proof of authorization: except in the events in which, according to current legal regulations, authorization is not required to carry out the processing.
Right to be informed regarding the use of the personal data.
Right to file complaints with the Superintendency of Industry and Commerce: for violations of the provisions of current regulations on the processing of personal data.
Right to demand compliance with orders issued by the Superintendency of Industry and Commerce: For the purposes of exercising the rights described above, both the data subject and their representative must prove their identity and, if applicable, the capacity in which they represent the data subject. The rights of minors will be exercised through their legal representatives.

 

6- OBLIGATIONS OF LABORATORIOS EDO SAS: All those obligated to comply with this policy must bear in mind that LABORATORIOS EDO SAS is obligated to fulfill the duties imposed by law. Consequently, the following obligations must be met:
Duties when acting as the data controller:
– Request and retain, under the conditions stipulated in this policy, a copy of the respective authorization granted by the data subject.
– Clearly and sufficiently inform the data subject about the purpose of the data collection and the rights they have by virtue of the authorization granted.
– Inform the data subject, upon request, about the use given to their personal data.
– Process inquiries and complaints submitted in accordance with the terms established in this policy.
– Ensure compliance with the principles of accuracy, quality, security, and confidentiality as established in this policy.
– Store the information under the necessary security conditions to prevent its alteration, loss, unauthorized or fraudulent access, use, or disclosure.
– Update the information when necessary.
– Rectify personal data when appropriate.
Duties when processing personal data through a Data Processor:
– Provide the Data Processor only with personal data for which processing has been previously authorized.
– Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.
– Promptly inform the Data Processor of any changes to the data previously provided and take all other necessary measures to ensure that the information provided remains up-to-date.
– Promptly inform the Data Processor of any corrections made to personal data so that they can make the necessary adjustments.
– Require the Data Processor, at all times, to respect the security and privacy conditions of the data subject's information.
– Inform the Data Processor when certain information is under dispute by the data subject, once a complaint has been filed and the corresponding process has not yet been completed.
Duties with respect to the Superintendency of Industry and Commerce:
– To inform it of any violations of security codes and the existence of risks in the management of the information of the holders
– To comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

 

7- REQUEST FOR AUTHORIZATION FROM THE PERSONAL DATA SUBJECT: Before and/or at the time of collecting personal data, LABORATORIOS EDO SAS will request the data subject's authorization to collect and process their data, indicating the purpose
for which the data is requested, using automated, written or oral technical means that allow for proof of authorization and/or the unequivocal conduct described in Article 7 of Decree 1377 of 2013. This authorization will be requested for the time that is reasonable and necessary to satisfy the needs that gave rise to the data request and, in any case, in compliance with the legal provisions governing the matter.

 

8- PRIVACY NOTICE: In the event that LABORATORIOS EDO SAS cannot make this information processing policy available to the data subject, it will publish the privacy notice attached to this document, the text of which will be kept for later consultation by the data subject and/or the Superintendency of Industry and Commerce.

 

9- TEMPORAL LIMITATIONS ON THE PROCESSING OF PERSONAL DATA. LABORATORIOS EDO SAS may only collect, store, use, or circulate personal data for as long as is reasonable and necessary, in accordance with the purposes that justified the processing, taking into account the applicable regulations and the administrative, accounting, tax, legal, and historical aspects of the information. Once the purpose(s) of the processing have been fulfilled, and without prejudice to any legal provisions to the contrary, the personal data in its possession will be deleted. Notwithstanding the foregoing, personal data must be retained when required for compliance with a legal or contractual obligation.

 

10- RESPONSIBLE AREA AND PROCEDURE FOR EXERCISING THE RIGHTS OF PERSONAL DATA SUBJECTS: The ADMINISTRATIVE AND FINANCIAL AREA of LABORATORIOS EDO SAS will be responsible for addressing requests, complaints, and claims submitted by data subjects in the exercise of the rights outlined in point 5 of this policy. For this purpose, the data subject or their representative may submit their request, complaint, or claim Monday through Friday from 8:00 a.m. to 5:00 p.m. to the email address [email protected] , call the telephone line (2) 664 4408, or file it at the address Calle 13 38-86 Acopi (Yumbo-Valle). The request, complaint, or claim must include the data subject's identification, a description of the facts giving rise to the claim, the address, and any supporting documents. If the claim is incomplete, the claimant will be required to correct the deficiencies within five (5) days of receiving the claim. If the claimant fails to provide the required information within two (2) months of the date of the request, the claim will be considered withdrawn. If the recipient of the claim is not authorized to resolve it, they will forward it to the appropriate party within a maximum of two (2) business days and inform the claimant of the situation. The maximum time for addressing the claim will be fifteen (15) business days, starting from the day after the date of receipt. If it is not possible to address the claim within this timeframe, the claimant will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial timeframe.

 

11- DATA COLLECTED BEFORE THE ISSUANCE OF DECREE 1377 OF 2013: In accordance with the provisions of numeral 3 of article 10 of Regulatory Decree 1377 of 2013, the company will publish a notice on its official website www.laboratoriosedo.com addressed to the owners of personal data in order to make known this information processing policy and how to exercise their rights as owners of personal data hosted in the databases of LABORATORIOS EDO SAS

 

12- SECURITY MEASURES: In accordance with the security principle established in Law 1581 of 2012, the company will adopt the necessary technical, human, and administrative measures to ensure the security of records, preventing their alteration, loss, unauthorized or fraudulent access, use, or disclosure. Personnel processing personal data will follow established protocols to guarantee information security. To this end, security and access protocols have been implemented for information systems, personnel with access have signed confidentiality agreements, and physical safeguards have been implemented for paper files.

 

13- EFFECTIVE DATE: This Personal Data Policy was created on October 15, 2016 and is effective as of October 27, 2016. Any changes to this policy will be communicated through the following website: www.laboratoriosedo.com

 


 Sincerely,
LABORATORIOS EDO SAS
NIT. 890.308.184-1
Calle 13 No. 38-86 Acopi-Yumbo