PERSONAL DATA PROCESSING POLICY OF
DELICHICKS S.A.S.
La present policy is issued in compliance with Law 1581 of 2012 and its Regulatory Decree 1377 of 2013, with the purpose of guaranteeing compliance with said regulations and providing adequate treatment of personal data, ensuring the rights of the data subjects.
I. RESPONSIBLE.
Corporate Name: DELICHICKS S.AS.
Address: Girón Santander (Colombia)
Address: Carrera 17 N° 60 – 170 Autopista Palenque Chimitá
Email: servicioalcliente@delichicks.com
Responsible Area: Treasury.
II. TREATMENT TO WHICH DATA WILL BE SUBJECTED AND PURPOSE:
In the development of its corporate purpose, DELICHICKS S.A.S. carries out the Processing of personal data of its employees, suppliers, customers, and potential customers of its products and/or services, an activity that it carries out directly, or in some cases through contractors or third parties contracted or with which agreements are in place for such tasks.
In compliance with corporate processes and policies, DELICHICKS S.A.S. may require transferring or transmitting such data to its related companies, subsidiaries, and/or third parties for processing and/or storage purposes, who will have the same authorizations for the processing of personal data given to the Responsible Party, in accordance with the provisions of this Policy.
The collection of personal data by DELICHICKS S.A.S. will be limited to those personal data that are relevant to the purpose for which they are collected or required. Except in cases expressly provided for by law, personal data will not be collected without the authorization of the Data Subject, nor will deceptive or fraudulent means be used to collect and process personal data.
Data Processing includes collection, storage, management, use, transfer, transmission, and destruction, in the manner permitted by law and is carried out with the following specific purpose for each of the databases used in the company:
INFORMIX DATABASE: The specific purpose of this database corresponds to the need to store all the information of the company, in different modules corresponding to Clients, Suppliers, and Employees of the company, both active and retired.
a) Module Active and Retired Employee Data: Your data will be processed for the performance of activities related to the company’s corporate purpose; verification of the information provided during my hiring process; compliance with labor obligations, such as payroll, contributions, and reports to the general system of social security in health, pensions, and occupational hazards; attention to inquiries, requests, petitions, and complaints; compliance with anti-money laundering and terrorism financing regulations; carrying out marketing, promotion, or advertising activities; development of company activities with its employees, such as training, granting of credits, recreational activities, sending corporate communications; carrying out commercial alliances that generate added value for employees and other activities required in the normal development of the organization and compliance with rules, regulations, and activities with its employees.
In case of the collection of sensitive data of employees and former employees, the same will be processed to: i) ensure compliance with labor law and social security regulations, ii) control entry and exit from the company’s facilities, such as, but not limited to plants, farms, offices, CEDIS, among others, iii) control the working hours of the company’s employees, iv) control attendance at events and/or training organized by the company.
In case of the collection of personal data of children or adolescents who are under the care of the employee or former employee, the same will be processed for the realization of recreational or family events by the Company involving said minors, provided that said processing responds to and respects the best interests of the children and adolescents and ensures respect for their fundamental rights, in accordance with the provisions of article 7 of Law 1581 of 2012.
b) Suppliers Personal Data Module: Your data will be processed to carry out activities related to the company’s corporate purpose, comply with legal and/or contractual obligations such as billing, payments, payment reports, or obligations required by law or internal policies; to address inquiries, requests, and/or petitions; to initiate and/or handle actions and/or claims; for the maintenance and development of the commercial relationship, to carry out marketing, promotion, or advertising activities; to carry out market intelligence activities, evaluate consumption habits, conduct surveys, send text messages, carry out loyalty campaigns, carry out commercial alliances to generate added value, disclose news and information about the products and/or services of DELICHICKS S.A.S., its parent, subsidiaries or affiliates, and general interest; to comply with anti-money laundering and terrorism financing regulations; to conduct audits, send invitations, participate in contracting processes, request quotes and/or information about products and services; to exchange with third parties at the national level and/or verify data with third parties.
c) Clients Personal Data Module: Your data will be processed to carry out activities related to the company’s corporate purpose, comply with legal and/or contractual obligations such as billing, payments, payment reports or obligations required by law or internal policies; to address inquiries, requests, and/or petitions; to initiate and/or handle actions and/or claims; for the maintenance and development of the commercial relationship, to carry out marketing, promotion, or advertising activities; to carry out market intelligence activities, evaluate consumption habits, conduct surveys, send text messages, carry out loyalty campaigns, carry out commercial alliances to generate added value, disclose news and information about the products and/or services of DELICHICKS S.A.S., its parent, subsidiaries or affiliates, and general interest; to comply with anti-money laundering and terrorism financing regulations; to conduct audits, send invitations, participate in contracting processes, request quotes and/or information about products and services; to exchange with third parties at the national level and/or verify data with third parties.
d) Occasional or Periodic Visitors Personal Data Module: Your data will be processed to ensure the safety of people; the assets and facilities of DELICHICKS; Control of entry and exit from the company’s facilities, such as, but not limited to plants, farms, offices, CEDIS, sales points, among others; Serve as evidence in any type of process; Address inquiries, requests, petitions, and complaints; Compliance with anti-money laundering and terrorism financing regulations.
In case of the collection of sensitive data of occasional or periodic visitors, the same will be processed for the purposes mentioned above.
HYPERFILE DATABASE: The specific purpose of this database corresponds to the need to store all the information of the buyers or end consumers, on a daily basis at each of the sales points at the national level or through mobile applications that are designed and operational to carry out daily sales of products. The Database provides the company with sales statistics, product promotion, customer consultation, and evaluation of consumption habits. Your data will be processed to comply with the legal and/or contractual obligations of the company, such as billing, payment reports, or obligations required by law or internal policies; to address inquiries, requests, and/or petitions; to initiate or address actions and complaints; for the maintenance and development of the commercial relationship; to carry out marketing, promotion, or advertising activities; to carry out market intelligence activities, evaluate consumption habits, conduct surveys, send text messages, carry out loyalty campaigns, carry out commercial alliances to generate added value, disclose news and information about the products of DELICHICKS S.A.S., its parent, subsidiaries or affiliates, and general interest; To comply with customer knowledge regulations required by the financial system and anti-money laundering and terrorism financing regulations, to verify debts with the state; to inquire about their assets. To send communications and update data.
III. RIGHTS OF DATA SUBJECTS.
Data Subjects have the following rights under Law 1581 of 2012:
a. Know, update, and rectify their personal data. This right may be exercised, among others, regarding partial, inaccurate, incomplete, fractionated data, which may mislead, or those whose processing is expressly prohibited or has not been authorized;
b. Request proof of the authorization granted to the Data Controller, except when expressly exempted as a requirement for processing, in accordance with the provisions of Article 10 of the law;
c. Be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been given to their personal data;
d. Lodge complaints with the Superintendence of Industry and Commerce for breaches of the provisions of this law and other regulations that modify, add to or complement it;
e. Revoke the authorization and/or request the deletion of the data when processing does not comply with constitutional and legal principles, rights, and guarantees. The revocation and/or deletion shall proceed when the Superintendence of Industry and Commerce has determined that the Data Controller or Processor have engaged in conduct contrary to this law and the Constitution;
f. Access their personal data that have been subject to processing free of charge.
IV. PROCEDURE FOR THE EXERCISE OF RIGHTS BY DATA SUBJECTS.
Data Subjects must address their inquiries or complaints to the email: centrodeservicios@distraves.com.
a. Inquiries: DELICHICKS S.A.S. must address inquiries within ten (10) business days from the date it was received. When it is not possible to meet this deadline, the interested party must be informed of the reasons for the delay and the date when the inquiry will be addressed within a term not exceeding five (5) business days following the expiration of the first term.
b. Complaints: The Data Subject or heir who considers that the information contained in a database should be corrected, updated, or deleted, or who becomes aware of the alleged non-compliance with any of the duties contained in the law, may submit a complaint to DELICHICKS S.A.S., which will be processed under the following rules:
i) The complaint will be made by request to the email centrodeservicios@distraves.com with the identification of the Data Subject, a description of the facts giving rise to the complaint, the address, and accompanying the documents that are intended to be used. If the complaint is incomplete, DELICHICKS S.A.S. will request the interested party within five (5) days following receipt of the complaint to remedy the deficiencies. If two (2) months have passed since the date of the request without the requester providing the required information, it will be understood that the complaint has been withdrawn.
ii) Once the complete complaint is received, a legend stating “complaint in process” and the reason for it will be included in the database within a maximum term of two (2) business days. This legend must be maintained until the complaint is decided.
iii) The maximum term for addressing the complaint will be fifteen (15) business days from the day following the date of its receipt. When it is not possible to address the complaint within said term, the interested party will be informed of the reasons for the delay and the date when their complaint will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
iv) The Data Subject or heir may file a complaint with the Superintendence of Industry and Commerce, once they have exhausted the consultation or complaint process with the Data Controller or Processor.
c. Revocation of authorization and/or deletion of data: Data Subjects may at any time request DELICHICKS S.A.S. to delete the personal data referred to in Law 1581 of 2012 and/or revoke the authorization granted for their Processing, by submitting a complaint, following the procedure indicated in this Policy. If, after the respective legal term has elapsed, DELICHICKS S.A.S. has not deleted the personal data, the Data Subject will have the right to request that the Superintendence of Industry and Commerce order the revocation of the authorization and/or the deletion of the personal data. Notwithstanding the foregoing, personal data must be retained when required for compliance with a legal or contractual obligation.
V. POLICY VALIDITY.
DELICHICKS S.A.S. reserves the right to modify this Policy at any time. However, in case of substantial modifications to its content, this situation will be communicated through the contact details provided by the Data Subjects.
DELICHICKS must document the process for the Processing of personal data (obtaining, authorization, and complaints) in accordance with applicable regulations.
ANNEX 1
AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA OF EMPLOYEES, TEMPORARY WORKERS, INTERNS, AND/OR APPRENTICES OF THE COMPANY DELICHICKS S.A.S.
I, _____________________________________________________, of legal age, identified with identity card No. _________________________ of ________________________, declare that I have been informed that: (I) DELICHICKS S.A.S., as an employer, will act directly or through third parties as the Data Controller of my personal data to which it has access by virtue of the contractual relationship I have with it and has made available to me the email address servicioalcliente@distraves.com for the handling of requests related to my personal data. (II) That its Personal Data Processing Policies are published on the website www.delichicks.com.co. (III) My data will be processed for the following purposes: a) Verification of the information provided during my hiring process; b) carrying out activities related to the company’s corporate purpose; c) compliance with labor obligations, such as payroll, contributions, and reports to the general social security system in health, pensions, and occupational hazards; handling queries, requests, petitions, and complaints; d) compliance with anti-money laundering and counter-terrorism regulations; e) carrying out marketing, promotion, or advertising activities; f) development of activities of the company with its employees, such as training, granting of credits, recreational activities, sending corporate communications, g) carrying out commercial alliances that generate added value for employees and h) other activities required in the normal development of the organization and compliance with rules, regulations, and activities with its employees.
I understand that sensitive data are those that affect the privacy of the Data Subject or whose improper use may lead to their discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or those that promote the interests of any political party or guarantee the rights and guarantees of opposition political parties as well as data relating to health, sexual life, and biometric data, such as fingerprint, facial recognition, iris recognition, hand geometry, and retina recognition, among others.
Regarding the processing of sensitive data, I declare that I have been informed of the following:
(I) That in the event of the collection of my sensitive information including biometric data, I have the right to answer or not the questions asked of me, and to provide or not, the requested data.
(II) Apart from the purposes initially mentioned, the sensitive data that will be collected will be processed to: (a) ensure compliance with labor and social security regulations, (b) control entry and exit from the company’s facilities, such as, but not limited to plants, farms, offices, CEDIS, among others, (c) monitor the working hours of the company’s employees, (d) monitor attendance at events and/or training organized by the company.
I declare that in the event of the collection of personal data of children or adolescents under my care, I authorize their processing for the realization of recreational or family events by the Company involving said minors, provided that such processing responds to and respects the best interests of children and adolescents and ensures respect for their fundamental rights, in accordance with the provisions of Article 7 of Law 1581 of 2012.
Taking into account the above and having read and understood the personal data processing policy provided by the company through the website, I voluntarily, freely, and expressly authorize DELICHICKS S.A.S., for the processing of my personal data, including the transfer and/or transmission of the same to its linked companies, subsidiaries, or third parties for the purpose of processing and/or storing the information.
DELICHICKS S.A.S., Carrera 17 Nº 60-170 Autopista Palenque Chimita (Girón- Santander), Phone 6797970.
Signature: ____________________________________
Name: ___________________________________
ID: ____________________________________
Date: ____________________________________