Data Processing Policy

1. Objective - Responsible for the treatment of the information

The purpose of this document is to formalize the policies for the treatment of personal data information of all clients, tenants, employees, partner institutions and suppliers that interact with Residencial 10 SAS, to that extent, responsible for personal information. THE RESPONSIBLE, develops its activities as a private entity, identified with NIT 900718360 domiciled at Calle 12C # 3-64 of the city of Bogotá, Colombia, with email and telephone number 7454706

2. Reach

This policy applies to all databases and personal data contained in them, with respect to whose treatment THE CONTROLLER is an administrator within the contextual framework of Law 1581 of 2012 and the other regulations that add, modify, complement or regulate it. This policy is only applicable to THE DATA CONTROLLER, and in no way is it extended to personal information processing activities that are carried out by third parties or that are carried out based on their instructions, partners of marketing or advertising activities. and other service providers.

3. Definitions

For the purposes of this policy, the terms indicated below will have the following meanings, in accordance with Law 1581 of 2012 and Decree 1377 of 2013:
• Authorization: Prior, express and informed consent of the Holder to carry out the Processing of Personal Data
• Privacy notice: verbal or written communication generated by THE CONTROLLER addressed to the Holder for the Treatment of their personal data, by means of which they are informed about the existence of the information Treatment policies that are applicable to them, the way to access to the same and the purposes of the treatment that is intended to give personal data. The privacy notice is used only if the privacy policy can be made available to the public.
• Database: Organized set of personal data that is subject to Treatment
• Personal data: Any information linked to or that may be associated with one or more specific or determinable natural persons; Certain personal data are part of the so-called “public data”, among which are those included in the Civil Registry. THE RESPONSIBLE, in order to comply with its legal and contractual obligations, requires the processing of numerous personal data, including those of the tenants, guests at the residence facilities and officials, to whom the provisions provided by the Law 1581 of 2012, and its Regulatory Decree 1377 of 2012, and consequently this policy;
• Private data: It is the data that is only relevant to its owner.
• Sensitive data: That which affects the privacy of the owner or whose improper use may generate discrimination, such as that which reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data;
• Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, performs the Treatment of personal data on behalf of the Responsible for the Treatment;
• Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data
• Owner: Natural person whose personal data are subject to Treatment;
• Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion;
• Transfer: the data transfer takes place, when the Responsible and / or Person in Charge of the Processing of personal data, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is located inside or outside the country .
• Transmission: Treatment of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible.

4. Treatment of Personal Information

This policy is applicable in the event that the owners of the personal data decide to deliver to THE CONTROLLER directly or through third parties their data by any verbal, written, online or physical means and for those who, through any lawful means, such As public databases, they are collected by the entity.
The personal data that THE RESPONSIBLE collects, stores, and in any other way treats, are managed by its staff, are confidential and are only used in accordance with the guidelines established by the Constitution and the Law that governs their activities, as well as in accordance with what is established in the following aspects of the treatment of personal information:
4.1. Treatment of personal information: The person in charge may use personal information in order to offer a service appropriate to the needs of the company, the above within the contextual framework of law 1581 of 2012 and regulatory standards.
4.2. Treatment of personal information in commercial and marketing activity: THE CONTROLLER may use the personal information collected to offer the holders of the information newsletters, as well as to share other marketing messages such as surveys and opinions. Communications can be made through email, physical mail, online advertisements, phone calls, text messages (including SMS and MMS), and other digital means.
4.3. Treatment of personal information in human resources activities. For its personnel selection and social welfare activities, THE CONTROLLER collects and stores personal data of its collaborators and officials, information that is received directly from the holders of the information and that is treated in accordance with this policy and within the contextual framework of the Law 1581 of 2012 and regulations, under the purposes enshrined in the authorizations granted by the owner of the information.
4.4. Treatment of personal information in customer service activities. For the process of Customer Service and attention to requests, complaints and claims, THE CONTROLLER collects and stores personal information of tenants, residents and their representatives, in the case of minors, and visitors. The information received by THE CONTROLLER is delivered by the owners of the information and is treated in accordance with this policy and within the contextual framework of law 1581 of 2012 and its regulatory standards, under the purposes enshrined in the authorizations granted by the owner of the information. The terms for answering the rights of petition related to the rights established in the law to know, update, rectify and delete your personal data, are those provided in articles 14 and 15 of law 1581 of 2012 as enshrined in the present policy.
4.5. Treatment of Sensitive Data and personal data of children and adolescents:
The treatment of this type of data will be done, in any case, ensuring respect for fundamental rights and responding to their best interests. THE RESPONSIBLE within its operation does not carry out the treatment of data that are related to health conditions, political or religious affiliation or sexual condition of the residents, employees or tenants, however, if it is required in a particular case, the The processing of sensitive data will have as prerequisites: a) Inform the Holder that because it is sensitive data, he is not obliged to authorize its Treatment. b) Inform the Holder explicitly and in advance, in addition to the general requirements of the authorization for the collection of any type of personal data, which of the data that are subject to treatment are sensitive and the purpose of the treatment, as well as obtain their express consent. c) Do not condition any activity on the provision of sensitive personal data unless they are absolutely necessary for the corresponding activity. However, what is established herein will not be applicable in the event that the processing of sensitive data is necessary to attend an emergency of any kind or when it is required to carry out any activity that results in the exclusive benefit of the owner of the information.
4.6. Treatment Information received from Third Parties The information received by THE CONTROLLER through sources such as universities and other educational institutions, operators and third parties in general, including that corresponding to referrals who may be interested in the company's services, is collected taking into account Law 1581 of 2012 and other rules that regulate this matter. Likewise, the use given to this information is within the purposes authorized by its owners and the activity of THE RESPONSIBLE. In the case of referred persons, in the initial communications they are informed who is the person who referred them, the purpose of the communication and how they can exercise their rights in case they do not want to make additional contacts. THE RESPONSIBLE, maintains with these third agreements or agreements, in particular those corresponding to the operation of the business, in the which establish their responsibilities and obligations regarding the treatment of personal information.
4.7. Access to the facilities and Video Surveillance In order to ensure safety, harmony and compliance with the manual of coexistence within the facilities, THE CONTROLLER directly or through the surveillance companies will keep lists of residents and visitor records in order to record the Building entrances and exits, such information will be used exclusively to carry out a population census and maintain control of entrances and exits, as well as compliance with permitted schedules. Likewise, within the facilities, video surveillance cameras are installed in common places that allow constant monitoring of the activities carried out in them. Such records may be consulted with THE CONTROLLER in order to allow them to carry out their administrative work.
4.8. Billboards and public information within the facilities
Information boards may be kept that will serve THE RESPONSIBLE as a means of communicating activities, news and coexistence regulations, any information that is presented on the billboards without the authorization of the RESPONSIBLE, will be the responsibility of the people who include it, this under the understanding that in case of presenting information that contains personal data such as photographs, testimonies or allusions to a certain person, their authorization must always be obtained.

5. Purposes of the Information Processing.

In each case of data collection by THE RESPONSIBLE, the purposes for the specific treatment will be informed to the owner of the information prior to the granting of their authorization. However, all purposes will be framed within the following:
• Provide services as a residence operator
• Marketing activities including service proposals, satisfaction surveys, market research, commercial prospecting activities and creation of customer profiles.
• Sending information about the company's services and events
• Carrying out all activities related to the management of the contractual relationship with officials, collaborators or contractors that THE CONTROLLER may have with the holders of personal data
• Activities related to the selection of personnel, study of resumes, verification of data provided by the candidate, application of psychotechnical and knowledge tests
• Labor and social welfare activities with employees;
• Attention and processing of requests, complaints, inquiries and claims made by current or potential tenants and residents;
• Activities such as accounting and financial management THE CONTROLLER may carry out statistical, historical and survey analyzes, based on the personal data processed, in which case they may deliver the results to third parties, but in doing so, they will not provide personal information without the authorization of the holders of personal data.
THE CONTROLLER may contact the owners of personal data through email, telephone communication, physical documents and other means considered electronic, physical and / or personal for the purposes set forth in this policy. In no case will THE RESPONSIBLE transfer or deliver this information to a third party, other than those mentioned in a general way within the purposes, unless it is necessary for its adequate fulfillment, this based on contracts or agreements for the transmission or transfer of data , when necessary, either within the national territory or abroad.
The entity may carry out data processing on its own servers or on those provided by a third party specialized in the matter and these may be located in Colombia or in other countries, in which case it will ensure that it has agreements in which the obligations that these third parties must observe are established, in addition to the requirement of compliance with the entity's privacy policies.
THE CONTROLLER may carry out statistical, historical and survey analyzes, based on the personal data processed, in which case they may deliver the results to third parties, but in doing so, they will not provide personal information without the authorization of the owners of the personal data.

6. Obligations of the person responsible for the treatment.

THE RESPONSIBLE as administrator of the information complies with the following obligations, without prejudice to the other provisions provided in law 1581 of 2012 and in others that govern its activity:
• Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data
• Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Holder in the casesas necessary
• Properly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted in cases where it is necessary.
• Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;
• Guarantee that the information provided to the Person in Charge of Treatment is true, complete, exact, updated, verifiable and understandable;
• Update the information, communicating in a timely manner to the Person in Charge of Treatment, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it is kept updated;
• Rectify the information when it is incorrect and communicate the pertinent to the Person in Charge of Treatment;
• Process inquiries and claims formulated in the terms indicated in the law;
• Adopt an internal manual of policies and procedures to guarantee adequate compliance with the law and, especially, for the attention of inquiries and complaints;
• Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders.
• Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

7. Rights of the holder. The owner of personal data has the following rights:

• Know, update and rectify your personal data in front of THE RESPONSIBLE. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized.
• Request proof of the authorization granted to THE CONTROLLER except when expressly excepted as a requirement for the Treatment.
• Be informed by THE RESPONSIBLE, upon request, regarding the use that has been given to your personal data.
• Present before the Superintendency of Industry and Commerce complaints for infractions to the provisions of the personal data protection law and other regulations that modify, add or complement it.
• Revoke the authorization and / or request the deletion of the data when the treatment does not respect the principles, rights and constitutional and legal guarantees. The revocation and / or deletion will proceed when the Superintendency of Industry and Commerce has determined that the DATA CONTROLLER has engaged in conduct contrary to law and the Constitution.
• Free access to your personal data that have been subject to Treatment at least once a month.

8. Authorizations and consent.

The collection, storage, use, circulation or deletion of personal data by THE RESPONSIBLE, is done, if it is mandatory, with the prior free, express and informed consent of the owner thereof.
8.1. Means to grant authorization. The authorization can be recorded in a physical, electronic document, data message, voice recordings, Internet, Website, suggestion box, in any other format that allows to guarantee its subsequent consultation, or through a suitable technical or technological mechanism, which allows express or obtain consent via click or double click, or another by which it can be unequivocally concluded that had the owner not behaved, the data would never have been captured and stored in the database.
8.2. Proof of authorization. THE RESPONSIBLE uses the mechanisms that it currently has to implement the tending and necessary actions to maintain records or suitable technical or technological mechanisms for the preservation of the authorization by the holders of personal data for the treatment thereof. To comply with the foregoing, physical files or electronic repositories may be established directly or through third parties hired for this purpose.
8.3. Photos, videos and publications. In the development of the activities developed by THE CONTROLLER, photographic images and audio and video recordings may be captured.
This photographic and video material may be used for the purpose of (i) leaving a record of the work carried out; (ii) Publish them in the development of informational or advertising campaigns in different media such as radio, television and / or press or other digital media (iii) Include them as part of printed, digital or electronic audiovisual material, as well as internet pages and social networks of THE RESPONSIBLE.
There is a commitment to carefully review the information that will be published in any way, in such a way that the dignity, privacy or good name of any of the people who appear in said comments is not violated.