Privacy and Data Protection Policies

KAMEX INTERNATIONAL SAS ., acting as responsible for the processing of personal data and in compliance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, through this policy guarantees any user or visitor to our establishment or website the respective protection of personal information granted to the company.

In order to comply with the purposes of the General Regime for the Protection of Personal Data established in current regulations, it has established this Privacy and Data Protection policy; which will be applied to the information that rests in the databases of our company and that is collected in the development of the service provided, as well as the mechanisms provided for the exercise of their rights such as presentation of complaints and claims through the Web Site or other means that allow your access to the service.

Therefore, it guarantees the support of security measures of a technical and administrative nature, necessary to guarantee the security of your personal data and to avoid alteration, loss, treatment and/or unauthorized access, all as provided in the regulations in force in Colombia.

In the event that a user wishes to exercise their right as the owner of the information, they may request in writing by means of a communication at any of the company's service points, the updating and rectification of their personal data in the KAMEX system. INTERNATIONAL SAS .

  1. GENERAL FEATURES
  • RIGHT OF HABEAS DATA

Art.15 of the Political Constitution of Colombia establishes the right of all people to know, update and rectify the information that has been collected about them in databases or files of both public and private entities. Likewise, and in accordance with Ruling C-748 of 2011 of the Constitutional Court, it includes other powers such as authorizing Treatment, including new data or excluding or deleting them from a database or file.

This right was developed in a jurisprudential manner from 1991 to 2008, in which the Special Habeas Data Law was issued, which regulates what has been called "financial habeas data", meaning the right that every individual to know, update and rectify their personal commercial, credit, and financial information contained in public or private information centers, whose function is to collect, process and circulate this data in order to determine the level of financial risk of its Holder . This Special Law considers both natural and legal persons as Holder of the information.

Subsequently, on October 17, 2012, Law 1581 "General Protection of Personal Data" was issued, which develops the right of Habeas Data from a broader perspective than the financial and credit mentioned above. In such a way, that any Holder of personal data has the power to control the information that has been collected from himself in any database or file, managed by private or public entities. Under this General Law, the natural person is the Owner. Only in special situations provided for by the Constitutional Court in Judgment C-748 of 2011, could the legal entity become such.

On June 27, 2013, Decree 1377 of 2013 was issued, which partially regulated Law 1581 of 2012.

  • OBJECT

The purpose of this manual is to define the policies and procedures that KAMEX INTERNATIONAL SAS must follow, regarding the handling of personal information in compliance with the constitutional, legal and jurisprudential approaches of Colombia.

The Manual contains stages, documents, obligations, instructions, controls and guarantees that will govern the development of the activities of KAMEX INTERNATIONAL SAS in terms of capturing and processing personal information.

  • AREA OF APPLICATION

The Policy will be applicable to the databases that are under the administration of KAMEX INTERNATIONAL SAS , or are likely to be known by it by virtue of the commercial relations developed with the other entities that are part of the Company by virtue of the relations business developed through business alliances or agreements. In the first case, it will act as responsible, in the other cases it could have the quality of Manager or Responsible, depending on whether it receives them from a third party or collects them itself.

Likewise, the policy will be applicable when the data processing is carried out in Colombian territory. As well as, when the Responsible or the Treatment Manager does not reside in Colombia but by virtue of international regulations or treaties, Colombian legislation is applicable.

  • SCOPE

All officials are covered under this policy. KAMEX INTERNATIONAL SAS will advance the required educational and training campaigns, so that the areas that have a higher level of interaction with the administration of personal data are aware of the Law and the provisions adopted to ensure its compliance.

Likewise, Business Partners, Suppliers and Contractors who have access to the personal data of Owners who have provided them to KAMEX INTERNATIONAL SAS , will be required to comply with the Law and this policy.

  • DEFINITIONS

In order for the recipients of this policy to be clear about the terms used throughout it, the definitions provided by the General Law are included below, as well as those referring to the classification of data in accordance with the Law 1266 of 2008.

  • Authorization : Prior, express and informed consent of the Owner to carry out the Processing of personal data.
  • Database: Organized set of personal data that is subject to treatment.
  • Personal data : Any information linked or that can be associated with one or several determined or determinable natural persons.

Classification of data under Law 1266 of 2008:

  • Private, semi-private and public . Private data is data that, due to its intimate or reserved nature, is only relevant to the Holder.
  • Semi-private data is that which is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its Holder but also to a certain sector or group of people or to society in general, such as financial and credit data of commercial activity. or services referred to in the Special Law.
  • Public data is the data classified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private in accordance with the Special Law. The Special Law included as an example of this type of data those related to the civil status of people, those that appear in public documents and in enforceable sentences. Decree 1377 of 2013, regulating Law 1581 of 2012, included in addition to the previous ones those referring to the profession or trade, to the quality of public servant or merchant.

Classification of data under the General Law: Sensitive and Public.

  • Sensitive data are those that affect the privacy of the Owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
  • Treatment Manager : Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Treatment Manager.
  • Privacy Notice: Verbal or written communication generated by the person in charge, addressed to the Owner for the processing of their personal data, through which they are informed about the existence of the information processing policies that will be applicable to them, the way to access to them and the purposes of the treatment that is intended to be given to personal data.
  • Transfer: The transfer of data takes place when the person in charge and/or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is located inside or outside from the country.
  • Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of the data.
  • Owner: Natural person whose personal data is subject to Treatment.
  • Treatment: Any operation or set of operations on personal data, such as collection, storage, use or circulation. 
  1. BEGINNING

It is a commitment of KAMEX INTERNATIONAL SAS , to understand and develop in a harmonious way the principles established in the General Law.

The principles contained in the General Law are listed below:

  • Principle of legality in matters of Data Processing: The Treatment referred to in this law is a regulated activity that must be subject to what is established in it and in the other provisions that develop it;
  • Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Owner;
  • Principle of freedom: The Treatment can only be exercised with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent;
  • Principle of veracity or quality: The information subject to Treatment must be true, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fractional or misleading data is prohibited;
  • Principle of transparency: In the Treatment, the right of the Holder to obtain from the Treatment Manager or the Treatment Manager, at any time and without restrictions, information about the existence of data that concerns him must be guaranteed;
  • Principle of access and restricted circulation: The Treatment is subject to the limits that derive from the nature of the personal data, the provisions of this law and the Constitution. In this sense, the Treatment can only be done by persons authorized by the Owner and/or by the persons provided for in this law; Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to Holders or authorized third parties in accordance with this law;
  • Security principle: The information subject to Treatment by the Treatment Manager or Treatment Manager referred to in this law, must be handled with the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, unauthorized or fraudulent loss, consultation, use or access;
  • Principle of confidentiality: All persons involved in the Processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the Treatment, and may only Provide or communicate personal data when it corresponds to the development of the activities authorized in this law and in its terms;
  • Necessity and proportionality. The personal data registered in a database must be those strictly necessary for the fulfillment of the purposes of the Treatment, informed to the owner. In this sense, they must be adequate, pertinent and consistent with the purposes for which they were collected;
  • Temporality or expiration. The period of conservation of personal data will be that necessary to achieve the purpose for which they have been collected;
  • Comprehensive interpretation of constitutional rights. Law 1581 of 2012 will be interpreted in the sense that constitutional rights are adequately protected, such as habeas data, the right to a good name, the right to honor, the right to privacy and the right to information. The rights of the holders will be interpreted in harmony and on a level of balance with the right to information provided for in article 20 of the Constitution and with the other applicable constitutional rights.

KAMEX , in development of the principle of legality, will ensure that the data is acquired, processed and managed in a lawful manner.

Likewise, when they act as Responsible for the Treatment, that is to say when they are in front of a Holder who is going to acquire the quality of Client or User or already has it, they will inform him in a clear, sufficient and prior way about the purpose or purposes of the information to be supplied. In the event that the purpose changes or is modified in such a way that the Owner does not reasonably expect it, they will be informed in advance, in order to obtain their consent again.

In development of the principle of reasonableness and proportionality, they will collect the data that is strictly necessary to carry out the purposes pursued and will keep them for the time necessary to fulfill the purpose for which they have been registered, observing at all times the special terms established by the law in administrative, accounting, fiscal, legal and historical aspects of information.

Likewise, they will respect the Owner's freedom to authorize or not the use of their personal data, and consequently, the mechanisms they use to obtain consent will allow the Owner to unequivocally state that they grant such authorization. They will inform the Holder about the Treatment that will be given to his data, in such a way that it is clear to him that if his will is to contract the service offered, he must provide truthful and updated information.

  1. RIGHTS OF HOLDERS AND IDENTIFICATION OF DATABASES
  • RIGHTS OF HOLDERS
  • Right of access or consultation: This is the right of the Owner to be informed by the person responsible for the treatment, upon request, regarding the origin, use and purpose that they have given to their personal data.
  • Rights of complaints and claims . The Law distinguishes four types of claims:
  • Correction claim: the right of the Holder to update, rectify or modify partial, inaccurate, incomplete, divided, misleading data, or those whose treatment is expressly prohibited or has not been authorized.
  • Deletion claim: the Owner's right to delete data that is inadequate, excessive or that does not respect the principles, rights and constitutional and legal guarantees.
  • Revocation claim: the right of the Owner to revoke the authorization previously given for the processing of their personal data.
  • Claim of infringement: the right of the Holder to request that the breach of the regulations on Data Protection be corrected.
  • Right to request proof of the authorization granted to the person responsible for the treatment: except when expressly excepted as a requirement for treatment in accordance with the provisions of article 10 of the LEPD.
  • Right to file complaints for infringements with the Superintendence of Industry and Commerce: the Holder or successor in title may only file this complaint once the consultation or claim process has been exhausted before the person responsible for the treatment or person in charge of the treatment
  • AUTHORIZATION

Without prejudice to the exceptions provided for in the Law, the Treatment requires the prior and informed authorization of the Holder, which must be obtained by any means that can be subject to subsequent consultation. The Owner's authorization will not be necessary in the case of:

  • Information required by a public or administrative entity in the exercise of its legal functions or by court order.
  • Data of a public nature.
  • Cases of medical or health urgency.
  • Treatment of information authorized by law for historical, statistical or scientific purposes.
  • Data related to the Civil Registry of People, KAMEX INTERNATIONAL SAS, when faced with any of these situations, will leave it clearly disclosed and in any case will comply with the other provisions contained in the law.

The texts of the authorizations to be made available to the Data Holders will be clear, and will indicate both the requirements established by Law 1266 of 2008, when applicable, and by Law 1581 of 2012 and Decree 1377 of 2013. the foregoing, an attempt will be made to review separately what is pertinent to both regulations, in such a way that there is no room for confusion on the part of the Holder about the rights that assist him under each of them.

In the section of the Authorization corresponding to the inclusion of the aspects indicated by the General Law, the purpose or purposes pursued with the Treatment, the type of Treatment to be carried out, the identification, physical or electronic address to which you can contact the Owner of the data, and the existence of the policy that develops the rights that assist the Owner will be indicated.

In such a way that, in the case of the use of personal data that does not correspond specifically to the development of the legal or contractual relationship established between KAMEX INTERNATIONAL SAS and the Holder, but rather refers to the sending of commercial or advertising information, there will be the mechanism, through the official mail or the landline or its offices, that allows the Owner of the data, in a simple and expeditious manner, to express their desire not to be contacted for said purposes.

  • IDENTIFICATION OF DATABASES

KAMEX INTERNATIONAL SAS has identified the following databases:

  • Current and Inactive Clients.
  • Registration of client prospects.
  • Registration of members of the sector.
  • Current and Inactive Providers.
  • Employees and Former Employees.
  • Registration of user service information.
  • Registration of Visitors to the Offices and Production Plant.
  • Video surveillance systems.
  • TREATMENT AND PURPOSE

The Personal Data processed by KAMEX INTERNATIONAL SAS must be strictly and solely submitted to the purposes indicated below. Likewise, Managers or third parties who have access to Personal Data by virtue of Law or contract, will maintain the Treatment within the following purposes:

  • Manage all the information necessary for compliance with tax obligations and commercial, corporate and accounting records of KAMEX INTERNATIONAL SAS
  • Comply with the internal processes of KAMEX INTERNATIONAL SAS regarding the administration of suppliers and contractors.
  • Comply with the service contracts entered into with clients.
  • Provide their services according to the particular needs of the clients of KAMEX INTERNATIONAL SAS , in order to fulfill the service contracts entered into, including but not limited to the verification of affiliations and rights of the individuals to whom the clients of KAMEX INTERNATIONAL SAS will provide their services.
  • The other purposes determined by the Responsible Parties in the processes of obtaining Personal Data for Treatment and that are communicated to the Holders at the time of collecting the personal data.
  • The process of archiving, updating systems, protection and custody of information and databases of KAMEX INTERNATIONAL SAS
  • Processes within the company, for development or operational purposes and/or systems administration.
  • The transmission of data to third parties with whom contracts have been entered into for this purpose, for commercial, administrative, marketing and/or operational purposes, including but not limited to the issuance of cards, personalized certificates and certifications to third parties, in accordance with the legal provisions in force.
  • Maintain and process by computer or other means, any type of information related to the client's business in order to provide the relevant services and products.
  • The other purposes determined by the Responsible Parties in the processes of obtaining Personal Data for Treatment, in order to comply with legal and regulatory obligations, as well as the Firm's policies.
  • Carry out the pertinent steps for the development of the pre-contractual, contractual and post-contractual stage of any of the products and services offered, as well as comply with Colombian or foreign law and the orders of judicial or administrative authorities.
  • Manage procedures (requests, complaints, claims), carry out risk analysis, carry out satisfaction surveys regarding the company's goods and services.
  • Provide contact information and relevant documents to the commercial force and/or distribution network, telemarketing, market research and any third party with which the company has a contractual relationship of any kind.
  • Disclose, transfer and/or transmit personal data inside and outside the country, to third parties as a result of a contract, law or lawful link that requires it or to implement services offered by KAMEX INTERNATIONAL SAS .
  • Carry out through any means directly or through third parties, programming and provision of technical service, sale, purchase, billing, portfolio management, monitoring of product performance, collection, business intelligence, marketing, promotion or advertising activities , improvement of the service, monitoring of collection, verification, consultation and control, authorization of means of payment as well as any other related to our current and future products and services, for the fulfillment of contractual obligations and the corporate purpose of the company.
  • For the sending and receiving of elements or advertising material according to the requirements of the demanded functions and sustainability of the company's businesses.
  • Control and prevent fraud in any of its forms.

SPECIFIC PURPOSES OF EACH DATABASE ACCORDING TO THE OWNER

The purpose of the customer and user databases is to use the data for the proper provision of the service or product purchased by the Holder with KAMEX INTERNATIONAL SAS

In development of this contractual relationship, KAMEX INTERNATIONAL SAS will seek to inform you about the innovations made in its products and services, in order to deepen or expand its current portfolio; as well as the improvements or changes in their service channels, and the complementary services and/or products offered by their related entities.

The Suppliers database seeks to have updated, solid and sufficient information about the people who have the quality of Suppliers or would like to have it as commercial information necessary for the execution of the activity of KAMEX INTERNATIONAL SAS .

The employee database seeks to update the information of officials so that the employment relationship develops properly. Likewise, your contact information may be shared with the entities linked to the Group so that employees may have access to the benefits that are reported when purchasing products or services from the Company.

The Former Employees database seeks to have their information available to the authorities, or to the Holder himself, during the term established in the labor law.

Clinical histories, it is required to have a detailed documentation of the object of consultation of the patients and the follow-up and/or progress of the pathology presented to determine the treatment or procedure to follow. The foregoing in accordance with the provisions of Resolution 1995 of 1999 of the Ministry of Health, where the Clinical History is defined as a private, obligatory and confidential document, in which the patient's health conditions, medical acts and procedures are recorded chronologically. the other procedures carried out by the health team involved in your care. Said document can only be known by third parties with the prior authorization of the patient or in the cases provided by law.

The commercial databases are required for the marketing and marketing strategies of the company with the informed consent of the clients, who are the potential recipients of discount campaigns and the promotion of new services with the precision that they have at all times. the prerogative of requesting exclusion from the commercial database or not receiving more information through previously authorized channels.

The surveys provide information about the effectiveness of the products, customer expectations and they are taken as a sample to determine not only eventual commercial campaigns, but also as a mechanism for permanent improvement in the provision of KAMEX services.

The information of the partners is kept in accordance with the provisions of the commercial code where it is noted that the merchant's books are reserved, consequently the documentation of the partners is registered in the book of partners because it is precisely a SIMPLIFIED LIMITED COMPANY (SAS), in the same way, the minutes of the company are duly filed.

  • VALIDITY

The data is kept in accordance with the principles of necessity and reasonableness, of expiration and temporality and with the provisions of the special regulations that regulate the preservation of documents.

  • INFORMATION SUPPLY CHANNELS

KAMEX INTERNATIONAL SAS establishes email as communication channels with the Holders:

analista.servcliente@kamexinternational.com.co

4. DUTIES AS RESPONSIBLE AND IN CHARGE OF TREATMENT.

  • DUTIES AS RESPONSIBLE FOR TREATMENT

In order to facilitate the understanding of the situations in which KAMEX INTERNATIONAL SAS acts as RESPONSIBLE, this term is defined below:

The General Law defines it as the natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the treatment of the data.

However, in accordance with Ruling C -748 of 2011, it is "the one that defines the purposes and essential means for data processing, including those who act as source and User". Being able to put the data into circulation or use it in a certain way.

  • Guarantee the Owner, at all times, the full and effective exercise of the right of habeas data. Request and keep a copy of the respective authorization granted by the Owner.

Duly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

  • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Guarantee that the information provided to the Treatment Manager is true, complete, exact, updated, verifiable and understandable.
  • Update the information, communicating in a timely manner to the Treatment Manager, all the news regarding the data that has previously been provided and adopt the other necessary measures so that the information provided to it is kept up to date.
  • Rectify the information when it is incorrect and communicate what is pertinent to the Treatment Manager. Provide the Treatment Manager, as the case may be, only data whose Treatment is previously authorized by the Holder.
  • Demand from the Treatment Manager at all times, respect for the security and privacy conditions of the Owner's information.

Process the queries and claims formulated in the terms indicated in this law.

Inform the Treatment Manager when certain information is under discussion by the Owner, once the claim has been filed and the respective process has not been completed.

  • Inform, at the request of the Owner, about the use given to their data. o Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders.
  • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
  • DUTIES AS PROCESSOR OF TREATMENT

In order to facilitate the understanding of the situations in which KAMEX INTERNATIONAL SAS acts as PROCESSOR, this term is defined below

  • Guarantee the Owner, at all times, the full and effective exercise of the right of habeas data.
  • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Timely update, rectify or delete the data, in accordance with this Manual.
  • Update the information reported by the Treatment Manager within five (5) business days from its receipt.
  • Process the queries and claims made by the Holders in the terms indicated in this law.
  • Register the legend "claim in process" in the database, if applicable. Insert in the database the legend "information under judicial discussion" once notified by the competent authority about judicial processes related to the quality of personal data.
  • Refrain from circulating information that is being controversial by the Holder and whose blocking has been ordered by the Superintendence of Industry and Commerce.
  • Allow access to information only to people who may have access to it.
  • Inform the Superintendence of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the Holders.
  • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
  • LEVEL OF SECURITY MEASURES APPLIED TO TREATMENT

In development of the security principle established in Law 1581 of 2012, KAMEX INTERNATIONAL SAS , will adopt the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. .

  • IMPLEMENTATION OF SECURITY MEASURES:

KAMEX INTERNATIONAL SAS will maintain mandatory security protocols for personnel with access to personal data and information systems. The procedure must consider, as a minimum, the following aspects:

  • Scope of application of the procedure with detailed specification of the protected resources.
  • Measures, norms, procedures, rules and standards aimed at guaranteeing the level of security required by Law 1581 of 2012.
  • Functions and obligations of the staff.
  • Procedure for notification, management and response to incidents.
  • Procedures for making backup copies and data recovery.
  • Periodic controls that must be carried out to verify compliance with the provisions of the security procedure that is implemented.
  • Measures to adopt when a support or document is going to be transported, discarded or reused.
  • The procedure must be kept up-to-date at all times and must be reviewed whenever relevant changes occur in the information system or in its organization.
  • The content of the procedure must be adapted at all times to the provisions in force regarding the security of personal data.
  1. PROCEDURES ESTABLISHED TO GUARANTEE THE EXERCISE OF THE RIGHTS OF THE HOLDERS
  • INQUIRIES

The Holder, his successors in title, his representatives and/or attorneys-in-fact, may make inquiries regarding the content of the Holder's Personal Data that rests in the Company's Databases and the Company will provide the information it possesses of the Holder. To make the query you need:

Submit the request to the email:

analista.servcliente@kamexinternational.com.co

  • A copy of the Holder's identity document must be attached to the request. When the request is made by a successor in title, proxy and/or representative of the Holder, he must prove said quality, in accordance with the current Law applicable on the matter.
  • The request must indicate the address and contact information and identification of the applicant
  • The person in charge of answering the query will respond to the applicant as long as they have the right to do so because they are the Owner of the Personal Data, their successor in title, proxy, representative or is the legal responsible in the case of minors. This response will be sent within ten (10) business days from the date the request was received by the Company.
  • In the event that the request cannot be met within ten (10) business days from the date the request was received by the Company, the requester will be contacted to communicate the reasons for the delay and to indicate another date on which your query will be answered, which will not exceed five (5) business days following the expiration of the first term. For this, the same means or one similar to the one used by the Owner to communicate their request will be used. Whatever the means used to make the query, the Company will keep proof of it and its response.
  • CLAIMS

The Holder or his Successors who consider that the information contained in a database managed by KAMEX INTERNATIONAL SAS should be subject to correction, updating or deletion, or if they notice a breach by it or any of its Managers, may file a claim before KAMEX INTERNATIONAL SAS or the Manager, in the following terms:

  • The claim will be made before KAMEX INTERNATIONAL SAS or the Treatment Manager, accompanied by the document that identifies the Holder, the clear description of the facts that give rise to the claim, the address where you wish to receive notifications, which may be physical or electronic and attaching the documents that you intend to assert.
  • If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the failures.
  • After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
  • In the event that KAMEX INTERNATIONAL SAS or the person in charge to whom it is directed is not competent to resolve it, it will notify the corresponding person within a maximum term of two (2) business days and inform the interested party of the situation.

KAMEX INTERNATIONAL SAS will use a unique email for these purposes in such a way that it can be identified at what moment the transfer is made and the corresponding response or confirmation of receipt.

If KAMEX INTERNATIONAL SAS does not know the person to whom it should be transferred, it will immediately inform the Holder with a copy to the Superintendency of Industry and Commerce.

  • Once the complete claim is received, the legend "claim in process" and the reason for it must be included in the corresponding database, this must occur within a maximum term of two (2) business days.
  • The maximum term to respond to the claim is 15 business days, if it is not possible to do so within this term, the interested party will be informed of the reasons for the delay and the date on which it will be addressed, which may not exceed eight (8) days. working days following the expiration of the first term.
  • COMPLAINTS BEFORE THE SUPERINTENDENCY OF INDUSTRY AND COMMERCE
The Holder, Beneficiary or proxy must first exhaust this consultation or claim procedure, before addressing the SIC to file a complaint.

  • TRANSFER OF DATA TO THIRD COUNTRIES
In accordance with Title VIII of the LEPD, the transfer of personal data to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendence of Industry and Commerce on the matter, which in no case may be less than those that this law requires of its recipients. This prohibition will not apply in the case of:

  • Information with respect to which the Holder has granted his express and unequivocal authorization for the transfer.
  • Exchange of medical data, when required by the treatment of the Holder for reasons of health or public hygiene.
  • Bank or stock transfers, in accordance with the legislation that is applicable to them.
  • Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
  • Transfers necessary for the execution of a contract between the Owner and the person responsible for the treatment, or for the execution of pre-contractual measures as long as the Owner's authorization is obtained.
  • Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial process.

In cases not considered as an exception, it will correspond to the Superintendence of Industry and Commerce to issue the declaration of conformity regarding the international transfer of personal data. The Superintendent is empowered to request information and take steps to establish compliance with the budgets required for the viability of the operation.

  • International transmissions of personal data that are made between a person in charge and a person in charge to allow the person in charge to carry out the treatment on behalf of the person in charge, will not require to be informed to the Owner or have their consent, as long as there is a contract for the transmission of personal data. .
  1. CURRENT NATIONAL LEGISLATION

It is important to reiterate that the activities carried out by KAMEX INTERNATIONAL SAS are regulated, their exercise is subject to the supervision of the Superintendence of Industry and Commerce. In compliance with the Consumer Protection Law, Law 1480 of 2011. Likewise, in terms of personal data management, General Law 1581 of 2012, Decree 1377 of 2013 and, as appropriate, Law 1266 of 2008 referred to will apply. to financial and credit data and consultation and reporting to credit bureaus. And the others that regulate it.

  1. EFFECTIVE DATE OF THE PROCESSING POLICY

This Policy is effective as of June 2, 2017. The Personal Data that is stored, used or transmitted will remain in our Database, in accordance with the criteria of temporality and necessity, for as long as necessary for the purposes mentioned in this Manual, for which they were collected.