Know our Privacy Policy
BRACE DEVELOPERS S.A.S. POLICY FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH LAW 1581 OF 2012 AND DECREE 1074 OF 2015
1. PURPOSE This POLICY FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA applies to the Personal Data that are collected, processed and/or stored in both physical and digital databases, as well as to the procedure for handling requests, inquiries and claims by BRACE DEVELOPERS S.A.S. It is issued in compliance with Law 1581 of 2012 and Decree 1074 of 2015, and with the purpose that, in its capacity as Data Controller, BRACE DEVELOPERS S.A.S. processes such data in strict compliance with the applicable regulations, guaranteeing the exercise of the rights of the Data Subjects.
2. CONTROLLER BRACE DEVELOPERS S.A.S. is a commercial company identified with Tax ID (NIT) 901.386.063-9: • Address: Cl 147 No. 7 B 95 Ap 203 • City: Bogotá D.C. • Email: soporte@bracedevelopers.com • Person in charge of PQRS: Juan José Ruiz Soto – CTO
3. DEFINITIONS (Article 3 of Law 1581 of 2012) • Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of Personal Data. • Database: Organized set of personal data that is subject to Processing. • Personal Data: Any information linked or that can be associated with one or more identified or identifiable natural persons. • Data Processor: Natural or legal person, public or private, that, by itself or in association with others, carries out the Processing of personal data on behalf of the Data Controller. • Data Controller: Natural or legal person, public or private, that, by itself or in association with others, decides on the database and/or the Processing of the data. • Data Subject: Natural person whose personal data is subject to Processing. • Processing: Any operation or set of operations on personal data, such as collection, exchange, updating, processing, reproduction, compilation, storage, use, systematization, circulation, organization, destruction and/or deletion.
4. PRINCIPLES GOVERNING THE PROCESSING OF PERSONAL DATA (Article 4 of Law 1581 of 2012) In the development, interpretation and execution of this POLICY FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA, the following principles shall apply: • Principle of Legality: The Processing referred to in this policy is a regulated activity that must comply with the provisions of the Law and other regulations that develop it. • Principle of Purpose: Processing must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Data Subject. • Principle of Freedom: Processing can only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that waives consent. • Principle of Truthfulness or Quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. The Processing of partial, incomplete, fractional data or data that may lead to error is prohibited. • Principle of Transparency: The Processing must guarantee the right of the Data Subject to obtain from the Data Controller or Data Processor, at any time and without restriction, information regarding the existence of data concerning them. • Principle of Restricted Access and Circulation: Processing is subject to the limits arising from the nature of the personal data, the Law and the Constitution. Personal data, except public information, may not be available on the internet or other mass dissemination or communication media, unless access is technically controllable to provide restricted knowledge only to Data Subjects or authorized third parties. • Principle of Security: The information subject to Processing by the Data Controller or Data Processor must be handled with the technical, human and administrative measures necessary to provide security to the records and prevent their adulteration, loss, consultation, use or unauthorized or fraudulent access. • Principle of Confidentiality: All persons involved in the Processing of Personal Data that are not public in nature are obligated to guarantee the confidentiality of the information, even after termination of their relationship with any of the tasks that comprise the Processing, and may only provide or communicate personal data when it corresponds to the development of the activities authorized by Law.
5. PROCESSING TO WHICH THE PERSONAL DATA WILL BE SUBJECT AND PURPOSES (Articles 8 and 10 of Law 1581 of 2012) In the development of its activities and corporate purpose, BRACE DEVELOPERS S.A.S. carries out the Processing of Personal Data through its employees, officers, contractors or agents in charge of such Processing. At all times, BRACE DEVELOPERS S.A.S. undertakes to maintain the confidentiality of the Personal Data collected for Processing, may provide personal information to judicial or administrative authorities that have the legal power to request it, and will allow the Data Subjects to exercise their rights. The Processing of Personal Data by BRACE DEVELOPERS S.A.S. includes collection, exchange, updating, processing, reproduction, compilation, storage, use, systematization, circulation, organization, destruction and/or deletion, in whole or in part and in accordance with the law, in order to facilitate, promote, enable or maintain labor, contractual, civil and commercial relationships between BRACE DEVELOPERS S.A.S. and the Data Subjects, and to fulfill the purposes described in this policy (control, management and execution of services, development of web and mobile solutions, consulting, tax and accounting management, marketing, surveys, human resource management, security, among others). Regarding the Transfer and/or Transmission of Personal Data, and solely for the purpose of fulfilling the purposes set forth in this policy, the Data Subjects expressly and unequivocally authorize the transfer, transmission, sale or assignment of all their Personal Data to third parties located in Colombia and/or abroad, such as, but not limited to, public entities, business partners, clients, contractors, strategic allies, affiliates, subsidiaries or related companies, with whom the corresponding agreements and/or commitments for the Transfer and/or Transmission of Personal Data shall be entered into. Transfer and/or Transmission may also occur in the event of a sale, merger, spin-off, consolidation, change in corporate control, transfer of substantial assets or global transfer of assets, reorganization or liquidation of BRACE DEVELOPERS S.A.S. In any case of Transfer and/or Transmission, BRACE DEVELOPERS S.A.S. will require the recipient of the Personal Data to process them in accordance with the authorized purposes and to respect the security and privacy of the Data Subject's information. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
6. PROCESSING OF SENSITIVE DATA (Article 5 of Law 1581 of 2012) Sensitive data are those that affect the privacy of the Data Subject or whose improper use may lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social or human rights organizations, or those that promote interests of any political party or guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data. The Data Subject is not obligated to provide sensitive data and it is voluntary to answer questions about them. No employee, officer, Data Controller or Data Processor is authorized to require the Data Subject to disclose sensitive data about themselves or third parties. If, for the activities carried out and the services provided by BRACE DEVELOPERS S.A.S., the Processing of any sensitive data is necessary, it is mandatory to obtain the prior and express authorization of the Data Subject and/or to process such data under the exceptions set forth in Article 6 of Law 1581 of 2012.
7. PROCESSING OF PERSONAL DATA AND RIGHTS OF CHILDREN AND ADOLESCENTS BRACE DEVELOPERS S.A.S. does not process personal data of children and adolescents. If, eventually, the Processing of such data is required, it will be carried out within the purposes established in this policy, when the data is of a public nature and when the Processing complies with the legal requirements: (i) Authorization for the Processing of Personal Data of children and adolescents must be granted by one of their legal representatives; and (ii) the Processing must respect the superior interest of children and adolescents and their fundamental rights. The legal representatives of children and adolescents whose personal data is authorized for Processing by BRACE DEVELOPERS S.A.S. must guarantee the right of the minor to be heard prior to granting the authorization and must consider their opinion according to their maturity, autonomy and ability to understand the matter. The Processing of minors' personal data must respond to their best interest and ensure respect for their fundamental rights.
8. RIGHTS OF DATA SUBJECTS In accordance with Article 8 of Law 1581 of 2012 and this POLICY FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA, Data Subjects may, among others, before the Data Controller or Data Processor: • Know, update and rectify their personal data. • Request proof of the authorization granted, except in cases where it is not required by law. • Be informed, upon request, about the use that has been given to their personal data. • Submit complaints to the Superintendence of Industry and Commerce for infringements of the provisions of Law 1581 of 2012 and other regulations that modify or supplement it. • Revoke the authorization and/or request the deletion of the data, subject to the conditions and limitations established by law and regulatory decrees. • Access free of charge their personal data that has been processed, within the limits established by law.
9. DUTIES OF BRACE DEVELOPERS S.A.S. AS DATA CONTROLLER (Article 17 of Law 1581 of 2012) As Data Controller, BRACE DEVELOPERS S.A.S. has, among others, the following duties: • Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data. • Request and keep proof of the respective authorization granted by the Data Subject. • Duly inform the Data Subject about the purpose of the collection and the rights they have by virtue of the authorization granted. • Store the information under the necessary security conditions to prevent adulteration, loss, consultation, use or unauthorized or fraudulent access. • Ensure that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable. • Update the information and communicate in a timely manner to the Data Processor any changes regarding the data previously provided. • Rectify the information when it is incorrect and inform the Data Processor. • Provide the Data Processor only with data whose Processing is previously authorized in accordance with the law. • Require the Data Processor, at all times, to respect security and privacy conditions of the Data Subject's information. • Handle inquiries and claims made by Data Subjects. • Inform the Data Processor when certain information is under discussion by the Data Subject. • Inform, upon request, about the use given to the data. • Inform the data protection authority when security violations occur and there are risks in the administration of the information of Data Subjects. • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
10. DUTIES OF DATA PROCESSORS OR OF BRACE DEVELOPERS S.A.S. AS DATA PROCESSOR (Article 18 of Law 1581 of 2012) When BRACE DEVELOPERS S.A.S. acts as Data Processor, or when there is a Data Processor, the following duties apply, among others: • Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data. • Store the information under the necessary security conditions to prevent adulteration, loss, consultation, use or unauthorized or fraudulent access. • Timely update, rectify or delete the data in the terms of the law. • Update the information reported by Data Controllers within five (5) business days of receipt. • Handle inquiries and claims made by Data Subjects in the terms of the law. • Adopt an internal manual of policies and procedures to ensure compliance with the law and, in particular, to handle inquiries and claims. • Register in the database the legend "claim in process" in the form established by law. • Insert in the database the legend "information in judicial discussion" once notified by the competent authority of judicial proceedings related to the quality of the personal data. • Refrain from circulating information that is being disputed by the Data Subject and whose blocking has been ordered by the Superintendence of Industry and Commerce. • Allow access to information only to persons who may have access to it. • Inform the Superintendence of Industry and Commerce when security violations occur and there are risks in the administration of Data Subjects' information. • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
11. PROCEDURES FOR THE EXERCISE OF RIGHTS BY DATA SUBJECTS (Articles 14, 15 and 16 of Law 1581 of 2012) Data Subjects or their successors may submit inquiries and/or claims to the email soporte@bracedevelopers.com. The Data Subject or successor may only file a complaint before the Superintendence of Industry and Commerce once the inquiry or claim procedure before the Data Controller or Processor has been exhausted. INQUIRY PROCEDURE: BRACE DEVELOPERS S.A.S. will have a maximum of ten (10) business days to respond to inquiries. If it is not possible to respond within this term, the interested party will be informed of the reasons for the delay and the date on which the inquiry will be answered, which may not exceed five (5) additional business days. CLAIM PROCEDURE: Claims apply when the Data Subject or their successors consider that the information contained in a database must be corrected, updated or deleted, or when there is an alleged breach of any of the duties set out in the law or this policy. The claim must contain at least the identification of the Data Subject, a description of the facts, the address for notifications and the documents to be asserted. If the claim is incomplete, BRACE DEVELOPERS S.A.S. will request the interested party to correct it within five (5) business days; if the required information is not provided within two (2) months from the date of the request, it will be understood that the claimant has withdrawn the claim. Once a complete claim is received, a legend stating "CLAIM IN PROCESS" and the reason for it will be included in the database within a maximum of two (2) business days and will be maintained until a decision is made. The maximum term to respond to the claim will be fifteen (15) business days from the day following the date of receipt. If it is not possible to respond within this term, the interested party will be informed of the reasons for the delay and the date on which the claim will be answered, which may not exceed eight (8) additional business days. PROCEDURE FOR REVOCATION OF AUTHORIZATION: When the Data Subject and/or their successor request the revocation of the authorization granted for the Processing of Personal Data, the procedure established for claims in this policy will be followed. The request for revocation of authorization will not proceed when the Data Subject has a legal or contractual duty to remain in the database.
12. TEMPORAL LIMITATIONS TO THE PROCESSING OF PERSONAL DATA BRACE DEVELOPERS S.A.S. may only process Personal Data, including collection, exchange, updating, processing, reproduction, compilation, storage, use, systematization, circulation, organization, destruction and/or deletion, in whole or in part, for as long as is reasonable and necessary in accordance with the purposes that justified the Processing, the applicable legal provisions and the administrative, accounting, tax, legal and historical aspects of the information. Once the purposes of the Processing have been fulfilled, BRACE DEVELOPERS S.A.S. or the Data Processor, as applicable, will delete the personal data in its possession, unless such data must be kept to comply with a legal or contractual obligation. Without prejudice to the above, the Authorization for the Processing of Personal Data may be revoked or deleted at any time, in accordance with the procedures and limitations set forth in this policy and the law.
13. AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA The Data Subject states that they have been informed, know and have read the POLICY FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA of BRACE DEVELOPERS S.A.S. Therefore, they grant their prior, express, free, unequivocal and informed authorization to BRACE DEVELOPERS S.A.S. to: • Process their personal data (collection, exchange, updating, processing, reproduction, compilation, storage, use, systematization, circulation, organization, destruction and/or deletion), in whole or in part, including contact, identification, location, socioeconomic, academic, sensitive, health, biometric and image data, and to process their commercial, credit and financial data within the purposes communicated in the Policy. • Obtain personal data, when possible, from cross-checks with credit bureaus and other third parties, without adverse effects being derived solely from the information contained in other databases. • Transfer and/or transmit their Personal Data nationally and internationally. • Process their sensitive data within the purposes established in the Policy. • Request, in their name and for the purpose of effectively protecting their rights as Data Subject, the deletion of their Personal Data from Data Processors to whom such data have been transferred. • Transfer, transmit, sell or assign the personal data collected, at the sole discretion of BRACE DEVELOPERS S.A.S., to any third party related to BRACE DEVELOPERS S.A.S., or to one or more relevant parties in the event of a sale, merger, spin-off, consolidation, business integration, change in corporate control, transfer of substantial assets or global transfer of assets, reorganization or liquidation. The Data Subject declares and accepts, among others, that: (i) where applicable, they expressly, freely, unequivocally and informedly authorize the Processing of personal data of minors they legally represent, having guaranteed the right of the minor to be heard; (ii) they know the procedure and may exercise the rights established in the applicable laws and in the Policy; (iii) they acknowledge and understand that part of the information provided may be sensitive and expressly authorize its Processing, understanding the voluntary nature of its provision; and (iv) they declare that the information provided is truthful, complete and updated.
14. TERM, VERSIONS AND UPDATING OF THE POLICY The term of validity of the databases shall be indefinite. This POLICY FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA of BRACE DEVELOPERS S.A.S. has been in force since November 10, 2021. In the event of substantial changes, they will be communicated in a timely manner (before or at the time of implementing the new policies) to the Data Subjects by any means, in order to obtain from the Data Subject a new authorization when the change refers to the purpose of the Processing. BRACE DEVELOPERS S.A.S. reserves the right to modify or update this Policy under the terms and with the limitations set forth by law.
