Cart
My account
Inicio

Data Processing

DATA PROCESSING POLICY

Habeas Data

INTRODUCTION

This manual is intended to ensure compliance with the legal, constitutional, and jurisprudential provisions concerning the development of the constitutional right that all individuals have to know, update, and rectify the information that has been collected about them in databases or files, as referred to in Article 15 of the Political Constitution, as well as the right to information enshrined in Article 20 thereof.


Law 1581 of 2012 developed “the constitutional right that all individuals have to know, update, and rectify the information that has been collected about them in databases or files, and the other constitutional rights, freedoms, and guarantees referred to in Article 15 of the Political Constitution; as well as the right to information enshrined in Article 20 thereof.” This constitutional right, known as habeas data, grants citizens the ability to decide and control the information that others hold about them, and accordingly, Law 1581 of 2012 establishes mechanisms and guarantees that allow the full exercise of said right.


In compliance with the provisions of Law 1581 of 2012, CLAUDIA TELLO BOUTIQUE, as the data controller of personal data and sensitive personal data of its affiliates, service providers, suppliers, and collaborators, has adopted the following Information Processing Policies to ensure that the processing of personal data and sensitive personal data complies with current legal provisions.


In summary, this manual establishes the policies and procedures through which the data subject may effectively exercise their rights related to the processing of their personal data and, in turn, the processing that the controller must apply to third-party data, as well as the mechanisms to ensure compliance with the duties incumbent upon the data controller. Likewise, certain definitions related to terms necessary for the correct application of these policies are provided, together with the principles on which the collection and processing of personal data are based.


PURPOSE

To regulate the policies and procedures that will apply to the handling of personal data information by CLAUDIA TELLO BOUTIQUE, in accordance with the provisions contained in Law 1581 of 2012 and Decree 1377 of 2013.


DATA CONTROLLERS – CLAUDIA TELLO BOUTIQUE

  • Corporate name: CLAUDIA TELLO BOUTIQUE
  • Tax ID: 1032393559-8
  • Main office: Calle 13 No. 22-13 South, El Restrepo Neighborhood
  • Main domicile: Bogotá D.C.
  • Phone: (1) 909-9970
  • Mobile phone: 320 980 96-87
  • Main website: claudiatelloboutique.com
  • Email: info@claudiatelloboutique.com
  • Data Controller: Claudia Milena Martínez Franco
CLAUDIA TELLO BOUTIQUE is responsible for the processing of the personal data and sensitive personal data of its affiliates, service providers, suppliers, and collaborators over which it decides directly and autonomously.


SCOPE

This manual applies to the personal data of natural persons registered in databases related to Employees, Potential Employees, Former Employees, Shareholders, Suppliers, Potential Suppliers, Clients, and Users (where applicable) of CLAUDIA TELLO BOUTIQUE, which are subject to processing. It shall apply to personal data collected and handled by CLAUDIA TELLO BOUTIQUE SAS. If, in the future, other legal entities become part of CLAUDIA TELLO BOUTIQUE, this manual shall also apply to them.


This manual shall not apply to:
  • a. Data for exclusively personal or domestic use.
  • b. Data intended for national security and defense, as well as the prevention, detection, monitoring, and control of money laundering and terrorist financing.
  • c. Data containing State intelligence and counterintelligence information.
  • d. Databases and files regulated by Statutory Law 1266 of 2008.
  • e. Databases and files regulated by Law 79 of 1993.

DEFINITIONS

For the application of the rules and procedures established in this manual, and in accordance with the provisions of Article 3 of Statutory Law 1581 of 2012, the following definitions shall apply:
  • a. Authorization: Prior, express, and informed consent of the Data Subject to carry out the processing of personal data.
  • b. Database: An organized set of personal data that is subject to processing.
  • c. Privacy Notice: A physical or electronic document, or any other format, generated by the Data Controller and made available to the Data Subject for the processing of their personal data. Through this notice, the Data Subject is informed of the existence of the applicable policies for the processing of personal data, as well as the means to access them and the characteristics of such processing.
  • d. Personal Data: Any information linked to or that may be associated with one or more identified or identifiable natural persons, such as first and last name, identification document, age, address, region, country, city, postal code, landline phone number, mobile phone number, address, email address, advertising preferences, consumption preferences, channel preferences, complaints and claims, service updates, basic and personal data, contact data, demographic data, data on tastes, preferences, and habits.
  • e. Sensitive Data: Sensitive data refers to data that affects the Data Subject’s privacy or whose improper use may result in discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social or human rights organizations, or organizations that promote the interests of any political party or guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
  • f. Data Processor: A natural or legal person, public or private, who by themselves or in association with others, processes personal data on behalf of the Data Controller.
  • g. Data Controller: A natural or legal person, public or private, who by themselves or in association with others, decides on the database and/or the processing of data.
  • h. Data Subject: The natural person whose personal data is subject to processing.
  • i. Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion, using any known or future technology.

MAIN

The principles set forth below constitute the general parameters through which the provisions of this manual regarding the personal data of individuals to whom data processing applies shall be implemented:
  • a. Purpose Principle: The processing of personal data by CLAUDIA TELLO BOUTIQUE must pursue a legitimate purpose, which must be informed to the Data Subject.
  • b. Freedom Principle: Personal data processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives consent.
  • c. Accuracy or Quality Principle: Information subject to processing must be truthful, complete, accurate, updated, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.
  • d. Transparency Principle: Processing must guarantee the Data Subject’s right to obtain from CLAUDIA TELLO BOUTIQUE, at any time and without restrictions, information regarding the existence of data concerning them.
  • e. Restricted Access and Circulation Principle: Personal data, except for public information, may not be available on the Internet or other mass communication or dissemination media unless access is technically controllable in order to provide restricted knowledge only to Data Subjects or authorized third parties.
  • f. Security Principle: Information subject to processing by CLAUDIA TELLO BOUTIQUE must be handled with the technical, human, and administrative measures necessary to provide security to the records, preventing their alteration, loss, consultation, unauthorized or fraudulent use or access.
  • g. Confidentiality Principle: All persons involved in the processing of personal data that is not public in nature are required to guarantee the confidentiality of the information, even after the termination of their relationship with any of the activities involving data processing.

Processing to which the data will be subject and purpose of processing.

Processing refers to any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion. The information collected by CLAUDIA TELLO BOUTIQUE in the provision of its services and, in general, in the development of its corporate purpose, is primarily used to identify, maintain records, and control Employees, Potential Employees, Former Employees, Shareholders, Suppliers, Potential Suppliers, Clients, and Users of CLAUDIA TELLO BOUTIQUE.

General Information Processing:

  • • Process
  • • Confirm
  • • Comply
  • • Provide the services and/or products acquired directly or with the participation of third parties
  • • Promote and advertise our activities, products, and services
  • • Carry out transactions
  • • Submit reports to the various national administrative control and supervisory authorities, law enforcement or judicial authorities, financial institutions, and/or insurance companies
  • • Internal administrative and/or commercial purposes such as: market research, audits, accounting reports, statistical analysis, or invoicing
  • • Collection
  • • Storage
  • • Recording
  • • Use
  • • Circulation
  • • Processing
  • • Deletion
  • • Transmission and/or transfer to third countries of the data provided, for the execution of activities related to the services and products acquired
  • • Accounting records
  • • Correspondence
  • • Carry out transactions
  • • Fraud identification and prevention of money laundering and other criminal activities

General Processing of Shareholders’ Information:

  • • Payment of dividends.
  • • Compliance with judicial decisions and administrative and legal provisions.
  • • Contact.
  • • Compliance with judicial decisions and administrative and legal, tax, and regulatory provisions.

General Processing of Suppliers’ Information:

  • • For commercial purposes.
  • • Accounting.
  • • Compliance with judicial decisions and administrative and legal, tax, and regulatory provisions.
  • • Compliance with contractual obligations, for which the information may be transferred to third parties such as financial institutions, notaries, OFAC and terrorism lists, attorneys, etc.
  • • To carry out the processes in which suppliers are involved.
  • • Any other use that the supplier authorizes in writing for the use of their information.
  • • Transmission of information and personal data in audit processes.

General Processing of Clients’ Information:

  • • For commercial purposes.
  • • Offering of goods and services.
  • • Advertising and marketing.
  • • Commercial alliances.
  • • Accounting.
  • • Compliance with contractual obligations, for which the information may be transferred to third parties such as financial institutions, notaries, OFAC and terrorism lists, attorneys, etc.
  • • Compliance with judicial decisions and administrative and legal, tax, and regulatory provisions.
  • • Transmission of information and personal data in audit processes.
  • • Invoicing.

General Processing of Information of Employees, Former Employees, Retirees, and Job Applicants:

  • • For purposes related to the employment relationship (health insurance entities, occupational risk administrators, pension and severance funds, family compensation funds, etc.).
  • • In the case of employees, the execution of the employment contract constitutes express authorization for the processing of information.
  • • In the event of judicial and legal requirements.
  • • Accounting and payroll payment.
  • • Recruit and select personnel to fill vacancies.
  • • Process, confirm, and comply with legal and extralegal labor obligations arising from the employment contract.
  • • Carry out transactions.
  • • Payment of extralegal benefits.
  • • Audits.
  • • Statistical analysis.
  • • Maintain a database of candidates.
  • • Training and education.
  • • Share personal data with banking entities, companies that offer benefits to our active employees, among others.

Authorization.

The compilation, storage, consultation, use, exchange, transmission, transfer, and processing of personal data require the free, express, and informed consent of the Data Subject. Based on the foregoing, and through this manual, mechanisms are implemented that allow subsequent consultation by the Data Subject.

Mechanisms for granting Authorization.

Authorization by the Data Subject may be evidenced in a physical or electronic document, or in any other format that reasonably allows concluding that the Data Subject granted such authorization.
Taking the foregoing into account, CLAUDIA TELLO BOUTIQUE hereby states that authorization shall in all cases be granted through a physical and/or digital document, which must bear the signature of the Data Subject, without prejudice to the fact that different mechanisms for granting authorization may be established in the future.
CLAUDIA TELLO BOUTIQUE, shall ensure the respect and compliance with the fundamental rights of children and adolescents, observing the special requirements established for the processing of their personal data and sensitive personal data.
Through the authorization, the Data Subject or their representative, in the case of children and adolescents, shall be informed that the information will be collected, including its purpose, modifications, storage, and the specific use that will be given thereto, and additionally:
  • • The person who collects the information (specifying whether they are the Data Controller or the Data Processor).
  • • The data to be collected, including whether Sensitive Data will be collected.
  • • The purpose of data processing.
  • • The mechanisms through which Data Subjects may exercise their rights (access, correction, updating, or deletion of data).

Proof of Authorization.

CLAUDIA TELLO BOUTIQUE, in its capacity as Data Controller and Data Processor, shall have the necessary means to maintain technical and technological records of when and how authorization was obtained from the Data Subject for the processing of such data.

Privacy Notice.

The privacy notice is a physical or electronic document, or any other format, through which the Data Subject is informed of the existence of policies that will be applicable to them, as well as the manner in which they may access such policies and the characteristics of the processing that will be applied to personal data.

Privacy Notice.

The privacy notice is a physical or electronic document, or any other format, through which the Data Subject is informed of the existence of policies that will be applicable to them, as well as the manner in which they may access such policies and the characteristics of the processing that will be applied to personal data.

Content of the Privacy Notice.

  • a. The identity, address, and contact details of the Data Controller or the Data Processor.
  • b. The processing to which the data will be subject and its purpose.
  • c. The mechanisms provided by CLAUDIA TELLO BOUTIQUE so that the Data Subject may become aware of the information processing policy and any substantial changes made thereto or to the corresponding privacy notice. In all cases, the Data Subject shall be informed of how to access or consult the information processing policy.
The privacy notice model communicated to the Data Subjects shall be retained while the processing of personal data is carried out and while the obligations arising therefrom remain in force. For the storage of the model, computer-based, electronic, or any other technology chosen by CLAUDIA TELLO BOUTIQUE may be used.
Depending on the group of individuals whose personal data is collected, there shall be a single privacy notice model specifying in detail the points described above for each group.

Rights of the Data Subjects.

In accordance with Article 8 of Statutory Law 1581 of 2012, the Data Subject of personal data has the following rights:
  • a. To know, update, and rectify their personal data held by CLAUDIA TELLO BOUTIQUE in its capacity as Data Controller and Data Processor.
  • b. To request proof of the authorization granted to CLAUDIA TELLO BOUTIQUE.
  • c. To be informed by CLAUDIA TELLO BOUTIQUE regarding the use given to their personal data.
  • d. To file complaints with the Superintendence of Industry and Commerce for violations of the provisions of Statutory Law 1581 of 2012, once the consultation or claim procedure established by said law has been exhausted.
  • e. To revoke authorization and/or request the deletion of data when the principles, rights, and constitutional and legal guarantees are not respected in the processing.
  • f. To access their personal data free of charge that has been subject to processing.

Duties of CLAUDIA TELLO BOUTIQUE regarding the processing of personal data in its capacity as Data Controller and Data Processor.

It is hereby stated that personal data subject to processing is the property of the individuals to whom it refers, and they are authorized to dispose of it. Based on the foregoing, personal data shall only be used in accordance with the purposes established by law and in compliance with the provisions of Statutory Law 1581 of 2012.
In accordance with Article 17 of Statutory Law 1581 of 2012, CLAUDIA TELLO BOUTIQUE undertakes to comply with the following duties:
  • a. To guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data.
  • b. To request and retain a copy of the respective authorization granted by the Data Subject.
  • c. To carry out the updating, rectification, or deletion of data in accordance with Articles 14 and 15 of Statutory Law 1581 of 2012.
  • d. To process consultations and claims submitted by Data Subjects in the terms established in Article 14 of Statutory Law 1581 of 2012.
  • e. To store information under the necessary security conditions to prevent its alteration, loss, consultation, unauthorized or fraudulent use, or access.
  • f. To include in the databases the legend “information under judicial dispute” once notified by the competent authority of judicial proceedings related to the quality or details of the personal data.
  • g. To inform the Superintendence of Industry and Commerce when security breaches occur and risks arise in the administration of Data Subjects’ information.
  • h. To process consultations and claims submitted by Data Subjects.
  • i. To comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
  • j. To apply the regulations governing Statutory Law 1581 of 2012.

Duties regarding the processing of data of children and adolescents.

CLAUDIA TELLO BOUTIQUE, in its capacity as Data Controller and Data Processor of the personal data of the aforementioned groups, shall take special care to ensure compliance with the Law with respect to these groups and the respect of their rights, especially with regard to personal data that do not fall within the category of data of a public nature (name, sex, date of birth, etc.).
The processing of personal data of children and/or adolescents that are of a public nature shall comply with the following parameters and requirements:
  • a) That it responds to and respects the best interests of children and adolescents.
  • b) That respect for their fundamental rights is ensured.
  • c) Assessment of the minor’s opinion when they have the maturity, autonomy, and capacity to understand the matter.
Once the above requirements have been met, the legal representative of the child or adolescent may grant authorization for the processing, following the exercise of the minor’s right to be heard, whose opinion shall be assessed taking into account their maturity, autonomy, and capacity to understand the matter.

Procedures for access, consultation, and claims.

Points applicable to all procedures:
(I) For the exercise of the rights indicated in this section by the heirs, and also to prevent access to the information by legally unauthorized persons, the documentation that reasonably allows concluding that the person requesting the information is indeed an heir of the Data Subject shall be previously verified, in accordance with the Law.
(II) In the event that there is any doubt regarding the application of the procedures indicated herein, such doubt shall be reported by the area responsible for the database to which the procedure applies and resolved by the Legal Department, which shall decide the matter taking into account the Law, Decrees, and other regulatory or instructive provisions, as well as the case law issued on the matter.

Access.

Taking into account that the authority to dispose of or decide on personal data lies with the Data Subject, this authority necessarily implies the Data Subject’s right to access and know the personal information that is being processed, including in this regard the scope, conditions, and general aspects of such processing.
In light of the foregoing, this right is guaranteed to the Data Subject, which includes:
  • • Knowledge of the existence of the processing of their personal data.
  • • Access to their personal data.
  • • The circumstances under which the personal data are processed.

Consultation.

In accordance with Article 14 of Statutory Law 1581 of 2012, Data Subjects or their heirs may consult the personal information of the Data Subject that is contained in any database. Based on this, this right is guaranteed by providing them with all the information contained in the individual record or that is linked to the identification of the Data Subject.
Depending on the nature of the personal data database, the consultation shall be handled by the area responsible for managing it within CLAUDIA TELLO BOUTIQUE.
Consultations shall be addressed within a maximum period of ten (10) business days counted from the date of receipt thereof. When it is not possible to address the consultation within said period, the interested party shall be informed within the initial term, stating the reasons for the delay and indicating the date on which the consultation will be addressed, which in no case may exceed five (5) additional business days following the expiration of the first term.

Claim.

In accordance with Article 15 of Statutory Law 1581 of 2012, the Data Subject or their heirs who consider that the information contained in a database should be subject to correction, updating, or deletion, or when they notice the alleged non-compliance with any of the duties contained in Statutory Law 1581 of 2012, may file a claim, which shall be processed under the following rules:
  • 1. The claim shall be submitted by means of a communication made by the Data Subject or their heirs addressed to CLAUDIA TELLO BOUTIQUE, as the Data Controller or Data Processor, and must include the information indicated in Article 15 of Statutory Law 1581 of 2012. If the claim is incomplete, the interested party shall be required, within five (5) days following receipt of the claim, to remedy the deficiencies. If two (2) months elapse from the date of the request without the applicant providing the required information, it shall be understood that the claim has been withdrawn. In any case, if the communication is addressed to CLAUDIA TELLO BOUTIQUE and it does not have the capacity to respond, CLAUDIA TELLO BOUTIQUE, without the need to inform the person submitting the claim, shall forward it to the entity that must provide the response.
  • In the event that CLAUDIA TELLO BOUTIQUE receives a claim that it is not competent to resolve, it shall transfer it to the appropriate party within a maximum period of two (2) business days and shall inform the interested party of the situation.
  • 2. Once the complete claim has been received, a note stating “claim in process” and the reason for it shall be included in the database within a period not exceeding two (2) business days. This note shall remain until the claim is decided.
  • 3. The maximum term to address the claim shall be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to address the claim within said period, the interested party shall be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) additional business days following the expiration of the first term.
At any time and free of charge, the natural person who is the Data Subject of the personal data, or their representative, may request the rectification, updating, or deletion of their personal data, upon prior verification of their identity.
The request for rectification, updating, or deletion of personal data must be submitted through the means provided and indicated in the privacy notice and must contain at least the following information:
  • 1. The name and address of the Data Subject or their representative, or any other means to receive the response to their request.
  • 2. The documents that prove the identity or representation of the Data Subject of the personal data.
  • 3. A clear and precise description of the personal data and the facts giving rise to the claim.
  • 3. A clear and precise description of the personal data and the facts giving rise to the claim.
  • 4. The documents intended to be asserted in the claim.
Deletion implies the total or partial removal of personal information, as requested by the Data Subject, from the records, files, and databases or processing activities carried out by CLAUDIA TELLO BOUTIQUE.
Depending on the nature of the personal data database, the claim shall be handled by the area responsible for managing it within CLAUDIA TELLO BOUTIQUE.

Procedural Requirement.

The Data Subject or heir may only file a complaint with the Superintendence of Industry and Commerce once they have exhausted the consultation or claim procedure before CLAUDIA TELLO BOUTIQUE.

Revocation of Authorization.

In accordance with the provisions of the Law, in the event that the principles, rights, and constitutional and legal guarantees are not respected in the processing of personal data, the Data Subjects or their representatives (such as parents exercising parental authority over a child or adolescent) may request the revocation of the authorization granted for such processing, unless such revocation is prevented by legal or contractual provisions. In such case, the specific reasons on which it is considered that the aforementioned standards are not being respected must be indicated.
CLAUDIA TELLO BOUTIQUE, as the Data Controller or Data Processor, as applicable, shall confirm receipt of the request for revocation of authorization, including the date of receipt. Such request may be challenged if, in the judgment of CLAUDIA TELLO BOUTIQUE, the circumstances indicated by the Data Subject are not present, or if such revocation would affect the monitoring or fulfillment of rights or obligations by the entity in relation to the Data Subject. In such case, CLAUDIA TELLO BOUTIQUE shall inform the Data Subject in writing so that they may take the measures they deem appropriate before the relevant authorities.
The request for revocation of authorization may be total or partial. It shall be total when revocation of all purposes consented to through the authorization is requested; it shall be partial when revocation of some purposes is requested, depending on the revocation request. This qualification must be clearly stated in the request for revocation of authorization.

Information Security.

Information Security Measures.

In furtherance of the security principle established in Statutory Law 1581 of 2012, CLAUDIA TELLO BOUTIQUE shall implement additional technical, human, and administrative measures, if required, that are necessary to provide security to the records, thereby preventing their alteration, loss, consultation, use, or unauthorized or fraudulent access. The development of this online store, carried out by the web design agency Distecnoweb, was tested under different scenarios, and CLAUDIA TELLO BOUTIQUE performs the necessary technical updates over time to maintain information security.

Database Registration.

CLAUDIA TELLO BOUTIQUE, in its capacity as Data Controller and Data Processor, shall proceed with the registration of the databases under the terms indicated by Colombian regulations.

Acceptance.

Data Subjects accept the processing of their personal data in accordance with the terms of this Manual at the time they provide their data.

Term.

This General Privacy Policy is effective as of the date of its publication, and its validity shall be subject to the purpose of the processing of personal data inherent to the legal nature of CLAUDIA TELLO BOUTIQUE.

Chat with Us