SCOPE

 

The purpose of this Manual is to protect the constitutional right that all people have to know, update and rectify the information that has been collected about them in the databases or files owned by Ambiguo Design SAS in the development and fulfillment of its corporate purpose. , as well as the other rights, freedoms and constitutional guarantees referred to in articles 15 and 20 of the Political Constitution of Colombia on the right to privacy and the right to information, respectively. 

 

The policies contained in this Manual regulate all the conditions for the collection, storage, use and deletion of personal data of all those who have a relationship with Ambiguo Design SAS (hereinafter "Ambiguo Design" or "the Company") within the framework of their activities, whether they are subcontractors, suppliers, employees, clients or any other person who, due to the activities, must provide their data, in accordance with the applicable legal regime on the matter. 

​

 

LEGAL FRAMEWORK

 

Based on article 15 of the Political Constitution of Colombia, on Law 1581 of 2012 and on Regulatory Decrees 1377 of 2013 and 886 of 2014 - today contained in chapters 25 and 26 of Sole Regulatory Decree 1074 of 2015, as well as on Law 1712 of 2014, and the other regulations that modify, add, complement or develop the current legislation for data protection in Colombia, AMBIGUO DESIGN has implemented this Manual in its capacity as Data Processing Manager, by which The entire company and third parties entrusted with the processing of personal data in accordance with the development of its contractual object will be governed.

 

DEFINITIONS 

 

• AUTHORIZATION: Prior, express and informed consent of the Owner to carry out the Processing of personal data.

 

• DATABASE: Organized set of personal data that is subject to Treatment.

 

• PERSONAL DATA: Any information linked to or that may be associated with one or several determined or determinable natural persons.

 

• SEMI-PRIVATE DATA: Semi-private data is not of an intimate, reserved, or public nature and whose knowledge and disclosure may be of interest not only to its owner but also to a certain sector or group of people, or to society in general, such as financial and credit data. . 

 

• PRIVATE DATA: It is the data that due to its intimate or reserved nature is only relevant to the owner. 

 

• OPEN DATA: Are all those primary or unprocessed data, which are in standard and interoperable formats that facilitate their access and reuse, which are under the custody of public or private entities that comply with public functions and that are made available. of any citizen, freely and without restrictions, so that third parties can reuse them and create services derived from them. 

 

• RESPONSIBLE FOR THE TREATMENT: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of the data.

 

• PROCESSOR OF THE TREATMENT: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Responsible for the Treatment.

 

• HOLDER: Natural person whose personal data is subject to Treatment.

 

• TREATMENT: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

 

• TRANSFER: Consists of sending personal data to a recipient who, in turn, is responsible for the treatment under the terms of Law 1581 of 2012. 

 

• INFORMATION: Refers to an organized set of data contained in any document that those responsible for and/or in charge of processing generate, obtain, acquire, transform or control. 

 

• PUBLIC INFORMATION: It is all information that the person in charge and/or in charge of the treatment, generates, obtains, acquires, or controls in his capacity as such.

 

• CLASSIFIED PUBLIC INFORMATION: It is that information that, being in the possession of a responsible subject in his capacity as such, belongs to the personal, private and semi-private sphere of a natural or legal person, for which reason its access may be denied or excepted, provided in the case of legitimate and necessary circumstances and private or private rights enshrined in the law. 

 

• RESERVED PUBLIC INFORMATION: It is that information that, being in the possession of a responsible subject in his capacity as such, is excepted from access to citizenship for damage to public interests. 

 

• RESTRICTED CIRCULATION: Personal data will only be processed by Company personnel and its subcontractors who, within their functions, are in charge of carrying out such activities. Personal data may not be delivered to those who do not have authorization or have not been authorized by AMBIGUO DESIGN to process them.

 

• CONFIDENTIALITY: AMBIGUO DESIGN undertakes to treat the personal data of the owners in an absolutely confidential manner, as defined in literal g) of article 3 of Law 1581 of 2012, using them exclusively for the purposes related to the development of its contractual purpose, provided that the owner has not opposed said treatment. 

 

GENERAL PRINCIPLES 

 

In development and application of article 4 of Law 1581 of 2012 and articles 2 and 3 of Law 1712 of 2014, AMBIGUO DESIGN will apply the following guiding principles in a harmonious and comprehensive manner: 

​

1. Principle of maximum publicity for universal owner: All information in the possession, control or custody of an obligated subject is public and may not be reserved or limited except by constitutional or legal provision, in accordance with the Law._cc781905-5cde-3194-bb3b -136bad5cf58d_

2. Principle of legality: The collection, use and treatment of personal data will be based on the provisions of the Law and the other provisions that develop it. 

3. Principle of purpose: The collection, use and processing of personal data will obey a legitimate purpose in accordance with the Constitution and the Law, which will be informed to the owner of the data.

4. Principle of freedom: The collection, use and treatment of personal data can only be exercised with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent. 

5. Principle of veracity or quality: The information subject to treatment must be true, complete, exact, updated, verifiable and understandable. The processing of partial, incomplete, fractional or misleading data is prohibited. 

6. Principle of transparency: In the collection, use and processing of personal data, the right of the owner to obtain from the data controller or manager, at any time and without restrictions, information about the existence of data that concerns him must be guaranteed._cc781905- 5cde-3194-bb3b-136bad5cf58d_

7. Principle of restricted access and circulation: The collection, use and processing of data may only be done by persons authorized by the owner and/or by persons provided for in the Law and other regulations that develop it. 

8. Security principle: Personal data and information subject to public processing will be protected and must be managed with the necessary measures and technical, human, and administrative resources to provide security to the records, as well as with the adoption of technological tools for protection, avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access. 

9. Principle of confidentiality: All persons involved in the collection, use and processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the treatment.

10. Principle of facilitation: Those responsible for the treatment must facilitate the exercise of the right of access to information, excluding demands or requirements that may obstruct or prevent it.

11. Principle of non-discrimination: According to which the person responsible for data processing must provide information to all persons who request it, on equal terms, without making arbitrary distinctions.

12. Principle of gratuity: According to which, access to information is free and additional values may not be charged to the cost of reproduction of the information.

​

PURPOSE OF THE PROCESSING OF PERSONAL DATA

 

By virtue of the relationship that has been established or is established between the Holder of the personal data and AMBIGUO DESIGN, it is important that he knows that the company collects, registers, stores and uses the personal data of the Holders, for his own use, according to the purposes that are informed within the authorization request that is made available to you, or by requirements of public entities. 

 

In any case, the Personal Data of the Holders will be used by the Company to carry out its own activities and necessary to fulfill its corporate purpose.

 

RIGHTS OF HOLDERS

 

The Company guarantees the owner of the personal data, the full exercise of the rights listed below:

 

1. Know, update and rectify your personal data. This right may also be exercised, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is expressly prohibited or has not been authorized. 

2. Request proof of the authorization granted to the person in charge of the processing of your personal data.

3. Be informed of the use and treatment given to your personal data, upon request made through the service channels. 

4. Submit complaints to the Superintendence of Industry and Commerce for violations of the provisions of the law and other regulations that modify, add or complement it. 

5. Revoke the authorization and/or request the deletion of one or more data when the principles, rights and constitutional and legal guarantees are not respected in the treatment. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the processing of the data conducts contrary to the law and the Constitution have been incurred. 

6. Free access to your personal data that has been processed. 

 

HOLDER AUTHORIZATION

 

AMBIGUO DESIGN will request authorization from the Owner for the use and treatment of their personal data, which must be contained in a physical or electronic document, at the latest at the time of information collection. 

 

The owner's authorization will not be necessary in the case of:

1. Information required by a public or administrative entity in the exercise of its legal functions or by court order;

2. Data of a public nature;

3. Cases of medical or health urgency;

4. Treatment of information authorized by law for historical, statistical or scientific purposes;

5. Data related to the Civil Registry of People.

 

Revocation of authorization:

The owner of the personal data may at any time request the Company to revoke the authorization granted, by filing a claim. The revocation of the authorization will not proceed when the Owner has a legal or contractual duty to remain in the AMBIGUO DESIGN database(s).

 

If the legal term to address the claim has expired, AMBIGUO DESIGN has not eliminated the personal data, the Owner will have the right to request the Superintendence of Industry and Commerce to order the revocation of the authorization. 

 

DUTIES OF THE COMPANY AS RESPONSIBLE AND IN CHARGE OF THE PROCESSING OF PERSONAL DATA

 

The Company, acting as Responsible for the Processing of Personal Data, must: 

​

1. Guarantee the owner, at all times, the full and effective exercise of the right of habeas data. 

2. Request and keep a copy of the respective authorization granted by the owner, for the use and treatment of personal data.

3. Duly inform the Owner about the purpose of the collection and the rights that assist him, by virtue of the authorization granted. 

4. Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access. 

5. Guarantee that the information provided to the person in charge of the treatment is true, complete, exact, updated, verifiable and understandable. 

6. Update the information, communicating in a timely manner to the person in charge of the treatment, all the news regarding the data that he has previously provided and adopt the other necessary measures so that the information provided to him is kept updated._cc781905-5cde-3194-bb3b -136bad5cf58d_

7. Rectify the information when it is incorrect and notify the person in charge of the treatment. 

8. Provide the person in charge of the treatment, as the case may be, only data whose treatment is previously authorized. 

9. Require the person in charge of the treatment at all times, respect for the security and privacy conditions of the owner's information. 

10. Process inquiries and claims made. 

11. Adopt an internal manual of policies and procedures to guarantee adequate compliance with the law and to attend to queries and claims. 

12. Inform the Treatment Manager when certain information is under discussion by the Owner, once the claim has been filed and the respective process has not been completed.

13. Inform at the request of the Owner about the use given to their data.

14. Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders.

15. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

​

In addition to the duties indicated, the Company acting as the Person in Charge of the Processing of Personal Data, shall: 

​

1. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

2. Timely update, rectify or delete the data in the terms of the Law.

3. Update the information reported by the Treatment Managers within five (5) business days from its receipt;

4. Refrain from circulating information that is being controversial by the Owner and whose blocking has been ordered by the Superintendence of Industry and Commerce;

5. Allow access to information only to people who may have access to it;

 

COLLECTION OF PERSONAL DATA

 

The Company will act as Responsible for the Processing of Personal Data with respect to the Databases that arise on occasion and in development of its corporate purpose. For this purpose, the identification data of the Treatment Manager:

​

• Name:Ambiguous Design SAS

• general contact:info@ambiguodesign.com

• Attention to the community and PQRS:support@ambiguodesign.com

• Service channels: 

Written: Through certified mail or to the indicated emails.  

 

Likewise, the Company may act as Data Processor when, in the exercise of its functions, it carries out by itself or through its subcontractors and other persons duly authorized for this purpose, the Processing of Personal Data of the Holders that come to have a relationship with the Company and whose information is required for storage or use within the framework of its corporate purpose.

The information required by the Holder will be requested through a physical or digital form that will include the following:

• Data to be collected such as name, ID, contact number, among others.

• Purpose of the collection or use that will be given to the information.

• The rights that assist you as the Owner of the information.

• Request for Authorization of the Holder in which the prior, express and informed consent of the Holder is expressed to carry out the Processing of personal data.

• Privacy Notice: through which the Holder is informed about the existence of the Information Treatment Policies that will be applicable to him, the way to access them and the purposes of the Treatment that is intended to be given to personal data._cc781905- 5cde-3194-bb3b-136bad5cf58d_

 

When the Company collects Sensitive Personal Data in accordance with article 6 of Law 1581 of 2012, AMBIGUO DESIGN will give strict guarantees for the Treatment of said data, informing its Owner of the following:

1. It will inform the Holder that because it is sensitive data, he is not obliged to authorize its Treatment. 

2. Inform the Owner explicitly and in advance, in addition to the general requirements of the authorization for the collection of any type of personal data, which of the data that will be subject to Treatment are sensitive and the purpose of their Treatment, and also obtain their consent express. 

 

The information that is collected will be registered in the Database assigned by the Company according to the purpose or use for which it serves, and will also be stored in the AMBIGUO DESIGN file for the time considered necessary to fulfill said purpose. or use. Any other type of purpose that is intended to be given to personal data must be previously informed, in the privacy notice and in the respective authorization granted by the data owner.

Likewise, AMBIGUO DESIGN through the contact channels enabled, guarantees the Owner of the data the exercise of their rights of access to the information provided, the updating, rectification and deletion of their data._cc781905-5cde-3194-bb3b- 136bad5cf58d_

 

AMBIGUOUS DESIGN DATABASES

 

In the Treatment of the data contained in the Databases described below, AMBIGUO DESIGN acts both as "Responsible", since it is the one who makes the decisions about the Treatment of the data that it collects by itself or by interposed person; as in the capacity of "In charge", to the extent that it is the person who performs the Treatment of the data according to the type of Base. 

 

Customer database

 

Description:

This Database corresponds to the personal information that is collected on natural or legal persons through their legal representative, who, in their capacity as clients, acquire products or services from AMBIGUO DESIGN. Within this database, the following information is collected: name of the person or legal representative, as appropriate, email, contact telephone number and address.

How the data is collected:

The information is collected through the request for information through our website.

Information can also be collected passively when using the services contained within the websites of THE COMPANY, the latter may collect information passively through information management technologies, such as "cookies", through the which collects information about your computer's hardware and software, IP address, browser type, operating system, domain name, access time, and the addresses of the websites it came from. Information will also be collected about the pages that the person visits most frequently on these websites in order to know their browsing habits. However, the user of the websites of THE COMPANY has the possibility of configuring the operation of the "cookies", according to the options of their internet browser.

 

Purpose:

The information contained in this database has the following purposes: 

1. Provide the services and/or products required; 

2. Make known about new products or services and/or about changes in them, commercial, advertising or promotional information and events; 

3. Customer loyalty programs; 

4. Network profile analysis; 

5. Opinion polls; 

6. commercial prospecting;

7. Administrative management; 

8. Billing management; 

9. The information collected on the web (chat, web pages, mobile applications, social networks, blogs, landing pages) will be used to contact the client directly to manage orders, deliver products, offer services, process payments, update our records based on in browsing habits when the customer accepts the use of cookies, display content such as wish lists and customer reviews, to recommend products and services. This information is also used to improve the online store and platform, as well as to prevent or detect fraud or abuse on the website and to allow third parties to carry out technical, logistical support or other functions on our behalf._cc781905- 5cde-3194-bb3b-136bad5cf58d_

10. Verify the identity of the owner, carry out security studies and/or apply security protocols in order to prevent and mitigate the risk of fraud, money laundering and/or financing of terrorism.

 

Treatment:

The personal information contained in this database is subject to collection, processing, storage, use, updating, transmission and deletion. This information is contained in a magnetic medium, whose access is limited to the personnel of the area in charge of processing this data.

It is important to note that it is possible to delete personal data at the request of its owner. Said elimination will be proceeded by means of a request sent by the owner through the communication channels to the Data Controller.  

 

Validity

The validity of the database will be the reasonable and necessary time to fulfill the purposes of the Treatment in each case, taking into account the provisions of Article 11 of Decree 1377 of 2013.

 

Supplier database 

 

Description:

This Database corresponds to the personal information that is collected on natural or legal persons through their legal representative, which in their capacity as suppliers of goods and services, lend or sell to AMBIGUO DESIGN. Within this database, the following information is collected: name of the person or legal representative, as appropriate, email, contact telephone number and address.

How the data is collected:

The information is collected by requesting various documents at the time of entering our database, these correspond to a copy of the RUT, Chamber of Commerce, Bank Certificate and others.

The area in charge of processing this information within AMBIGUO DESIGN is the Accounting Department.

 

Purpose:

The information contained in this database is intended to keep track of the information of suppliers and/or creditors, comply with the obligations derived from the civil or commercial contract, updated bank details to make payments derived from the contractual relationship and assignment of taxes according to information provided, send reports to the DIAN, and District Treasury Secretariat and in general tax and control entities, in accordance with the provisions of Colombian regulations. 

 

Treatment:

The personal information contained in this database is subject to collection, processing, storage, use, updating, transmission and deletion. This information is contained in a magnetic medium, whose access is limited to the personnel of the area in charge of processing this data.

It is important to note that it is possible to delete personal data at the request of its owner. Said elimination proceeds by means of a request sent by the owner through the communication channels to the Data Controller.  

 

Validity

This database is valid as long as there is a contractual relationship with the provider, for a period of ten (10) years, starting from its separation. For this purpose, it will be kept in the Company's central file for consultation purposes.

 

Employee database 

 

Description:

This Database contains the information that is collected on employees and/or contractors (linked through work contracts, learning contracts and service provision).  Within this database, collects the following information: type and number of document, place of birth, date of issue of the document, full name, age, sex, marital status, place of residence, address, landline and cell phone, personal email, ethnic group, age , type of housing, type of transportation to commute to work, stratum, pension fund, EPS, severance fund, data on family members including children, biometric record (fingerprint), photographic record, occupation, formal and certified academic information, exam occupational physician, state of health, level of studies, title obtained, date of admission, date of completion, name of the institution, other studies, languages, work experience, tenure position Employee, name of the company, salary, telephone, name of the immediate boss, start date, retirement date, details of the person to contact in case of emergency, name, relationship, company, position, section, type of relationship, working day labor, basic salary, bank account number for payroll, bank and city. In this database the following sensitive data is collected: related to the state of health, blood group and fingerprint.

 

How the data is collected:

AMBIGUO DESIGN collects the information contained in this database during the personnel selection and hiring process, as well as the Entry Resume Format. It is important to note that the employment or service contract includes a provision in which the owner authorizes the Company to process their data. Additionally, employees sign an authorization for the use and treatment of image rights on photographs or analogous and/or digital procedures for corporate identification purposes. 

Purpose:

The data in this Base is only collected in order to comply with the obligations derived from the employment contract, among which are, the attention of requests, the generation of certificates and records, the affiliation to the entities of the Social Protection System, carrying out Labor Welfare activities, gathering accounting records, reporting to control and surveillance authorities, adopting measures to prevent illegal activities, paying taxes, communication in case of absence, quality assessments of services offered, among other administrative, commercial and contact purposes. 

Likewise, the purpose of this database is to have updated information on all employees regarding their position within the company, position, salary, social security information, location data, recruitment data, tax information and modifications that are presented on the occasion of the employment contract. Sensitive data such as fingerprints are used to control entry and exit to the Company's facilities, and the blood group or other information related to the worker's health is used in emergencies or for reporting to the authorities. entities of the Social Security System in Health. 

 

Treatment:

The treatment that this database receives from AMBIGUO DESIGN in its capacity as Responsible and In Charge, includes the processing in a physical and electronic file, the collection, storage, use, circulation, updating, transmission and/or transfer and the deletion of the data provided. The data is also used to send reports to the administrative entities that request it, based on the Social Security System and complementary regulations. 

Employee data is contained in surveys conducted in Microsoft Forms and/or Excel databases. Additionally, in the employment contract, the worker's rights to know, update, rectify and delete are made available, as well as the possibility of accessing the data provided at any time and the procedure to request its correction, update or deletion of the bases. Company data.

 

Validity:

This Database will be valid as long as the employment relationship between the employee and AMBIGUO DESIGN exists, for a period of 80 years from the date of settlement of the contract. The foregoing given the legal effects of the information regarding the implications for the social security of employees. Likewise, AMBIGUO DESIGN will keep the information in a central file of the Company.

 

PQRS database

 

Description:

This Database corresponds to the personal information that is collected through the channels provided by the Company for the attention of requests, complaints, claims and suggestions (PQRS), in which the Owner must provide personal data that allows their identification and Contact to respond according to the type of request in question. Within this Database, data such as: Name, type and number of identity document, contact telephone number, address and email are collected.

 

How the data is collected:

The data arising from a PQRS is obtained through the channels provided by the Company for contact by digital means through the email support@ambiguodesign.com that is published on the website.

For this compilation, AMBIGUO DESIGN requests the interested party, either through a digital notice or through a physical format, authorization for the processing of their data in accordance with the policies expressed here.

 

Purpose:

Treat and respond to requests, complaints, claims and/or suggestions submitted to the Company. 

 

Treatment:

The data provided by the people who file the PQRS, receive a treatment that includes the processing in a physical and/or electronic file depending on the medium in which it is filed, the collection, storage, use, updating and deletion of the data provided. . 

The area in charge of processing this data within AMBIGUO DESIGN is: Social Department.

 

Validity

This Database will be valid for a period of up to five (5) years in the Company's central file.

 

PROCESSING OF PERSONAL DATA OF CHILDREN AND ADOLESCENTS 

 

According to the provisions of Article 7 of Law 1581 of 2012 and Article 12 of Decree 1377 of 2013, THE COMPANY will only carry out Treatment corresponding to children and adolescents, as long as this Treatment responds to and respects the best interest of children and adolescents and ensure respect for their fundamental rights.  

Once the above requirements have been met, THE COMPANY must obtain the Authorization of the legal representative of the child or adolescent, prior to the minor's exercise of his or her right to be heard, an opinion that will be assessed taking into account maturity, autonomy and ability to understand the matter.

 

NOTICE OF PRIVACY

 

When it is not possible to make the Information Treatment Policy available to the owner, the Company will inform by means of a Privacy Notice, about the existence of such policies through a privacy notice that will be included in the physical or electronic form. that is made available to the Holder at the time of data collection. The legend that will include said form will be the following:

 

Notice of Privacy

 

Ambiguo Design SAS (hereinafter "THE COMPANY") declares that it protects the personal data provided by the Holders by virtue of the provisions of Law 1581 of 2012 and informs them that the personal data will be used in the terms given in the authorization by the Owner of the data. 

The personal data provided by the Holder will be used by THE COMPANY for the purposes set forth in the Authorization Form delivered to the Holder and the Manual of Policies for the Treatment of Personal Data adopted by THE COMPANY._cc781905-5cde-3194-bb3b- 136bad5cf58d_

The data will be collected, stored, updated, and deleted in accordance with the provisions of the Manual of Policies for the Treatment of Personal Data.

The person in charge of data processing will be THE COMPANY or whoever it delegates. The treatment may be carried out directly by THE COMPANY or by the third party that it determines. 

Validity of the data: The personal data provided by the Holders will be kept stored in accordance with the provisions of the Manual of Policies for the Treatment of Personal Data.

 

The following are the rights of the Holders: 

1. Know, update and rectify your personal data. This right may also be exercised, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is expressly prohibited or has not been authorized. 

2. Request proof of the authorization granted to the person in charge of the processing of your personal data.

3. Be informed of the use and treatment given to your personal data, upon request made through the service channels. 

4. Submit complaints to the Superintendence of Industry and Commerce for violations of the provisions of the law and other regulations that modify, add or complement it. 

5. Revoke the authorization and/or request the deletion of one or more data when the principles, rights and constitutional and legal guarantees are not respected in the treatment. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the processing of the data conducts contrary to the law and the Constitution have been incurred. 

6. Free access to your personal data that has been processed. 

 

The owner can see the Policy Manual for the Treatment of Personal Data of THE COMPANY through the following link:www.ambiguodesign.com/politica-de-privacidad

 

The contact details of THE COMPANY are:

general contact:info@ambiguodesign.com

Attention Ambiguous Design and PQRS:support@ambiguodesign.com

 

INQUIRIES AND CLAIMS

 

Persons to whom information may be provided:

 

The information and personal data that meet the conditions established by law and the other regulations that develop it, may be provided to the following persons: 

a) To the owners, successors in title or legal representatives. 

b) To public or administrative entities in the exercise of their legal functions or by court order. 

c) To third parties authorized by the owner or by law. 

AMBIGUO DESIGN guarantees the electronic means of communication for the formulation of queries, which will be the same used for the reception and attention of requests, complaints, claims, suggestions and/or denunciations. 

The query will be answered within a maximum term of ten (10) business days, counted from the date of receipt thereof. If the term expires without it being possible to attend to the query, the Company, as data controller, will inform the interested party, stating the reasons for the delay and indicating the date on which their query will be addressed, which may not exceed five (5) business days following the expiration of the first term. 

 

Claims:

 

The owners or their successors in title who consider that the information contained in a database must be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the Law and other regulations that develop it, may present a claim that will be processed under the following rules: 

 

Claim content: 

• Identification of the owner of the data. 

• Precise description of the facts that give rise to the claim. 

• Notification data, physical and/or electronic address. 

• The other documents that you want to enforce. 

​

If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the failures. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn. 

In the event that the person receiving the claim is not competent to resolve it, they will notify the appropriate person within a maximum term of two (2) business days and inform the interested party of the situation. 

Once the complete claim is received, a legend that says "claim in process" and the reason for it will be included in the database, within a term of no more than two (2) business days. Said legend must be maintained until the claim is decided. 

The claim will be dealt with in a maximum of fifteen (15) business days, counted from the day following the date of receipt. If it is not possible to address the claim within the established term, AMBIGUO DESIGN will inform the interested party of the reasons for the delay and the date on which their claim will be addressed, which may not exceed eight (8) business days following the expiration of the first term. . 

 

PROHIBITIONS

 

In order to guarantee the security of the information contained in the Company's Databases, the following prohibitions and sanctions are established as a consequence of non-compliance. 

​

• AMBIGUO DESIGN prohibits the access, use, management, assignment, communication, storage and any other processing of personal data of a sensitive nature without the authorization of the owner of the personal data and/or THE COMPANY.

• Incurring in this prohibition by the employees of THE COMPANY will entail the sanctions that may be applicable in accordance with the law. 

• AMBIGUO DESIGN prohibits the transfer, communication or circulation of personal data, without the prior, written and express consent of the owner of the data or without authorization from THE COMPANY. The transfer or communication of personal data must be registered in the corresponding Database, whose management and direction is the responsibility of THE COMPANY as the person responsible for the treatment.  

• AMBIGUO DESIGN prohibits the recipients of this Standard from any processing of personal data that may give rise to any of the behaviors described in the Computer Crime Law 1273 of 2009. Unless there is the authorization of the data owner and/or the Group companies as appropriate. 

• AMBIGUO DESIGN prohibits the processing of personal data of minor children and adolescents. Any treatment that is carried out with respect to the data of minors must ensure the prevailing rights that the Political Constitution recognizes for them, in harmony with the Code for Children and Adolescents. In cases of processing of these data, the authorization must be granted by the legal representatives, as the case may be. 

 

MODIFICATION OF THE PROCESSING POLICY

 

In the event of substantial changes in the content of this Personal Data Processing Policies Manual, referring to the identification of the Responsible and/or Manager and the purpose of the Processing of your personal data, which may affect the content of the authorization that the Owner has granted, AMBIGUO DESIGN will communicate these changes before or at the latest at the time of implementation of the new policies. 

In addition, when the change refers to the purpose of the Processing of personal data, AMBIGUO DESIGN must request a new authorization from you. 

For this purpose, AMBIGUO DESIGN provides on the Company's websitewww.ambiguodesign.com, all the information about the change to this Manual as well as the latest version of it.

​

Last update of the Privacy Policy Manual: January 27, 2022