POLICY FOR THE TREATMENT OF PERSONAL DATA BY MAGNETI CARDS

Magneti Cards SAS identified with NIT. 901818237 hereinafter referred to as “the company,” will be responsible for the processing of personal data.

By accepting this policy, I, as the owner of my personal data, consent to the processing of these data by the company, its strategic partners, subsidiaries, affiliated companies, and parent companies for the purpose of fulfilling functions and obligations arising from various operations conducted through electronic commerce or in-person at business establishments. I agree that my personal data will be used to fulfill the current relationship I have with the company, and for the following purposes: statistical analysis, marketing, contact, sending documentation, information, promotions, company events or events of its allies, or notifications, among others, unless I expressly or verbally request that my data be deleted, corrected, or removed from the company’s databases through the mechanisms established in this policy.

Below, you will find the policy for the treatment of personal data adopted by the company, applying and complying with the obligations of Law 1581 of 2012 and other regulations that modify it. This policy is adopted because it is very important for the company to safeguard the personal data of its customers, employees, suppliers, or any other natural person who has a relationship with the company, and it is our purpose to fulfill the obligations owed to them.

The company guarantees the rights of privacy, intimacy, and good reputation in the treatment of personal data, and consequently, all our actions will be based on the principles of legality, purpose, freedom, truthfulness or quality, transparency, access and restricted circulation, security, and confidentiality.

All individuals who, in the exercise of our commercial, labor, or corporate activities, provide any type of information or personal data, may know, update, and rectify their data at any time, that is, exercise their rights to habeas data; this is the main objective of our policy.

PURPOSE OF THE POLICY FOR THE TREATMENT OF PERSONAL DATA

This policy for the treatment of personal data aims to implement the provisions contained in Law 1581 of 2012 and other regulations that modify it, exclusively regarding the databases, files, and information containing personal data subject to processing, and explains how the company collects, stores, manages, uses, circulates, and processes information that you provide to us through various means.

The company is interested in safeguarding the privacy of the personal information of the owner obtained through various means, for which it undertakes to adopt this policy.

The owner acknowledges that the entry of personal information on the different platforms provided by the company is done voluntarily and upon request of specific requirements from the company to provide or offer a service or product, or to access interactive mechanisms.

The owner agrees that, through interaction with the company, personal data may be collected, which may be transferred to third parties. To this end, by accepting this policy, the owner accepts and acknowledges that the company may process the collected data.

The collection and automated processing of personal data, as a result of browsing and/or interacting with the company, have the following purposes:

  • Proper management and administration of the products and/or services offered through different marketing channels, in which the owner decides to register, use, or hire.
  • Quantitative and qualitative study of visits and use of services by the owners.
  • Sending information and/or products, and/or services related to the company and its commercial partners by traditional and electronic means.
  • Carrying out any procedure before an authority or a person or private entity, regarding which the information is relevant.
  • Proper commercial management that the company may carry out directly, in order to offer products or services, including but not limited to, sale of furniture, advertising, among others.
  • Sending information related to companies that have a direct relationship with the company. However, it is clarified that the company will be responsible for the management of such data.

DEFINITIONS

  1. Personal Data: Any information related to one or more natural persons.
  2. Private Data: Data that, due to its intimate or reserved nature, is only relevant to the data subject.
  3. Public Data: Data relating to civil status, profession or occupation, and to the quality of trader or public servant of a person. This data can be obtained and offered without any reservation, regardless of whether it refers to general, private, or personal information.
  4. Semi-Private Data: Data that is not intimate, reserved, or public, whose knowledge or disclosure may be of interest not only to its owner but to a certain sector or group of people or to politics in general, such as financial and credit information of commercial activity.
  5. Sensitive Data: Data that affects the privacy of the owner or whose misuse may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promote interests of any political party, among others.
  6. Authorization: The prior, express, and informed consent of the owner for the company to carry out the processing of their personal data.
  7. Database: The organized set of personal data that is subject to processing.
  8. Processor: The natural or legal person, public or private, who, by himself or in association with others, processes your personal data on behalf and on behalf of the company.
  9. Controller: The company itself or in association with others, who decides on the Database and/or the processing of personal data.
  10. Owner: You are the natural person providing personal data to the company and are subject to processing;
  11. Processing: Any operation or set of operations on your personal data, such as collection, storage, use, circulation, or deletion.

OBLIGATIONS OF THE COMPANY

The company will use the information solely and exclusively to fulfill the functions and obligations arising from various operations conducted through electronic commerce or in-person at our business establishments, if any, as well as with the legal relationships that exist with our employees, managers, and dependents. In turn, it will have said information for statistical, marketing, contact, sending documentation, information, promotions, company events or events of its allies or notifications, among others, unless you expressly or verbally request that your data be deleted, corrected or deleted from the company’s databases through the mechanisms established in this policy.

At the time of carrying out any type of activity with the company, whether in person or through electronic means, the owner must expressly or tacitly manifest their consent to the handling of their information. The consent must be free, prior, express, and informed on your part as the owner of the personal data for the processing of these, except in cases expressly authorized by law.

You can express your authorization in the following ways: (i) verbally at the time of purchase, (ii) in writing, and (iii) when accepting the terms and conditions of commercial relationships.

EXCEPTIONS TO AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA

  • When such information is required by a public or administrative entity exercising its constitutional or legal functions.
  • When a judicial order requires it.
  • In cases of medical and/or health emergencies.
  • Treatment of information authorized by law for historical, statistical, or scientific purposes.
  • Data related to the civil registry of individuals.
  • Others established by law.

RIGHTS OF DATA SUBJECTS REGARDING THEIR PERSONAL DATA

In compliance with the applicable regulations, it is informed of the existence of an automated file of personal data. Data subjects are recognized the rights of access, rectification, cancellation, and opposition to the processing of personal data and may exercise them by sending a request to the email address team.magneticards@gmail.com

RIGHTS OF DATA SUBJECTS

  • Know, update, rectify, and request the deletion of your personal data from the company’s databases.
  • Be informed of the uses that are being made of their personal data.
  • File complaints and claims with the relevant entities and with the company.
  • Receive a clear and complete response.
  • Revoke the authorization provided to the company for the processing of personal data.
  • Others established by law.

COMPANY’S DUTIES

  • Request authorization for the processing of personal data and inform you of its use.
  • Recognize your exercise of the fundamental right of habeas data.
  • Use information under maximum security conditions to prevent its loss, manipulation, adulteration, or fraudulent use.
  • Update or rectify information when requested by the owner.
  • Others established by law.

USE OF COOKIES AND ACTIVITY FILE, WEBSITE MONITORING

Access to the company’s website, marketplace, or e-commerce may involve the use of cookies to recognize users who have registered and to offer them a better and more personalized service, as well as technical information.

Similarly, the servers of the website automatically detect the IP address and network name used by the user. All this information is temporarily recorded in a server activity file that allows the subsequent processing of data to obtain statistical measurements, to know the number of impressions of sites, and the number of visits made to it, among other measurements.

In addition to proprietary website monitoring systems, it uses external statistical tools or any other tool considered useful and convenient for such purposes, without the need to notify the user of these changes. The information generated by the cookie about the user’s use of the website (including their IP address) may be directly transmitted and stored by the administrator of said cookie on its servers and wherever they are located. This information will be used on behalf of said company and/or cookie administrator for the purpose of tracking the user’s use of the website, compiling reports on the activity of it and providing other services related to the activity of it and the use of the Internet.

It may also transmit such information to third parties when required by law, or when such third parties process the information on behalf of the company and/or cookie administrator. The company and/or cookie administrator will not associate the user’s IP address with any other data it may have.

The user can reject the processing of data or information by using cookies by selecting the appropriate settings on their browser, however, it should be noted that if they do so they may not be able to use the full functionality of the website. By using this, the user consents to the processing of information by the company and/or cookie administrator, in the manner and for the purposes indicated above.

TRANSFER OF PERSONAL DATA OF DATA SUBJECTS TO THIRD PARTIES

The company may transfer to third parties the personal data of the data subjects collected through the website. The user expressly accepts this treatment. In addition to this, the owner agrees that their personal data may be transferred when required by competent administrative authorities or by court order.

The owner also understands that the data provided by him/her will be part of a file and/or database that may be used by the company for the purpose of completing a certain process or management. The owner may modify or update the information provided at any time, provided that such modification is made before the delivery of the requested service or product to the company.

Since no internet transmission is absolutely secure, nor can such security be guaranteed, the owner assumes the hypothetical risk that this implies, which he/she knows and expressly accepts, totally exempting the company from this, including the risk that for some reason may arise on the platform intended for making payments for services or products.

The company is not responsible for any consequences derived from the unauthorized access of third parties to the database and/or from any technical failure in the operation and/or data retention in the system in any of the menus of its website.

The company has adopted the levels of security protection of personal data legally required, installing technical and organizational measures.

The company may modify the policies for the treatment of personal data contained herein, at its sole discretion and at any time, and they will be valid once published on the website.

In the event that the company modifies the policy for the treatment of personal data contained herein, it may inform the data subjects through its website or through other means it deems pertinent.

The company informs that the data subjects whose personal data processing it carries out have the following rights:

  • Access the personal data that have been subject to processing in accordance with Law 1581 of 2012 and other regulations that modify, add, or complement them.
  • Know, update, and rectify personal data in relation to the person in charge of the processing and the processor. The right to update and rectify data may be exercised, among other data, in relation to partial, inaccurate, incomplete, fragmented data, which lead to error, or those data whose processing is expressly prohibited or has not been authorized.
  • Request proof of the authorization granted to the data controller, except when expressly exempted as a requirement for processing, in accordance with the provisions of Article 10 of Law 1581 of 2012.
  • Be informed by the data controller or the data processor, upon request, regarding the use that has been made of the personal data.
  • Submit complaints to the Superintendence of Industry and Commerce for infractions of the provisions of Law 1581 of 2012 and other regulations that modify, add, or complement them.
  • Revoke the authorization and/or request the deletion of the data when the processing does not comply with the constitutional and legal principles, rights, and guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that the controller or processor have engaged in conduct contrary to the Constitution, Law 1581 of 2012, and other regulations that regulate, modify, or substitute it.

In compliance with Law 1581 of 2012 and Decree 1377 of 2013 and other regulations that modify, add, or complement them, we inform you that you can access this personal data treatment policy through the official website: WWW.MAGNETICARDS.COM.

PROCEDURE TO EXERCISE THE RIGHTS TO HABEAS DATA

Data subjects may exercise the rights to know, update, rectify, revoke the authorization by sending a communication to the address and to the area indicated in this policy team.magneticards@gmail.com This communication must contain at least the following:

  1. The name, address of the owner, and contact method to receive the response such as telephone, email, home address.
  2. The documents proving the identity or representation of your representative.
  3. A clear and precise description of the personal data regarding which the owner seeks to exercise any of the rights.
  4. If applicable, other elements or documents that facilitate the location of personal data.

Once the communication is received by the data controller, a response will be given within the terms established in the applicable regulations.

WHO WE ARE

Suggested text: The address of our website is: https://magneticards.com.


Version: 1 – April 24, 2024.