Policy for Information Processing

Ecotermales VINCENT S.A..

Ecotermales VINCENT S.A.. (hereinafter "Company”), is a company dedicated, among others, Natural Reserve to protect the San Vicente; managing their resources sustainably to achieve through its brands with quality and service meet welfare needs, Health, Education, Recreation & Entertainment Colombians and foreigners seeking services, products and experiences for their welfare, who are committed to the protection of ecosystems helping to counter climate change and loss of oxygen to humanity. We will achieve this with our people which shall be governed by the principles of Service, Honesty, Responsibility, Honesty and Spirit of Accomplishment. Always open to innovation and within a legal framework to contribute to profitability for its partners.

The policies described below apply to the processing of personal data controlled by the Company in its capacity as (as such term is defined in the Act 1581 from 2012), and in particular, to those contained in the databases comprised of user information, visitors, customers, providers, employees and third parties in general.

(i) Contact information

The company has its administrative offices in the Race 13 No 15 – 62 Pereira, Colombia and it can be contacted at the address or e-mail and phone contacto@sanvivente.com.co 320 693 3707.

(ii) Definitions

Personal data: Any information that can be associated or linked to one or more specific or determinable natural persons. Some examples of Personal Data the following: first name, citizenship card, address, email, phone number, civil status, health data, fingerprint, salary, goods, financial statements, among others.

These data are classified in:

  1. Public information: It is the fact that not Semiprivate, Private or sensitive. They are considered public information, among others, data concerning the civil status of persons, his profession or trade and as a merchant or public servant.
  2. Personal Data Private: It is the fact that their intimate or confidential nature is only relevant to the person holding the data.
  3. data Semiprivate: Semiprivate is the fact that no intimate nature, reserved, nor public and whose knowledge or disclosure may be interested not only the owner but also a certain sector or group of persons or to society in general, for example, those relating to compliance and non-compliance of financial obligations or data concerning relations with the entities of social security.
  4. Sensitive data: Information affecting the privacy of the Contractor or whose misuse can lead to their discrimination, such as those revealing racial or ethnic origin, political orientation, religious beliefs or philosophical, trade union membership, Social Organizations, human rights or promote interests of any political party or to guarantee the rights and guarantees of opposition political parties as well as data relating to health, sex life and biometric data, among others, image capture still or moving, Fingerprints, Photographs, iris, speech recognition, facial or hand palm, among others.

Holder data: natural person whose personal data are processed.

customers: They are natural or legal persons performing functions operating agencies.

Treatment: Any operation or set of operations on Personal Data, such as gathering, storage, use, movement or deletion.

Authorization: prior consent, express and informed Holder of personal data to perform the processing of personal data.

Controller: natural or juridical person, public or private, which by itself or in association with other, decides on the database and / or data processing.

Data Processor: natural or juridical person, public or private, which by itself or in association with other, performs the processing of personal data on behalf of the controller.

Advertisement: Holder's data request or persons authorized by it or by law to correct, update or delete your personal data or to revoke the authorization in cases established by law.

Transfer: Data transfer occurs when the Manager and / or processor of Personal Data, located in Colombia, sends information or personal data to a receiver, which in turn is responsible for treatment and is inside or outside the country.

Transmission: Processing of personal data involving communicating them within or outside the territory of the Republic of Colombia when intended to carry out a treatment by the Manager on behalf of the Head.

(iii) Principles for Personal Data Processing

Treatment of Personal Data the Company will apply the principles listed below, which are the rules to follow in the collection, driving, use, treatment, storage and exchange of personal data:

Legality: The processing of personal data should be according to the applicable legal provisions (statutory law 1581 from 2012 and its implementing regulations).

end: The collected personal data should be used for a specific and explicit purpose which must be reported to the Contractor or permitted by law. The Contractor must be informed clearly, and after enough about the purpose of the information provided.

Freedom: The collection of personal data may only be exercised with the authorization, previous, express and informed Holder.

Accuracy or quality: Information subject to the Processing of Personal Data must be truthful, full, exact, updated, verifiable and understandable.

Transparency: In the Personal Data Processing Holder right should be guaranteed to obtain at any time without restrictions, information about the existence of data relating to him.

Access and restricted circulation: The processing of personal data may only be performed by persons authorized by the holder and / or by persons under the Act.

Security: Personal data subject to treatment should be handled taking all security measures necessary to prevent loss, adulteration, query, use or unauthorized access or fraudulent.

confidentiality: All staff working in the Company are obligated to maintain confidentiality of personal data, even after its employment or contractual relationship.

(iv) Treatment and purposes which will be submitted personal data processed by the Company

Managed by the Company Personal Data will be collected, used, stored, updated, transmitted and / or transferred, for the following purposes or purposes:

  1. general:
  1. Send information (via email, telefónica, SMS, physical or other means) on offers and / or advertising related to the company and other projects, services and products offered and develops the Company and its related companies,
  2. Sending information about activities, concerts, playful activities, cultural or entertainment activities conducted at or thermal reserve or developed or managed by the Company;
  3. Use personal data for commercial and marketing
  4. Allow participation in marketing and promotional activities and performing them in social networks (including participation in competitions, raffles and drawings) in or by the Thermal Reserve or developed or managed by the Company.
  5. Control access to the offices of the Company, outlets and its affiliates and / or thermal reserve and establish security measures companies, including establishing video-monitored areas.
  6. Provide access to various services relating to websites, including downloadable content and formats;
  7. Register Personal Data in Information Systems Company and its related companies and their bases of commercial and operational data;
  8. Assess the quality of service, market research and statistical analyzes for internal use;
  9. Carry out processes own internal or external audit of business that the Company develops;
  10. Surveys and general surveys aimed at determining views on a good or service (via email, telefónica, SMS, physical or other means).
  11. Manage goods and services provided by third parties for the proper development of the business of the Company.
  12. Allowing the companies related to the Company, with which the Company has entered into agreements that include provisions to ensure the safety and proper treatment of personal data processed, contact the Holder for the purpose of offering goods or services of interest;
  13. Responding to inquiries, petitions, complaints and claims that are made by the owners and watchdogs and transmit personal data to other authorities under the applicable law should receive Personal Data;
  14. Any other activities of similar nature and / or complementary to those described above are necessary to develop the objects of the Company.

  1. Regarding the personal data of our customers and visitors to the thermal reserve Ecotermales de San Vicente S.A.:

In addition to the purposes set out in paragraph A. anterior, Personal data of our customers and visitors will be collected Thermal Reserve, used, stored, updated, transmitted and / or transferred for the following purposes, as applicable:

  1. Transfer and / or transmit the information collected to different areas of the Company and its related companies in Colombia and abroad when necessary for the development of its operations (Payments, Creating Customers, Portfolio collection and administrative charges, treasury, accounting, among others) and / or performance of any contractual obligation;
  2. Transmit and / or transfer your personal data, in Colombia and abroad, to affiliates or related, to suppliers of goods and services and business partners of the Company, as it required for purposes of compliance with the obligations arising from a contractual relationship;
  3. Internal management and / or compliance with any of the obligations arising from the business or contractual relationship
  4. Your personal data (including data of their employees and / or contractors) in information systems of the Company and its bases commercial and operational data.
  5. Facilitate the design and implementation of loyalty programs;
  1. Regarding the personal data of our employees:

  1. The celebration, execution and termination of the employment contract
  2. Control access to the offices of the Company and related companies and establish security measures including the establishment of video-monitored areas.
  3. Manage and operate, directly or through third, selection processes and linking staff, including evaluation and qualification of participants, verification of employment and personal references and conducting safety studies;
  4. Develop the activities of human resource management within the Company, such as payroll, entities affiliations general social security system, wellness activities, occupational health, exercise of the sanctioning authority of the employer;
  5. Make necessary payments arising from the execution of the employment contract and / or termination and other benefits that may be required in accordance with applicable law;
  6. Contract with third employee benefits such as life insurance, medical expenses, among others;
  7. Notify authorized in case of emergencies during working hours or during the development of the contacts;
  8. Coordinate the professional development of employees, employee access to computer resources and assist the Company in its use;
  9. Business planning activities;
  10. conduct training ;
  11. Register your details in the information systems of the Company and its databases;
  12. Transfer and / or transmit the information collected to different areas of the Company and its related companies in Colombia and abroad when necessary for the development of its operations, payroll management and / or performance of any contractual obligation;
  13. Transmit and / or transfer your personal data, in Colombia and abroad, to affiliates or related, to suppliers of goods and services and business partners of the Company, as it is required for purposes of payroll management and / or compliance with the obligations arising from the contractual relationship;
  14. Any other activities of similar nature and / or complementary to those described above are necessary to develop the objects of the Company.
  1. Regarding the personal data of our suppliers

  1. The celebration, execution and completion of the contract or service delivery
  2. Control access to the offices of the Company and its affiliates and / or companies Thermal Reserve and establish security measures, including establishing video-monitored areas.
  3. Transfer and / or transmit the information collected to different areas of the Company and its related companies in the Colombia and abroad when necessary for the development of its operations (Portfolio collection and administrative charges, treasury, accounting, among others).
  4. Record the data collected in the Company's systems and process payments.
  5. Your personal data (including data of their employees and / or contractors) in information systems of the Company and its bases commercial and operational data.
  6. Any other activities of similar nature and / or complementary to those described above are necessary to develop the objects of the Company.

(v) His rights as owner of personal data subject to treatment by the Company

In accordance with the provisions of Article 8 of the law 1581 from 2012, The owner of the Personal Data have the following rights:

  1. Know, update and correct Personal Data to the Company;
  2. Request proof of the authorization granted to the Company;
  3. Be informed by the Company, upon request, regarding the use given to your Personal Data;
  4. Submit to the Superintendency of Industry and Commerce complaints for violations of the provisions of the Law 1581 from 2012 and its regulations, Once you have exhausted the consultation process or grievance with the Company;
  5. Revoke Authorization and / or request the deletion of data when the processing performed by the Company does not respect the principles, rights and constitutional guarantees and legal;
  6. Access free of charge to your Personal Data that have been processed.

Holders rights may be exercised by the following persons:

  1. For the Contractor;
  2. For his assignees, who shall certify that quality;
  3. The representative and / or agent Holder, with proof of representation or seizure;
  4. By stipulation for another or for another.

(we) Duties of the Company when it acts as controller of Personal Data

The Company is aware that personal data are owned by people they refer and only they can decide on them. In that sense, the Company will use personal data collected solely for the purposes for which it is duly empowered and respecting, in any case, the current regulations on the Protection of Personal Data.

The Company will address the duties provided for controllers, contained in Article 17 of the law 1581 from 2012 and other regulations that regulate, modify or replace.

(vii) Notice of Privacy

The privacy notice is the physical document, electronic or any format that is made known to the Titular, before or at the time of data collection, and it is the means by which he is or will be informed of all matters relating to political information processing that will be applicable, ways to know and, in general, the purposes for which data have been obtained and the treatment that the Company will give them.

(viii) Area person responsible for the care requests, complaints or claims information Holders

The area responsible for handling requests for access, rectification, upgrade, deleting data or revocation of consent or authorization granted for the processing of personal data is the compliance officer of the Company, located in Carrera 13 No 15 – Pereira, Colombia, email contacto@sanvicente.com.co, phone 320 693 3707.

The compliance officer, generally, It has the following functions:

  1. Promote the development of a system that allows managing the risks of processing of personal data.
  2. Coordinate the definition and implementation of controls Integral Management Program Personal Data.
  3. Liaising and coordinating with other areas of the company to ensure implementation of the Comprehensive transverse Management Personal Data.
  4. Foster a culture of data protection within the organization.
  5. Maintain an inventory of personal databases held by the organization and classify them according to their type.
  6. Register databases of the Company in the RNBD and update the report in response to the instructions on the subject issued by the Superintendence of Industry and Commerce (“SIC”).
  7. Get the statements under the SIC when required.
  8. Review the contents of contracts of international data transmissions to be signed with non-residents Managers in Colombia.
  9. Accompany and assist the organization in care visits and requirements to perform the SIC.
  10. Track the Integral Program Management Personal Data.

(ix) Procedures for access, Consult, rectify and update your information

Holders of personal data processed by the Company are entitled to access their personal data and the details of such treatment, as well as to rectify and update them if they are inaccurate or to request removal if it considers that prove to be excessive or unnecessary for the purposes for which they were obtained or oppose the processing of them for specific purposes.

Pathways that have been implemented to guarantee the exercise of those rights through the filing of the application are:

  • Offices located in Carrera 13 No 15 – 62 Pereira, Colombia
  • The e-mail adress contacto@sanvicente.com.co

These channels may be used by holders of Personal Data, or third parties authorized by law to act on their behalf, in order to exercise the following rights:

  1. The Contractor may consult for free their personal data at least once each calendar month. For that end, you can make a request indicating the information you want to know, through any of the mechanisms described above.

The request will be handled by the Company within a maximum period of ten (10) working days from the date of receipt thereof. When it is not possible to comply with the request within the term, this fact the applicant will be informed, specifying the grounds for the delay and indicating the date your inquiry will be addressed, which in no case shall exceed five (5) working days following the expiry of the first term.

  1. In accordance with the provisions of Article 14 of the law 1581 from 2012, the Contractor or its assignees consider that the information treated by the company should be subject to correction, update, or delete, or when you need to be revoked by noted the alleged breach of any of the duties contained in the Act, They may submit a request to the Company, which will be processed under the following rules:
  • Holder or his successors must prove their identity, your representative, representation or provision for another or for another. When the request is made by a person other than the owner and not stating that it acts on behalf of one, It shall be deemed not filed.
  • The request for rectification, upgrade, deletion or revocation should be presented through means enabled by the company indicated herein and contain, as a minimum, the next information:
  1. Name and surname of the principal
  2. CC photocopy of the holder and, where appropriate, the person representing, and the document certifying said representation.
  3. Petition Alleging particular application (rectification, suppression, revocation…),
  4. Address for notifications, date and signature of the applicant.
  5. Documents proving the request made, where appropriate.

The maximum term to service this request shall be fifteen (15) working days from the day following the date of receipt. When it is not possible to see you within this term, It will inform the person concerned about the reasons for the delay and the date your claim will be addressed, which in no case exceed eight (8) working days following the expiry of the first term.

(x) Period of Databases

Personal information under the control of the Company will be kept for the time required according to the purpose of processing and / or term that is required to comply with a legal or contractual obligation. The Company has adopted measures for the timely and safe disposal of personal data, contained in the Manual of Policies and Procedures.

The data obtained by the video monitored areas have a duration of 8 days, However if presented new backup of the event will be held.

(xi) Processing of sensitive data

Developing its business, the Company performs processing of sensitive data for specific purposes. For example, collects, uses and stores health data of visitors to the thermal reserve entering infirmaries, to keep records and adequate control in the operation of the same; collects, usa, and stores health data and work disabilities of their workers.

The Company will only perform processing of sensitive personal data as has been previously authorized by the respective owners and treat low standards of security and confidentiality corresponding to their nature. For this end, the Company has implemented administrative measures, technical and legal contained in the Manual of Policies and Procedures, mandatory for employees and, as applicable, its suppliers, related companies and / or business partners.

Collection of Sensitive Personal Data in any case notice that it is optional and does not constitute a condition for access to any of our products or services.

(xii) Personal data of minors

The company will treat the information and personal data of minors strictly confidential, under appropriate security measures and strict respect for their rights prevalent.

For cases where it is necessary to collect personal data from minors, for example, to carry out registration and control of revenues infirmaries Thermal Reserve beneficiary or affiliation to the social security of employees of the Company, the Company will request the authorization of treatment is underwritten by the legal representatives of minors.

(xiii) International and national data transmissions MANAGERS

When the Company desired or required to send or transmit personal data to one or more Managers located inside or outside the territory of the Republic of Colombia, shall establish contractual clauses or conclude a contract for transfer of personal data where, among others, the following is agreed:

  1. The scope and purpose of Treatment.
  2. The activities that the charge made on behalf of the Company.
  3. Obligations to be met by the Manager against the holder of the data and the Company
  4. Manager's duty to process data in accordance with the purpose authorized for it and observing the principles established in Colombian law and politics present.
  5. Manager's obligation to adequately protect personal data and databases as well as maintain confidentiality regarding the processing of data transmitted.
  6. A description of the specific security measures that will be taken by both the Company and by the data manager at your destination.

The Company will not request authorization when the international transmission of data be protected by one of the exceptions provided for in the Act and its Regulatory Decrees.

(xiv) Security of the information

Developing the security principle established in the Law 1581 from 2012, the Company has adopted the technical measures, human and administrative measures deemed necessary to provide security to the personal data processed, avoiding adulteration, lost, query, use or unauthorized access or fraudulent.

This Policy Information Processing will take effect 01 March 2017.


If you wish, discharge here POLICY FOR THE TREATMENT OF INFORMATION.

Business agreements