Terms and conditions

Target

The Corporación de Productores y Exportadores de Aguacate Hass de Colombia (hereinafter “Corpohass”), a non-profit entity identified with NIT 900.660.865-1, with its main address in the city of Medellín, Colombia, in order to strictly comply with the current regulations on the protection of personal data and, committed to the privacy of the personal information of its affiliates, partners, suppliers, contractors, users, employees and the general public, adopts the following Policy for the Treatment of Personal Data (hereinafter the “Policy”).

In this Policy, applicable to the personal data registered in its databases, Corpohass details the general corporate guidelines on the due treatment of the personal data of the owners, the rights of the owners, the area responsible for answering queries and claims, and the procedures that must be exhausted to know, update, rectify and delete personal data.

Regulations

The rules applicable to the date of entry into force of this Policy are:

3.1.Law 1581 of 2012: it is the Statutory Law on Personal Data Protection, which establishes the general principles applicable to any type of processing of Personal Data; the duties and obligations of the Responsible and Responsible for the processing of information: the considerations related to the request for authorization or consent of the holders of the information and the rules related to the transfer of personal data. Likewise, it includes the rights of the owners and the mechanisms to make them effective, as well as the applicable sanctioning regime, among others.

This rule and those that regulate, modify, or replace it are applicable only to the processing of personal data carried out in Colombian territory or whenever a Controller or Processor of the information that is not located in Colombia is subject to Colombian law in accordance with applicable international treaties.

3.2. Decree 1377 of 2013 regulating Law 1581 of 2012: Adds new rules related to the transmission of personal data from a Controller to a Data Processor, as well as the exercise of rights by the owners of the information; regulates the authorizations for the processing of sensitive data, the requirements of form of the privacy notice and the personal data processing policy, as well as the principle of proven responsibility.

3.3. Decree 886 of 2014: Regulatory Decree of Law 1581 of 2012 that adds provisions on the National Registry of Databases as an obligation of the Data Controller of the same and of the information contained therein.

The creation of this National Registry implies that the Controller of personal data will have to submit through a web platform the information related to the processing of its databases under Law 1581 of 2012. Additionally, through External Circular N. 2 of November 2015, the Superintendence of Industry and Commerce issued specific instructions on the Registry and the platform that supports it.

3.4. Penalty regime: As established by Law 1581 of 2012, the Superintendence of Industry and Commerce has the power to initiate administrative investigations against those responsible for or in charge of the processing of personal data who allegedly fail to comply with the regulations on the matter. Verification of non-compliance may result in sanctions that include:

(i) fines of up to 2,000 legal monthly minimum wages in force; (ii) order of suspension, for up to six (6) months, of all activities related to the processing of personal data and the indication of the corrective measures to be implemented; (iii) the temporary closure of operations related to the processing of personal data if the company does not comply with the corrective measures ordered; and (iv) the immediate closure of sensitive data processing operations.

3.5. Criminal Regime: Law 1273 of 2009 amends the Colombian Criminal Code and adds Article 269F called violation of personal data, and whose content is as follows: “whoever, without being authorized to do so, for his own benefit or that of a third party, obtains, compiles, subtracts, offers, sells, exchanges, sends, purchases, intercepts, discloses, modifies or uses personal codes, personal data contained in files, archives, databases or similar means, shall incur a prison sentence of forty-eight (48) to ninety-six (96) months and a fine of 100 to 1000 legal monthly minimum wages in force”.

Definitions

For the understanding and interpretation of this Policy, the following definitions shall be taken into account:

  • “Database” refers to the organized set of personal data that are subject to processing.
  • “Digital Database” refers to the personal database that is created and/or stored through a computer program or software.
  • “Physical Database” means a personal database that is created and/or stored manually and/or in physical locations.
  • “Affiliate” refers to any person who sustains a commercial, contractual or obligatory relationship with Corpohas.
  • “Personal Data” refers to any information linked or that may be associated to one or several determined or determinable natural persons. Among these are, by way of example:

a. Identification data of the person (name, surname, type and number of identification, marital status, sex, place of birth, nationality, signature).

b. Biometric data of the person (fingerprint, DNA, photographs, voice, videos, etc.).

c. Morphological description data of the person (skin color, iris color, hair color and type, height, weight, etc.).

d. Location data related to the person’s business, professional or personal activity (home address, address, telephone number, e-mail address, etc.).

e. Data of socioeconomic content of the person (financial, credit, tax information, assets, educational level, affiliation and contributions to the Social Security System, etc.).

  • “Sensitive Data” refers to those data that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party, that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life and biometric data.
  • “Data Processor or Data Processor” refers to the natural or legal person, public or private, who by himself or in association with others, carries out the processing of Personal Data on behalf of the Data Controller.
  • “Habeas Data” refers to the fundamental right of every person to know, update, rectify and/or delete the information and Personal Data collected and/or processed in public or private databases.
  • “Security Incident” refers to the situation(s) involving a violation of the security measures adopted by the Company to protect Personal Data subject to Processing, either as Responsible or Responsible, as well as any other conduct involving improper or fraudulent Processing of Personal Data, contrary to the provisions of this Policy and the applicable law on the protection of Personal Data.
  • “Supplier” refers to any natural or legal person that provides any good and/or service to Corpohass by virtue of a contractual/obligational relationship.
  • “Data Controller or Controller” refers to the natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the processing of Personal Data. For the purposes of this Policy, Corpohass shall act as Controller.
  • “Superintendence of Industry and Commerce” refers to the public entity that, through the Delegation for the Protection of Personal Data, is the authority in charge of monitoring and guaranteeing respect for the principles, rights, guarantees and procedures set forth in Law 1581 of 2012, and the other provisions that regulate, modify or replace it.
  • “Data Subject” refers to the natural person whose Personal Data is subject to Processing, whether an affiliate, supplier, employee, or any third party who, due to a commercial or legal relationship, provides Personal Data to the Company.
  • “Transfer” refers to the sending by Corpohass as Controller, to a third party agent or natural/legal person (recipient) also as Controller, within or outside the national territory for the Processing of Personal Data.
  • “Transmission” refers to the communication of Personal Data by the Controller to the Processor, located within or outside the national territory, so that the Processor, on behalf of the Controller, proceeds with the Processing of Personal Data.
  • “Processing” refers to any operation or set of operations on Personal Data, including, but not limited to the collection, storage, use, circulation or deletion of the information.

For the understanding of the terms that are not included in the above list, the legislation in force shall be applied, especially Law 1581 of 2012 and Decree 1377 of 2013 and other complementary provisions, giving the meaning used in such regulations to the terms whose definition is in doubt.

Principles

In accordance with the regulations in force, Corpohass shall observe the following principles whenever it proceeds with the Processing of Personal Data and databases constituted, in order to properly comply with the rules that regulate the matter:

5.1.Principle of legality: The Processing of Personal Data is a regulated activity that must be subject to the provisions of the rules that regulate the matter.

5.2.Principle of purpose: The Processing of Personal Data must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Data Subject in a precise and correct manner and prior to obtaining the consent of the Data Subject for the Processing of his/her Personal Data.

5.3.Principle of freedom: The Processing of Personal Data may only be exercised with the prior, express, free and informed consent of the Data Subject. Personal Data may not be obtained or disclosed without prior authorization from the Data Subject, or in the absence of a legal or judicial mandate that relieves the Company of the duty to obtain such consent.

5.4. Principle of truthfulness or quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. The Company must refrain from proceeding with the Processing of partial, incomplete, fractioned or misleading data.

5.5. Principle of transparency: In the Processing of Personal Data, the right of the Data Subject to obtain from the Controller or Processor, at any time and without restrictions, information about the existence of Data concerning him/her, must be guaranteed.

5.6. Principle of restricted access and circulation: The Processing of Personal Data may only be carried out by persons authorized by the Data Subject and/or by the persons provided for in the applicable law, for which the Company must take the necessary actions to obtain the corresponding authorization from the Data Subject as soon as necessary.

5.7. Security Principle: The information subject to Processing by the Company as Responsible or Entrusted, shall be handled with the technical, human and administrative measures that are necessary to provide security to the data, avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.

5.8. Confidentiality Principle: All Personnel and third parties involved in the Processing of Personal Data, in the name and on behalf of the Company, are obliged to guarantee the confidentiality of the information of which they have knowledge.

Authorization for the processing of personal data

The personal data that are included in the Corpohass Databases come from the information collected by virtue of the links inherent to the development of its corporate purpose, commercial, contractual, labor, or of any other nature with its users, affiliates, partners, suppliers, contractors, employees and / or general public.

In compliance with the constitutional right to Habeas Data established in article 15 of the Political Constitution of Colombia, Corpohass only collects personal data when it has been authorized by its owner, therefore, at the time of collecting personal data, Corpohass will request the authorization for the treatment of the same, previously, expressly and informing them: (i) the processing to be carried out by Corpohass and the specific purposes of the processing; (ii) the freedom of the Holder to answer the questions addressed to minors or about sensitive data; (iii) the rights that the holders have before Corpohass and other persons in charge and responsible for the processing, and the means to exercise them; (iv) the identification of Corpohass as responsible for the processing; and (v) the location of the present Policy.

The personal data collected by Corpohass, are stored through physical and digital media, own or contracted with specialized suppliers, seeking to safeguard the confidentiality and security of the personal information of the holders.

Purposes of the processing of personal data

The personal data of the holders are collected and processed by Corpohass in the development of its corporate purpose for the following purposes:

Corporate and legal purposes

a. To carry out the pertinent steps for the development of the corporate purpose of Corpohass.

b. To carry out the pertinent formalities for the development of the contracts entered into with the holders of the personal data, acting on their own behalf or on behalf of a legal entity.
Purposes.

c. To contact the owner of the data by different means in order to develop the object of the contractual links.
corporate and legal.

d. Due execution of commercial agreements entered into with third party allies.

e. Manage the queries and claims presented by the holders of personal data, regarding the treatment given to them by Corpohass.

Employment purposes

a. To advance selection, admission and entry processes of personnel to Corpohass.

b. To comply with the obligations contracted by Corpohass with the owner of the data, in relation to the payment of salaries, social benefits and other retributions established in the labor contract, or as provided by law.

c. To carry out activities required by the administrative area of Corpohass, including, but not limited to, the full identification of the worker, trainee or service provider, filing and management of their contact information and their academic and professional information. d. To offer corporate welfare programs for employees and their families.

e. Implement the biosafety protocols ordered by the National Government for the performance of work and production activities in adequate health conditions.

f. To know and follow up on the health condition of employees, apprentices, contractors and other personnel linked to Corpohass.

Commercial and advertising purposes

a. To develop events, institutional programs directly or in association with third parties.

b. Maintain constant communication with the holder of the personal data on the activities, programs and events developed or soon to be developed by Corpohass.

c. Carry out advertising and marketing campaigns, and offer products and services.

d. Communicate offers, discounts or promotions of own or third party products or services.

e. To grant warranty on products and services purchased, according to applicable law.

f. Manage procedures, requests, complaints or claims related to the products or services offered by Corpohass.

g. Contact the owner of the data by different means to conduct satisfaction surveys regarding the products and services offered by Corpohass.

h. Conduct market research, business intelligence actions, market trend research and data analytics to establish sales or consumption preferences, using personal data to generate consolidated information on habits, trends, consumption and behavior of the owners, which will not be associated with personal data on an individual basis.

i. Develop and implement loyalty programs and/or improvement of products and services for affiliates.

j. Carry out geolocation activities.

k. Respond to requests related to sales, purchase order status and customer service.

l. Share information with government and private entities for the execution of agreements and contractual obligations.

m. Share and consult credit and financial behavior data with information and risk centers, to prevent, control fraud and select risks.

n. Develop activities related to the management of the collection of the so-called “Export Quota”.

o. Share information with providers or suppliers authorized by Corpohass, for the coordination of the execution of agreements, with the limitations and rules of this Policy.

p. To deliver or receive information with entities such as the Colombian Agricultural Institute ICA, Ministry of Agriculture and Rural Development, or others, with the purpose of advancing activities and projects of the sector.

q. To be contacted for the delivery of academic information, regulatory news, for the provision of regulatory management services, and for the invitation to events and academic programs of its own or its strategic allies.

Processing of personal data

The following is a list of the guidelines that Corpohass complies with in the Processing of the Personal Data collected:

8.1. Time limit for the processing of personal data

Corpohass shall process the personal data for the term that is reasonable and necessary, which shall not be less than the term of duration of Corpohass or of the contractual, legal or commercial relationship it has with the owner of the personal data. Once the purpose or need for the processing of personal data ceases, they will be removed from the databases of Corpohass or will be archived under appropriate security measures, in order to be disclosed only when required by law.

8.2.Type of personal data processed by Corpohass

In the development of the purposes described above, Corpohass collects and processes personal identification data of the owners, contact data, location data, date of birth, data related to their gender, marital status, data related to their health status, image, address data, economic activity, educational level, cookies, among others.

In the event that Corpohass collects and treats personal data of children and adolescents, the best interest of these and their fundamental rights shall be respected. Corpohass shall request the respective authorization for the processing of personal data to the representative of the child or adolescent, guaranteeing in any case the right of the minor to be heard.

In the treatment of sensitive data. Corpohass shall comply with the principles established in Law 1581 of 2012 and the fundamental rights associated with this type of information. No activity of Corpohass shall be conditioned to the delivery of sensitive data by the holder, unless so required by the law in force.

8.3. Corpohass acting as the person in charge of the processing of Personal Data

Corpohass may receive as data processor, the personal data of the owners provided by third parties with whom it has a contractual relationship, subject in these events to compliance with the duties established in Article 18 of Law 1581 of 2012.

8.4. Transmission and transfer of personal data to third parties.

Corpohass may transmit or transfer the personal data collected to third parties located in Colombia or abroad, including the parents, affiliates and subsidiaries of Corpohass, for the exercise of any of the purposes described above. In any case, Corpohass shall adopt the legal and technological measures to ensure the security and confidentiality of personal data, and shall require the data processors to comply with the duties established in Article 18 of Law 1581 of 2012.

8.5. Use of cookies

A cookie is a small data file placed on computers or other devices that allows a platform or website to recognize the owners as users of the platform or website when they revisit the platform or website using the same computer or browser. Cookies are a very common technology for remembering certain information about the user of a website. Corpohass may use cookies to improve its platform or website and the browsing experience; and to adapt the advertising and content that the holder visualizes. The holder may change their preferences on the use of cookies, but some restrictions on cookies imply not taking full advantage of the benefits available on the platforms or websites.

Derechos del titular de datos personales

Pursuant to Article 8 of Law 1581 of 2012, the holder of personal data shall have the following rights:

(a) Access free of charge to their personal data that are subject to processing;

b) Request proof of the authorization granted to Corpohass, except when expressly exempted as a requirement for the processing, in accordance with the provisions of Article 10 of Law 1581 of 2012;

c) To know, upon request addressed to Corpohass or to the person in charge of the processing, about the use that has been made of their personal data;

d) Update and rectify their personal data before Corpohass or those in charge of the processing, when the data is partial, inaccurate, incomplete, fractioned, misleading:

(e) To revoke the authorization and/or request the deletion of personal data, provided that there is no legal or contractual duty that prevents their deletion;

f) File complaints before the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it;

g) Refrain from answering questions about sensitive data, or data of children and adolescents.

 

Procedures for submitting inquiries and complaints and the area in charge of handling them

The procedures established by Corpohass to guarantee the rights of the owners may be exercised: (i) directly by the owner of the personal data or by his/her representative in the case of minors, (ii) by the assignees of the owner, providing for such purpose the documentation that proves such capacity, or (iii) by the representative or attorney-in-fact of the owner, providing the documentation that proves such capacity, or (iv) by the representative or attorney-in-fact of the owner, providing the documentation that proves such capacity.
as such.

Such procedures may be initiated through the following means:

E-mail: [email protected]

Address: Carrera 43 A No. 1 Sur 188 Torre empresarial Davivienda Office 505
Cell phone: (+57) 300 278 92 46
Fixed telephone: (+57) (604) 362 93 21
To the attention of: Corpohass Colombia

The owners must include in the consultation or claim submitted to Corpohass: (i) name and surname of the owner, (ii) photocopy of the identity document of the owner, or the representative along with documents proving such representation, (iii) the facts that give rise to the consultation or claim, (iv) the specific request, (ii) the address for receipt of notifications, full name and contact information, and (iv) the documents they want to assert, including a copy of the identity document of the owner and documents for accreditation.

The administrative area of Corpohass shall be in charge of receiving inquiries or claims from the holders of personal data. This area will carry out the necessary internal procedure to guarantee a clear, efficient, understandable and timely response to the holder of the personal data.

10.1. Procedure for handling queries
The holder may submit queries to Corpohass for the purposes of: (i) knowing the use given to his/her personal data, (ii) requesting proof of the authorization granted to Corpohass, or for (iii) accessing the personal data in Corpohass’ systems. Queries must be submitted indicating in the subject of the message “Exercise of the right of access or consultation”.

The queries submitted will be resolved by the Corpohass privacy officer within ten (10) working days from the receipt of the query. If the consultation is incomplete, Corpohass shall require the holder to provide the missing information or documentation within five (5) business days following Corpohass’ communication. If two (2) months pass from the date of the request made by Corpohass without the holder’s response, it shall be understood that the holder has withdrawn its consultation. The response time for consultations may be increased by five (5) working days, when the same cannot be answered within the initial term, a fact that Corpohass shall inform the holder.

10.2 Procedure for handling complaints

The holder may submit claims to Corpohass for the purpose of (i) reporting an improper processing of his/her personal data, (ii) correcting, updating or requesting the deletion of his/her personal data, (iii) correcting, updating or requesting the deletion of his/her personal data or (iiii) revoking the authorization for the processing of his/her personal data.

The privacy officer of Corpohass will respond to the claims within fifteen (15) business days following the receipt of the claim. If the claim is incomplete, Corpohass will require the holder to provide the missing information or documentation within five (5) business days following the communication from Corpohass. If two (2) months pass from the date of the request made by Corpohass without having been attended by the holder, it shall be understood that the holder has withdrawn his claim.

The response time of the claims may be increased by eight (8) working days, when the same could not be addressed in the initial term, a fact that Corpohass will inform the holder. In the event that Corpohass is not competent to resolve the claim, it shall transfer it to the competent authority within the following two (2) working days, and shall inform the holder of this fact.

It is necessary to warn that the request for deletion of information and the revocation of the authorization shall not proceed when the holder has a legal or contractual duty with Corpohass.

Information about the data controller

Corpohass is identified with the following data:

Corporate Name: Corporación de Productores y Exportadores de Aguacate Hass de Colombia (Corporation of Hass Avocado Producers and Exporters of Colombia)
TAX IDENTIFICATION NUMBER: 900.660.865-1
Legal Representative: Katerin Mayerly Mejía Verjel
Address: Medellín, Colombia
Address: Carrera 43 A No. 1 Sur 188 Torre empresarial Davivienda Oficina 505
Cellular: (+57) 300 278 92 46
Landline: (+57) (604) 362 93 21
E-mail: [email protected]

Validity and modification of the personal data processing policy

This Policy is effective as of its publication, whose date is indicated at the end of this document.

This Policy may be modified by Corpohass at any time, in order to adapt it to new legislation or jurisprudence, as well as to best practices that are developed on the protection of personal data, in which case the holders will be informed in a timely manner through the contact details authorized by them, and through the website https://www.corpohass.com/, where the modified version of the Policy and the date of its entry into force will be made available to the holders.

Date: March 26, 2024

Still have doubts?