Privacy

CECROPIA COLOMBIA S.A.S.

General

This document establishes the Personal Data Processing Policies of CECROPIA COLOMBIA S.A.S., a private entity dedicated to providing customized software solutions for small and medium-sized companies at national and international level. In compliance with Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014 (incorporated in the Single Decree 1074 of 2015) and Article 15 of the Political Constitution of Colombia, we describe the mechanisms through which the company ensures the proper handling of personal data collected, allowing holders to exercise their right to habeas data.

This document applies to cecropia.co, its applications, CAREERS, CECROPIA Academy and other related sites.

Responsible for the Processing of Personal Data

  • Company name: CECROPIA COLOMBIA SAS
  • NIT: 901087392-4
  • City: Bucaramanga, Santander
  • Main address: Calle 104 # 24 A 05 Local 1 Bucaramanga, Santander
  • Mailing address: CALLE 104 # 24 A 05 Local 1 Bucaramanga, Santander
  • Telephone: +57 316 374 7138
  • E-mail: ogaravito@cecropia.co
  • Website: https://www.cecropia.co

Definitions

  • Privacy Notice:This is the physical document, electronic or in any other format, generated by Cecropia and placed at the disposal of the Data Subject to inform him/her about the processing of his/her personal data, this document communicates to the Data Subject the information related to the existence of the Personal Data Processing Policies that will be applicable, how to access them and the characteristics of the Processing that is intended to be given to the Personal Data.
  • Authorization:Refers to the permission or the expression of prior, express and informed consent of the user or visitor so that CECROPIA, through its representatives, may carry out the processing of the Personal Data of the owner.
  • User: The individual using this site, who must match the Data Subject or have been authorized by the Data Subject and whose Personal Data is processed.
  • Data Subject: The natural person whose personal data is the object of processing.
  • Processing:operation or set of operations on Personal Data carried out by the persons in charge of the processing on behalf of CECROPIA, these may be: collection, storage, use, circulation or deletion.
  • Data Processor: The natural person, legal entity, public administration or any other institution, association or organization authorized by the Data Controller to process Personal Data in accordance with this privacy policy.
  • Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data.
  • Cookie: Small data unit stored in the user's device. For the convenience of users on our website can choose to save your name, email and web address in cookies, this to avoid filling out the same information each time you enter. We also install cookies for the login of the users, with them we save login information and screen display.
  • Database:Consists of an organized set of Personal Data that are subject to Processing, and includes physical and electronic files.
  • Personal Data:according to law 1581 of 2012, it is any information linked or that can be associated to one or several determined or determinable natural persons.
  • Public Data:Personal Data qualified as public by law or the Political Constitution. Public data includes, among others, data related to the marital status of individuals, their profession or trade, their status as merchants or public servants.
  • Sensitive Data:Personal Data whose use affects the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
  • Contact form: By filling out the contact form with your data, the user authorizes this site to use such data to respond to requests for information, quotes or any other type of request indicated at the top of the form.
  • Principle of veracity or quality of the records or data. The information contained in the data banks must be truthful, complete, accurate, updated, verifiable and understandable. The recording and disclosure of partial, incomplete, fractioned or misleading data is prohibited;
  • Principle of purpose. The administration of personal data must obey a legitimate purpose in accordance with the Constitution and the law. The purpose must be informed to the owner of the information prior to or concomitantly with the granting of the authorization, when it is necessary or in general whenever the owner requests information in this regard;
  • Principle of restricted circulation. The administration of personal data is subject to the limits derived from the nature of the data, the provisions of Law 1581 of 2012 and the principles of the administration of personal data, especially the principles of temporality of the information and the purpose of the database. Personal data, except for public information, may not be accessible through the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to the owners or authorized users in accordance with this law;
  • Principle of temporality of the information. The holder's information may not be provided to users or third parties when it ceases to serve the purpose of the database.
  • Principle of integral interpretation of constitutional rights. The law to which we are subject shall be interpreted in such a way as to adequately protect constitutional rights, such as habeas data, the right to a good name, the right to honor, the right to privacy and the right to information. The rights of the owners shall be interpreted in harmony and in balance with the right to information provided for in Article 20 of the Constitution and with the other applicable constitutional rights;
  • Principle of security. The information that makes up the individual records constituting the data banks referred to in the law, as well as the information resulting from the queries made by its users, shall be handled with the technical measures necessary to guarantee the security of the records, avoiding their adulteration, loss, consultation or unauthorized use;
  • Principle of confidentiality. All natural or legal persons, as in our case, who intervene in the administration of personal data that are not of a public nature, are obliged at all times to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that comprise the administration of data, and may only supply or communicate data when it corresponds to the development of the activities authorized by law and under the terms of the same.
  • Mailing List or Newsletter: By registering on the mailing list or newsletter, the User's e-mail address will automatically be included in a list of contacts to whom e-mail messages containing commercial or promotional information relating to this site may be sent. Your e-mail address may also be included in this list following registration on this site or after making a purchase.Personal Data collected: last name(s), e-mail address and first name.
  • Statistics: The services contained in this session allow the Owner to monitor and analyze web traffic and may be used to track User behavior.
  • Embedded content from other websites: Articles on the Cecropia website may include embedded content from other websites such as images, articles, videos, etc., embedded content from other websites behaves in the same way as if the visitor had entered the other website.

Roles

  • Personal database administrator: Official or person in charge who is in charge of and processes one or more databases containing personal information.
  • Manager: He /she will control the registration of databases with personal information in Cecropia and will support the entry of the information in the National Database Registry.
  • Guarantor: The administrative area will coordinate and process the attention and response to requests, complaints and claims related to the personal data protection law that the owners make to the company.

Content of the Databases

The company's databases store general information such as name, surname(s), city, address, e-mail address, identity document, tax identification number for VAT purposes, telephone number, country, department, municipality, company name and area of activity. In addition to these, and depending on the nature of the database, the company may have specific data required for the treatment to which the data will be submitted. The databases of employees and contractors include, in addition to information on labor and academic history, sensitive data required by the nature of the employment relationship (photograph, family group composition, biometric data).

Sensitive information may be stored in the databases with prior authorization of its owner, in compliance with the provisions of articles 5 and 7 of Law 1581 of 2012.

Treatment

The information contained in the company's databases is subject to different forms of treatment, such as collection, exchange, updating, processing, reproduction, compilation, storage, use, systematization and organization, all of them partially or totally in compliance with the purposes set forth herein. The information may be delivered, transmitted or transferred to public entities, commercial partners, contractors, only in order to comply with the purposes of the corresponding database. In any case, the delivery, transmission or transfer will be made after signing the necessary commitments to safeguard the confidentiality of the information. Personal information, including sensitive information, may be transferred, transmitted or delivered to other countries, regardless of the security level of the rules that regulate the handling of personal information. In compliance with legal duties, the company may provide personal information to judicial or administrative entities.

The company will ensure the correct use of personal data of minors, guaranteeing that it complies with the applicable legal requirements and that all processing is previously authorized and justified in the best interests of minors.

Purpose

The information collected by the company is intended to allow the proper development of its object. The data relating to the user are collected to allow the holder to provide its services, as well as for statistical purposes, contact, interaction with social networks and external platforms.


In addition, the company keeps the information necessary to comply with legal obligations, mainly in accounting, corporate, and labor matters. Information about customers, suppliers, partners and employees, current or former, is kept in order to facilitate, promote, enable or maintain labor, civil and commercial relationships.

Customers

Seeks to provide its Users and Subscribers with information and value-added benefits, which it considers useful for the commercial relationship with respect to any of the services or products offered.

Manage procedures (requests, complaints, claims), perform risk analysis, conduct satisfaction surveys regarding the company's goods and services, as well as its commercial allies.

  • Provide contact information and relevant documents to the sales force, telemarketing, market research and any third party with which the company has a contractual relationship of any kind.
  • To disclose, transfer and/or transmit my personal data inside and outside the country, to third parties as a result of a contract, law or lawful link that requires it, or to implement services by different means.
  • For the shipping and receiving of goods or advertising material according to the requirements of the demanded functions and sustainability of the company's business.
  • Perform through any means, directly or through third parties, programming and technical service, sales, purchase, invoicing, portfolio management, product performance monitoring, collection, business intelligence, marketing activities, promotion or advertising, service improvement, collection monitoring, verification, consultation and control, enabling means of payment and any other related to our current and future products and services, for the fulfillment of contractual obligations and the corporate purpose of the company.
  • Control and prevent fraud in any of its modalities.

Suppliers

  • Permanent contact for quotation requests and management of the commercial relations that arise, with the purpose of acquiring its products or services as inputs for the operation according to Cecropia's corporate name.
  • For legal compliance in tax, customs and commercial matters with administrative and judicial entities. Initiate business agreements to acquire goods or services Control and payments for goods and services received. Monitoring, control and accounting record of obligations contracted with suppliers. Consultations, audits and reviews derived from agreements with suppliers and/or contractors. Control and prevent fraud in any of its modalities.
  • It should be noted that some of these tasks are performed in compliance with a legal and contractual duty and therefore the processing of personal data is understood to be included in them.

Contractors and/or employees and former employees

  • This purpose specifically includes the payment of salaries and obligations as employer of affiliations and contributions to social security and compensation funds, both for employees and their family members, and control of labor news such as leaves of absence, disability, access control and employee working hours.
  • Data is also captured and stored for legal purposes in contractual relations and therefore the processing of personal data is understood to be included in the same.

Visitors

Cecropia receives infrequent and minimal visitors to its facilities, considering that all of its services and products are provided via the Internet. The information provided by visitors for access control purposes is recorded by the security company at the entrance to the area, which manages the entry form, seeking to control possible security incidents and identify people entering the area and Cecropia's facilities.

Information about current or former customers, suppliers, partners and employees is also kept for the purpose of facilitating, promoting, enabling or maintaining labor, civil and commercial relationships.

Interaction with Social Networks and External Platforms

This type of service allows you to interact with social networks or other external platforms directly from the pages of this site. The interactions and information obtained by this site will always be subject to the privacy settings of the User in each social network. In the event that a service is installed that allows interaction with social networks, it is possible that even if Users do not use the service, it may collect web traffic data relating to the pages on which they are installed.

  • Google Analytics: is a web analytics service provided by Google Inc ("Google"). Google uses the Data collected to track and examine the use of this Application, to prepare reports of your activities and share them with other Google services.Google may use the Data collected to contextualize and personalize the advertisements of its own advertising network. Personal Data collected: Cookie and Usage Data. Place of processing: USA - Privacy Policy - Opt Out https://www.google.com/intl/es/policies/privacy/
  • Facebook "Like" button and social widgets (Facebook, Inc.):
    The "Like" button and Facebook social widgets are services for interacting with the Facebook social network, provided by Facebook, Inc. Personal Data collected: Cookie and Usage Data. Place of processing: USA - Privacy policy https://www.facebook.com/about/privacy/
  • Tweet button and Twitter social widgets (Twitter, Inc.): The Tweet button and Twitter social widgets are services for interaction with the social network Twitter, provided by Twitter, Inc. Personal Data collected: Cookie and Usage Data. Place of processing: USA - Privacy Policy https://twitter.com/privacy
  • Google Fonts (Google Inc.): Google Fonts is a typeface family visualization service provided by Google Inc. that allows this Application to incorporate such content in its pages. Personal Data collected: Usage Data and different kinds of Data, as specified in the Privacy Policy of the service. Place of processing: USA - Privacy Policy. https://www.google.com/intl/es/policies/privacy/
  • Google Maps Widget (Google Inc.): Google Maps is a map display service provided by Google Inc. that allows this site to incorporate such content on the pages themselves. Personal Data collected: Cookie and Usage Data. Place of processing: USA - Privacy Policy. https://www.google.com/intl/es/policies/privacy/
  • YouTube Video Widget (Google Inc.): YouTube is a video viewing service provided by Google Inc. that allows this site to incorporate such content in its own pages. Personal Data collected: Cookie and Usage Data. Place of processing: USA - Privacy Policy https://www.google.com/intl/es/policies/privacy/
  • LinkedIn button and LinkedIn social widgets (LinkedIn Corp.)he LinkedIn button and LinkedIn social widgets are services for interaction with the LinkedIn social network, provided by LinkedIn Corp. Personal Data collected: Cookie and Usage Data. Place of processing: USA - Privacy policy https://www.linkedin.com/legal/privacy-policy

Location-based interactions

Geolocation

This Application may collect, use and share the User's geographic location data for the purpose of providing location-based services to the User.
Most browsers and devices provide by default means to disable geo-tracking. If the User has given his/her express authorization to such possibility, this Application may receive information about his/her actual geographic location.
Personal Data collected: geographic position.

Data Retention

When the user leaves a comment, it and its metadata are retained indefinitely, in order to recognize and approve successive comments automatically instead of keeping them in a moderation queue. For users who register on the Web, the information they provide in their user profile is stored. All users can view, edit or delete their information at any time, however they cannot modify their user name. Web administrators can view and edit the information.

Rights of Owners

The holders of personal data, as established by Law 1581 of 2012, have the following personal and non-transferable rights:

  • To know, update and rectify their personal data with respect to the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized. 
  • Request proof of the authorization granted to the Data Controller, except when expressly exempted as a requirement for the Processing, in accordance with the provisions of Article 10 of the aforementioned law. 
  • To be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been made of their personal data. 
  • To file before the Superintendence of Industry and Commerce complaints for violations to the provisions of the aforementioned law and other regulations that modify, add or complement it. 
  • To revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the processing. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the Processing the Controller or Processor has incurred in conduct contrary to the law and the Constitution. 
  • Access free of charge to their personal data that have been subject to Processing. Additionally, the Regulatory Decree 1377 of 2013 defines that the Controllers must keep proof of the authorization granted by the Data Controllers for the Processing of personal data.
  • Regarding the processing of personal data of minors, this may only be carried out with the authorization of their parents or legal representatives.
  • If a visitor leaves a record of data or comments, they may request deletion of any personal data that Cecropia has captured, this does not include any data that we are required to retain for administrative, legal or security purposes.

Obligations of the Company

The company shall:

  • Guarantee, at all times to the owner of the information, the full and effective exercise of the right of habeas data and petition, that is, the possibility of knowing the information that exists or is in the database, and request the updating or correction of data, all of which will be done through the mechanisms of consultations or claims, as provided in this law. 
  • Guarantee that in the collection, processing and circulation of data, the other rights enshrined in the law will be respected. 
  • Allow access to information only to those persons who, in accordance with the provisions of this law, may have access to it. 
  • Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the attention of inquiries and complaints by the owners. 
  • Request certification from the source of the existence of the authorization granted by the holder, when such authorization is necessary, in accordance with the provisions of this law. 
  • Keep the stored records with the appropriate security measures to prevent their deterioration, loss, alteration, unauthorized or fraudulent use. 
  • Periodically and timely update and rectify the data, each time the sources report new information, under the terms of this law. 
  • To process the petitions, queries and claims formulated by the owners of the information, under the terms set forth in this law. 
  • Indicate in the respective individual registry that certain information is under discussion by its owner, when the request for rectification or updating of the same has been submitted and the process has not been completed, as regulated in this law. 
  • Circulate information to users within the parameters of this law. 
  • Comply with the instructions and requirements issued by the supervisory authority in relation to the fulfillment of the 
  • Any others derived from the Constitution or from the present law.

Site Usage Policy

By accessing and using this Cecropia site, the user does so at his/her own risk and therefore fully and unreservedly accepts the content of the terms and conditions of use of the Cecropia website, in all respects, the right to update and modify at any time and in any way, unilaterally and without prior notice, these terms of use and the contents of the site.

The contents, presentation, design and service provision of the page is free of charge for users and is governed by the terms and conditions included below, which are understood as known and accepted by the users of the site:

  • Do not use our products and services for any illegal or unauthorized purpose.
  • No worms, viruses or any code of a destructive nature should be transmitted.
  • Not to remove, circumvent, or manipulate the copyright and other data identifying the rights of Cecropia.
  • The user or visitor of the Web page will be responsible for any improper, illicit or abnormal use of the contents, information or services of the Web page.
  • It is prohibited to present false or misleading information.
  • Generating spam, phish, pharm, pretext, spider, crawl, or scrape is prohibited.
  • Collecting or tracking personal information from others is prohibited.
  • Use of the Cecropia website or its content to harass, abuse, insult, harm, defame, libel, slander, disparage, intimidate or discriminate on the basis of gender, sexual orientation, religion, ethnicity, race, age, national origin or disability is prohibited.
  • The visitor or user of the site, directly or through an intermediary, shall not in any way attack Cecropia's website, its technological platform, its information systems or interfere with its normal operation.
  • The visitor or user of the site shall not alter, block or perform any other act that prevents the display of or access to any content, information or services on the Company's Web site or incorporated in the Web pages linked to Cecropìa.
  • The visitor or user of the Cecropia website shall not send or transmit on or to this website, to other users or to any person, any information of obscene, defamatory, libelous, slanderous, defamatory or discriminatory scope against the officials or against those responsible for the administration of the website.
  • The visitor or user of the Cecropia website shall not engage in illicit conduct such as damage or computer attacks, interception of communications, copyright infringement, unauthorized use of terminals, identity theft, disclosure of secrets or falsification of documents.
  • The visitor or user of Cecropia's website will not violate any international, federal, provincial, state or local laws, regulations, rules or regulations. 
  • The visitor or user of the Cecropia website will not infringe or violate the intellectual property rights of Cecropia or any third party.

Failure to comply with or breach any of these Terms will result in immediate termination of your Services. In addition, Cecropia reserves the right to suspend your use of the Service or any related website for violating any of the prohibited use items.

Privacy Policy

Cecropia, welcoming and complying with the provisions of Law 1581 of 2012 and Regulatory Decree 1377 of 2013 and the provisions of Article 15 of our Constitution, adopts and applies this Policy for the processing of personal data. Cecropia states that it is committed to safeguarding the privacy of the User's personal information obtained through the Company's website, for which it adopts a confidentiality policy in accordance with the policy for the treatment of personal data contained in the same website.
On the occasion of a procedure or service developed by electronic means, Cecropia may request information from Website Users and will treat it with all the legal and security guarantees imposed by the Political Constitution, the rules applicable to the protection of personal data and other concordant rules. The request for information is always made so that the User provides it voluntarily, under its prior, express and informed consent.
Cecropia undertakes not to transfer, sell or share the data received on the Website with third parties without your express approval. Cecropia will cancel or rectify the data when they are inaccurate, incomplete or no longer necessary or relevant for their purpose.

Responsibility for the Contents of the Web

Cecropia is not responsible if the information available on this site is not accurate, complete or current. The material on this site is provided for general information only and should not be relied upon or used as the sole basis for making decisions without first consulting more accurate, complete or timely information. Any reliance on the material on this site is at your own risk. Cecropia does not control or guarantee the absence of viruses or other elements in the contents that may cause alterations in your computer system (software and hardware) or in the electronic documents and files stored in your computer system.

Links to Third Parties

On the Cecropia website there may be content, products and services available material from third parties, these links may direct you to third party websites that are not affiliated with us. Cecropia is not responsible for examining or evaluating the content or accuracy and we do not warrant and will not have any liability or responsibility for any third party material or websites, or for any third party material, products or services.

Cecropia is not responsible for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with third party websites. Please carefully review the policies and practices of third parties and make sure you understand them before engaging in any transaction. Complaints, claims, concerns or questions regarding third party products should be directed to the third party.

Security Measures

In development of the security principle established in Law 1581 of 2012, Cecropia. It will adopt the technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. The personnel who process personal data will execute the established protocols in order to guarantee the security of the information.

Person or area responsible for PQRs

Any request, complaint or claim related to the handling of personal data, in application of the provisions of Law 1581 of 2012 and Decree 1377 of 2013, should be sent to: CECROPIA COLOMBIA SAS.

Unit: General Management

Address:Calle 104 # 29-49 Piso Bucaramanga Santander

E-mail: ogaravito@cecropia.co

Inquiries, Complaints and Claims Procedures

The holders of personal data contained in the company's databases, or their successors in title, may consult the data that will provide the information under the terms provided in the applicable legislation. Any request for consultation, correction, updating or deletion must be submitted in writing or by e-mail, according to the information contained in this document.

Queries will be answered within ten (10) working days from the date of receipt of the respective request. When it is not possible to attend the consultation within such term, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

Complaints must be formulated in writing or by e-mail, according to the information contained in this document, and must contain, at least, the following information:

  • Identification of the Holder
  • Description of the facts giving rise to the claim
  • Holder's address (physical mail or e-mail)
  • Phone
  • Documentation to be submitted as evidence

If the claim is incomplete, the interested party will be required within five (5) days of receipt of the claim to correct the faults. After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

In the event that the person who receives the claim is not competent to resolve it, he/she will transfer it to the corresponding person within a maximum term of two (2) business days and will inform the interested party of the situation.

Once the completed claim has been received, a legend will be included in the database stating

"The claim in process and the reason for the claim, within a term not to exceed two (2) business days.

Such legend shall be maintained until the claim is decided.

The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party will be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

Changes to our personal data processing policy

Cecropia will modify this privacy policy from time to time. In the event that we make changes in the way we use your personal information, we will make the information about these changes available by posting the notice on this site.

If you would like to ask us a question or send us a comment regarding this privacy policy, please send us an email to info@cecropia.co.

Validity of the Policy and control of changes

This policy is effective as of July 1, 2020, until so determined by Cecropia in accordance with the applicable legal regulations.

First update on March 9, 2023

Scroll to Top