Data Processing Policy
Objective
To establish the criteria for the collection, storage, use, circulation, and deletion of personal data processed by TARGET INSIGHTS SAS.
Scope
This policy applies to all personal information recorded in the databases of TARGET INSIGHTS SAS, which acts as the Data Controller.
Obligations
This policy is mandatory and strictly enforced by TARGET INSIGHTS SAS.
Data Controller
TARGET INSIGHTS SAS, a legally constituted commercial entity identified with NIT 900.096.224-1, with its main office located at Calle 95 13 55 f 308 in the city of Bogotá, Republic of Colombia. Website: www.timr.com.co. Phone: (601) 7448587 in the city of Bogotá.
Definitions
-
Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data;
-
Database: An organized set of personal data that is subject to Processing;
-
Personal Data: Any information linked or that can be associated with one or more natural persons, determined or determinable;
-
Semi-private Data: Data that is not intimate, reserved, or public, and whose knowledge and disclosure may be of interest not only to its owner but also to a certain sector or group of people, or to society in general, such as financial and credit information.
-
Private Data: Data that, due to its intimate or reserved nature, is only relevant to the owner.
-
Sensitive Data: Data that affects the privacy of the Data Subject or whose misuse may lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social or human rights organizations, or that promotes the interests of any political party or guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
-
Processor: A natural or legal person, public or private, who, by themselves or in association with others, processes personal data on behalf of the Data Controller;
-
Controller: A natural or legal person, public or private, who, by themselves or in association with others, decides on the database and/or the Processing of data;
-
Data Subject: A natural person whose personal data is subject to Processing;
-
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.
-
Principle of Legality: The Processing of personal data is a regulated activity that must comply with the provisions of the law and other regulations that develop it;
-
Principle of Purpose: Processing must adhere to a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Data Subject; DATA PROCESSING POLICY Document G-P01-A4 Version: 02 Page 2 of 4.
-
Principle of Freedom: Processing can only be carried out with the prior, express, and informed consent of the Data Subject. Personal data cannot be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives the need for consent;
-
Principle of Veracity or Quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable, and understandable. The Processing of partial, incomplete, fragmented data, or data that leads to error is prohibited; Principle of Transparency: In the Processing, the right of the Data Subject to obtain information from the Data Controller or the Data Processor, at any time and without restrictions, regarding the existence of data concerning them must be guaranteed; Principle of Restricted Access and Circulation: Processing is subject to the limits derived from the nature of personal data, the provisions of the law, and the Constitution. In this sense, Processing can only be carried out by persons authorized by the Data Subject and/or by individuals provided for by law. Personal data, except for public information, cannot be made available on the Internet or other means of mass communication or dissemination unless access is technically controllable to provide restricted knowledge only to the Data Subjects or third parties authorized by law; Principle of Security: The information subject to Processing by the Data Controller or Data Processor must be handled with the necessary technical, human, and administrative measures to ensure the security of the records, preventing their alteration, loss, consultation, use, or unauthorized or fraudulent access; Principle of Confidentiality: All persons involved in the Processing of personal data that are not of a public nature are obligated to guarantee the confidentiality of the information, even after their relationship with any of the tasks involved in Processing has ended, and may only provide or communicate personal data when it corresponds to the development of activities authorized by law and under the terms of the same.
Processing and Purpose
To carry out the necessary procedures for the development of the company's corporate purpose, particularly in relation to fulfilling the objectives of the contract entered into with the Information Holder.
To conduct satisfaction or opinion surveys regarding the services offered by Target Insights SAS, market research, and any third party with whom TARGET INSIGHTS SAS has a contractual relationship for the development of such activities.
To contact the Information Holder through telephone, email, and/or WhatsApp, to conduct surveys, studies, and/or data verification, in order to understand their opinion and/or measure their satisfaction levels regarding the products and/or services provided by Third Party clients of Target Insights.
To provide the information to third parties with whom TARGET INSIGHTS SAS has a contractual relationship, and when it is necessary to do so to fulfill the contracted purpose.
Rights of Data Subjects
As the holder of your personal data, you have the right to: (i) Access the data provided that has been processed, free of charge. (ii) Know, update, and rectify your information in the case of partial, inaccurate, incomplete, fragmented data, or data that is misleading or whose processing is prohibited or unauthorized. (iii) Request proof of the authorization granted to the contracting entity that provided the data, to Target Insights if applicable. (iv) File complaints with the Superintendence of Industry and Commerce (SIC) for violations of current regulations. (v) Revoke the authorization and/or request the deletion of the data, provided there is no legal or contractual obligation preventing its removal. (vi) Opt not to answer questions about sensitive data. Responses concerning sensitive data or data about children and adolescents will be optional. (vii) Be informed by the Data Controller or Data Processor, upon request, about the use made of your personal data.
Handling of Requests, Inquiries, and Complaints (Articles 14 and 15 of Law 1581 of 2012)
Data subjects or their successors may consult, know, update, correct, and delete data, or revoke the authorization for the personal information held by Target Insights SAS through the email address contacto@timr.com.co.
The inquiry will be addressed within a maximum period of ten (10) business days from the date of receipt. If it is not possible to address the inquiry within this period, the interested party will be informed of the reasons for the delay and the date when the inquiry will be addressed, which may not exceed five (5) business days after the end of the initial period.
The company’s senior management is responsible for processing requests from data subjects to enforce their rights.
Complaints should be submitted through a request directed to the Data Controller or the Data Processor, including the following information:
-
Full name and surname of the requester (data subject or their successor),
-
Contact information (physical and/or email address and contact phone numbers),
-
Means to receive a response to the request,
-
Reason(s)/fact(s) leading to the complaint with a brief description of the right they wish to exercise (consult, update, correct, request proof of authorization granted, revoke it, delete, access the information),
-
Signature and identification number.
The maximum period to address the complaint will be fifteen (15) business days from the day following the date of receipt. If it is not possible to address the complaint within this period, the interested party will be informed of the reasons for the delay and the date when the complaint will be addressed, which may not exceed eight (8) business days after the end of the initial period.
Procedure for Exercising the Right of Habeas Data
In compliance with personal data protection regulations, TARGET INSIGHTS SAS presents the procedure and minimum requirements for exercising your rights. To file and address your request, please provide the following information:
-
Full name
-
Contact details (physical and/or electronic address and contact phone numbers)
-
Means to receive a response to your request
-
Reason(s)/fact(s) leading to the complaint with a brief description of the right you wish to exercise (to know, update, correct, request proof of authorization given, revoke it, delete, access the information)
-
Signature (if applicable) and identification number
The maximum term established by law to resolve your complaint is fifteen (15) business days, starting from the day following its receipt. If it is not possible to address the complaint within this term, TARGET INSIGHTS SAS will inform the concerned party. Under no circumstances can it exceed eight (8) business days following the expiration of the initial term. Once the terms set forth by Law 1581 of 2012 and other regulations that govern or complement it are met, if the exercise of the rights of access, updating, correction, deletion, and revocation is denied, either wholly or partially, the data subject may submit their case to the Superintendence of Industry and Commerce - Personal Data Protection Division.