Privacy Policy of the Secretariat for Environmental Enforcement Matters under the Trade Promotion Agreement between Colombia and the United States

The Secretariat for the Application of Environmental Legislation of the Trade Promotion Agreement between Colombia and the United States of America (“Secretariat”), with address at Carrera 7 # 32-33, 27th Floor of Bogotá (Colombia), established through the Agreement for the establishment of a Secretariat for the Enforcement of Environmental Legislation under the Trade Promotion Agreement between the United States and Colombia (“Secretariat Agreement”), it is committed to the privacy and protection of the data of the people who do part of its stakeholders; Among others, the members of the Environmental Affairs Council, Collaborators, suppliers and applicants and interested parties (“Interest Groups”), and, in general, with the data of all the people with respect to whom it collects and processes Personal Data. 

  1. OBJECTIVE

The purpose of this Privacy Policy ("Policy") is to describe the practices and standards of protection followed by the Secretariat during the Processing of Databases and Personal Data included therein. By providing us with Personal Information, the Data Subject declares that he/she has read and fully understood this Policy.

  1. SCOPE

This Policy must be followed during the Treatment of all Personal Data that the Secretariat collects, stores, uses, circulates or deletes, by all Collaborators, collaborators or managers who carry out the Processing of Personal Data on behalf of the Secretariat within the framework of the Secretariat Agreement.

  1. DEFINITIONS

For the implementation of this Policy, and in accordance with the provisions of the General Regulation for the Protection of Personal Data ("GRPD"), the following terms will be defined as appears below:

ServicesThese are the features that the Secretariat makes available to Users through the Website
ContentIt is the previous, express and informed consent that the Data Subject gives the Controller or the Processor, with the purpose of allowing his/her Personal Data Processing.
Use PolicyIt is the verbal or written communication that the Controller puts at the disposal of the Data Subjects, by means of which it informs them of the existence of the Privacy Policy that will be applicable to him/her, the way to access said Policy and the purposes to which their Personal Data will be subject to.
Database(s)It is the organized set of Personal Data that are subject to processing, which are in a physical or digital environment under the Secretariat’s responsibility.
Collaborators Any individual who is linked to the Secretariat and who carries out activities aimed at developing its purpose, regardless of the type of hiring or contract signed. 
Council It is the Council for Environmental Affairs established in Article 18.6 of the APC, made up of senior officials from the Ministry of Environment and Sustainable Development and the Ministry of Commerce, Industry and Tourism of Colombia and the Office of the United States Trade Representative and the Directorate of Oceans and International Environmental and Scientific Affairs of the United States Department of State.
ConsultationIt is the request made by a Data Subject, his/her successor or representative before the Controller or Processor, in relation to his/her Personal Data that are in any of the Databases.
Personal DataIt is any information that is linked or may be linked to one or more specific individual(s) or individual(s) that may be specified.
Public Data It is the Personal Data that does not have the quality of being semi-private, private or sensitive. Public Data are considered, among others, the Personal Data related to people’s marital status, to their profession or trade and to their merchant or public servant status.
Sensitive Data (s) Personal Data that affects the Data Subject’s privacy or whose improper use may generate discrimination. Sensitive Data is considered data such as racial or ethnic origin, political orientation, religious beliefs, health-realted data, sexual life and biometric data, among others.
Data Processor It is the individual or corporation, public or private, that by itself or in association with others, carries out Personal Data Processing on behalf of the Controller.
Confidential informationThe Secretariat will not release to the public or allow public access to any information that it may receive: (a) (i) if the sender has identified the information as confidential, in accordance with the procedures established by the Council to protect confidential information; (ii) if it is not publicly available; and, (iii) if its disclosure could reveal: (1) the identity of the applicant and subject them to serious retaliation; or, (2) business information or proprietary information; or, (b) of a Party, when the Party has determined that the disclosure of the information would impede the application of the law, compromise personal privacy, or disclose confidential, commercial or proprietary information or government decision-making.
Privacy Policy/PolicyThe present Privacy Policy of the Secretariat.
Complaint or claimIt is a request submitted by the Data Subject, his/her successor or representative, in cases where he/she considers that the information contained in a Database must be amended, updated or deleted; or, in cases where he/she notices the alleged breach of a duty under the General Regulations for Personal Data Protection.  
General Regulation for the Personal Data Protection/GRPDGeneral rules regulating the protection of personal data in Colombia, which includes Statutory Law 1581 of 2012, Regulatory Decree 1377 of 2013, Decree 886 of 2014, Single Regulatory Decree 1074 of 2015, Title V of Single Circular of the Superintendence of Industry and Commerce and others that complement or amend it.
Controller/Processing ControllerIt is the Secretariat, which decides on the Databases and/or the Personal Data Processing of its Groups of Interest.
Applicant or Submitter or SubmittersAny person (natural, company or non-governmental organization) in Colombia or the United States who submits a Request to the Secretariat, to consider and process in accordance with the provisions of the APC.
Submission o Submissions Written statement submitted by any person from Colombia or the United States in which it is indicated that either of these two Parties is not enforcing or effectively applying one or more of their environmental laws, in accordance with the provisions of Chapter 18 of the APC.
Sensitive Personal DataIt is the individual whose Personal Data is processed by the Secretariat.  
TransferIt is the delivery of Personal Data or Databases by a controller and/or processor located in Colombia, to a receiver, who in turn is the controller for said Processing and who is located inside or outside the country.
TransferIt is Personal Data Processing that implies the communication of the same inside or outside Colombia with the purpose of being processed by a Processor on behalf of the Controller.
TransmissionIt is any operation or set of operations performed on Personal Data, such as collection, storage, use, circulation or deletion.
  1. PRINCIPLES FOR PERSONAL DATA PROCESSING

The Secretariat shall apply the following principles during Database and Personal Data Processing included therein:

4.1 Principle of access and restricted circulation: access to Personal Data must be adequate, relevant and limited to authorized personnel. Databases and Personal Data, except for Public Data, may not be made available on the Internet or in other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Controller, the Data Subjects and/or authorized third parties.

4.2 Principle of confidentiality: the confidentiality and integrity of Personal Data will be guaranteed by means of technical, legal and administrative controls.

4.3 Principle of freedom: the Processing may only be exercised with the Data Subject’s previous, express and informed Authorization. The Personal Data may not be obtained or disclosed without prior Authorization, or in the absence of a legal or judicial mandate that relieves this Authorization.

4.4 Purpose principle: the Authorization for the collection and processing of Personal Data must obey the legitimate and authorized purposes in an express, previous and informed way, in accordance with the Constitution, the Law and the General Regulation of Personal Data Protection. 

4.5 Principle of legality: the Personal Data Processing must comply with the provisions applicable to the General Regulation for the Personal Data Protection.

4.6 Safety principle: all technical, human and administrative measures will be implemented to provide security to the Databases and Personal Data, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access.

4.7 Principle of truthfulness or quality of information: the Personal Data subject to processing must be true, complete, accurate, current and understandable. Partial, incomplete, fractionated or misleading data will not be processed.

4.8 Principle of transparency: the Data Subject’s right to obtain from the Controller or the Processor, at any time and without restrictions, information about the existence of the Personal Data of his/her Data Subjectship will be guaranteed.

4.9 Principle of minimization: it will be guaranteed that only the Personal Data that are adequate, pertinent and limited to those necessary for each one of the Processing specific purposes will be processed.  

  1. PERSONAL DATA PROCESSING  

The Secretariat will process Personal Data of the people who are part of its Groups of Interest, directly or through its Processors, and in that sense, it will have all the obligations and rights that are established under the General Regulation of Personal Data Protection.

5.1 Personal Data collected by the Secretariat

The Personal Data collected by the Secretariat depends on the context of its interactions with the Groups of Interest, on the requests made in the future by the Data Subjects regarding the Processing of their information, on the activities and functions delegated to the Secretariat, on its location and on the corresponding legislation. Among Personal Data that the Secretariat may collect are: 

  1. Name, identification and contact details
  2. Position or profession
  3. Demographic and/or geolocation and/or social data
  4. Credit or financial information
  5. Interest or preferences
  6. Voice data, images and/or videos
  7. Data associated with health status, physical condition, and other related conditions
  8. Electronic identification data or web credentials and browser information, including technical information about the means of connection or Internet service provider number.  

The personal Data indicated in points c) to d) are considered Sensitive Data and therefore, its Processing will be as indicated for this type of information in accordance with this Policy. 

5.2 Collection of Personal Data 

The Secretariat shall only process Personal Data that have been previously, expressly and informed by means of an Authorization granted in writing, verbally or by means of an unambiguous conduct on the Data Subject’s part. The copy of the mentioned Authorization will be kept by the Secretariat.  

At the time the Data Subject grants his/her Authorization, the Secretariat will inform him/her of the Purposes and Processing to which his/her Personal Data will be subject, his/her rights and the means by which he/she may exercise them. The Data Subject may revoke his/her authorization and request the immediate deletion of his/her Personal Data through the mechanisms established in this Policy, unless there is a contractual or legal duty to remain in the Database.

The Secretariat reserves the right to collect Personal Data, including Sensitive Data such as images and biometric data, for security reasons and with the sole purpose of complying with surveillance protocols. In this case, the Authorization shall be given by the Data Subject’s unambiguous conduct consisting of entering the facilities, in accordance with the provisions of the corresponding Privacy Notices. 

The Secretariat shall not be compelled to request the Authorization of the Data Subject of Personal Data in the case of: i) information required by a public or administrative entity in the exercise of its legal duties or by court order; ii) public data; iii) cases of medical or health emergency; and iv) information authorized by law for historical, statistical or scientific purposes.

In the events pointed out, and in compliance with its legal obligations, the Secretariat may collect Personal Data, including Sensitive Data, and transmit, transfer or deliver them to the corresponding public or administrative entities, or to the entities they delegate, in the exercise of their duties, without it being necessary to warn the Data Subject thereof. In these scenarios, the Secretariat shall refrain from using the Personal Data for its own purposes or purposes different than those allowed by its legal obligations.

5.3 Access to Personal Data

Access to the Databases under the Secretariat’s responsibility will only be available to the Collaborators of the Secretariat who require access and processing of this information for the development of their functions. The Secretariat shall not share or deliver the Databases or the Personal Data stored in them to third parties with whom it has no relationship whatsoever.  

However, in cases where it is required to achieve the authorized Purposes, the Personal Data may be legitimately transmitted to suppliers, who may be located outside or inside the country and even in jurisdictions with different standards and levels of data protection such as the United States, with whom the corresponding personal data transmission agreements shall be signed in order to protect the information, the Data Subjects’ rights and to take all relevant measures so the Database and Personal Data Processing is carried out in compliance with this Policy.

Among the information providers with whom Personal Data is usually shared are those that provide webhosting services, including cloud storage, mobile application hosting, data processing, digital infrastructure provision, and IT services.

For all purposes, the Secretariat may only deliver information contained in its Databases to the Data Subjects, their assignees or their legal representatives, public or administrative entities in the exercise of their legal functions or by court order; third parties authorized by the Data Subject or by the General System for the Personal Data Protection. The Secretariat reserves the right to request additional documentation in order to verify the quality of the person requesting the information. 

Notwithstanding the foregoing, the Secretariat may not share confidential or provided under confidential Submissions, unless it is compelled to do so. The Secretariat may share information that is not considered confidential and information that is aggregated or generic and not linked to any identified or identifiable person, which should not be processed in accordance with the GRPD. 

5.4 Purposes of the Processing of Personal Data 

Notwithstanding the purposes specifically authorized by the Data Subjects through the Authorization, the Secretariat shall process Personal Data in accordance with the following Purposes:

GROUP OF INTERESTPROCESSING PURPOSE
Council members and/or public officials
Maintain efficient communication with information that is useful for the development and fulfillment of the functions and activities established by virtue of the APC and the Agreement of the Secretariat.
b) Keeping Council members and public officials informed of the activities, events and services developed by the Secretariat.  
g) Performing the Personal Data verification and update.
d) Submitting information to competent control and surveillance authorities and support internal or external audit processes when the delivery of information is absolutely necessary.
Collaborators, potential collaborators or former collaborators 
Develop processes for selection, evaluation and employment, and commercial carry out safety studies, including polygraph tests, and maintain efficient communication of information that is useful for the development of these processes; and, know and evaluate the information related to their academic, professional and work activities. 
Carry out all the necessary activities to adequately execute the existing contracts with the Collaborators of the Secretariat and comply with the obligations derived from them, including making the payment of fees, social benefits and others that arise from the employment relationship. 
c) Managing the Secretariat's information and communications systems, including generating copies and backup files of the information contained in the equipment provided by the Secretariat.
d) Carrying out welfare programs and/or surveillance of the Social Security and Health Management System and for health promotion and prevention activities.
e) Presenting information for processing with entities related to the Social Security and Health Management System, including requests for reimbursement of leave or disability payments to the competent organizations, including EPS, IPS, among others. Also, before financial entities for the analysis of benefits, such as payment orders. 
d) Sending communications by physical mail, e-mail, mobile devices, or through any other analogous and/or digital means of communication with information on the activities and events carried out by the Secretariat. As well as, carrying out satisfaction campaigns and following up on the development of the Secretariat's activities.
g) Presenting information to control and surveillance authorities, supporting internal or external audit processes and performing statistical studies or accounting processes. 
h) Sending information related to the liquidation, completion of activities and participation in future selection processes, after the termination of the labor contract. 
g) Performing the Personal Data verification and update.
Suppliers and other contractors
a) Contacting and contracting suppliers of services or products that the Secretariat requires for the development of its activities and the provision of its facilities; as well as making the necessary requests to report the accounting, legal and tax information related to them.
b) Carrying out all the necessary activities to properly execute the existing contracts with the Suppliers.
c) Verifying information in credit bureaus or mandatory restrictive lists, with the purpose of using it as an element of analysis in the commercial relationship.  
d) Carrying out accounting, tax and administrative procedures, due diligence, invoicing and other aspects of the business relationship. 
d) Sending communications by physical mail, e-mail, mobile devices, or through any other analogous and/or digital means of communication with information on the activities and events carried out by the Secretariat. As well as, carrying out satisfaction campaigns and following up on the development of the Secretariat's activities.
f) Presenting information to control and surveillance authorities.
g) Performing the Personal Data verification and update.
h) Supporting internal or external audit processes and perform statistical studies or accounting processes.  
Submitter or Submitters 
Receive and consider Requests under Article 18.8 of the APC, in accordance with any work procedure approved by the Council. 
Determine whether a Request warrants a response from a Party and determine and inform the Council if a Request warrants the preparation of a factual record.
Prepare factual records and make them available to the public (including on the website) when instructed by any member of the Council, together with the documents and communications referred to in Article 18.8 and 18.9 of the TPA and other related documents with the Applications, in accordance with the procedures. established by the Council.
Send communications by physical mail, electronic mail, mobile devices, or through any other analog and / or digital means of communication with information on the activities and events carried out by the Secretariat. As well as, carry out satisfaction campaigns and monitor the development of the activities of the Secretariat.
e) Performing statistical or data analysis studies.
f) Reporting changes in information handling policies.
g) Performing the Personal Data verification and update.
Present information to control and surveillance authorities and support internal or external audit processes and accounting processes. The foregoing, except in the case of confidential information or information provided under confidential requests and the Secretariat does not have the obligation to supply it.
Interested Party
Receive and publish the opinions that people other than the Applicants may present to the Secretariat regarding an application or the process for submitting applications.
Receive and process the orders, requirements or any type of request that is made through any of the contact forms that are made available to you.
c) Preparing factual records and make it publicly available (even on the website) when instructed by any member of the Council, along with the documents and communications referred to in Article XNUMX and XNUMX of the TPA and other submissions-related documents in accordance with the procedures established by the Council.
d) Sending communications by physical mail, e-mail, mobile devices, or through any other analogous and/or digital means of communication with information on the activities and events carried out by the Secretariat. As well as, carrying out satisfaction campaigns and following up on the development of the Secretariat's activities.
e) Performing statistical or data analysis studies.
f) Reporting changes in information handling policies.
g) Performing the Personal Data verification and update.
Present information to control and surveillance authorities and support internal or external audit processes and accounting processes. The foregoing, except in the case of confidential information or information provided under confidential requests and the Secretariat has no obligation to supply it.

 5.5 Treatment of Sensitive Data

In general, the Secretariat will refrain from collecting and processing Sensitive Data. However, in those cases where it is absolutely necessary, the Secretariat shall inform the Data Subject the Sensitive Data that would be subject to Processing, the specific purposes of its Processing and that, since it is Sensitive Data, it is not obliged to supply it, except in those cases where there is a legal duty that requires it. In case of having doubts regarding the need to deliver Sensitive Data, please contact the Secretariat prior to delivery.

5.6 Treatment of the Personal Data of girls, boys and / or adolescents 

Girls, boys and minors may submit Requests related to the activities carried out by the Secretariat within the framework of the functions assigned to it by virtue of the APC and the Secretariat Agreement. In these cases, the girls, boys and / or minors must submit the Request through their legal representatives and the Secretariat will do its best to verify that whoever acts as the legal representative of the child or adolescent actually has this quality. However, it will start from the good faith of the person who grants the authorization for the Treatment of the Personal Data of the child or adolescent, and stating that they have the quality of legal representative. 

5.7 Unsolicited Personal Data 

Prior to the formal start of business or labor relations with the Secretariat, it is possible that Personal Data may be sent to us without the Authorization granted by the Data Subject. In these cases, the Data Subject accepts that, by means of his/her unambiguous conduct consisting in sending his/her information to the Secretariat, he/she authorizes it to carry out the Processing of his/her Personal Data for the purpose strictly related to the procedure or request made.

The Authorization for Unequivocal Conduct shall apply, including, but not limited to, the filing of information from: (i) persons who file Submissions at the offices where the Secretariat is located, by e-mail or by any other means of contact; (ii) persons who wish to work at the Secretariat; (ii) persons who wish to be linked as suppliers to the Secretariat; and, (iii) persons who submit requests, complaints, suggestions, claims or compliments of any nature to the Secretariat. Notwithstanding the above, and only in case the relationship with these third parties is formalized, the corresponding Authorization shall be requested to continue with the Personal Data Processing for other purposes.

5.8 Processing of Personal Data during the reception and management of Applications 

During the reception and management of the Applications, the Secretariat may have access to the Personal Data of the Applicants, in order to attend to them, in accordance with the provisions of the APC and in the Agreement of the Secretariat and the procedures established by the Council. . In this same scenario, the Secretariat will have the possibility of collecting personal information from third parties, other than the Applicants, with whom the Applicant has some type of link. In these cases, it will be understood that the Applicants are authorized, in accordance with the RGPD, to deliver the Personal Data of third parties to the Secretariat. If the Applicants do not have this Authorization, they must limit themselves to providing Public Personal Data.

The Secretariat may deliver the Personal Data collected in the framework of these Requests to public entities, in the exercise of their functions, who will have the quality of Treatment Managers, with the sole purpose that these entities can develop activities aimed at meeting the Requests, in the terms established by the APC and the Agreement of the Secretariat and the procedures established by the Council. The foregoing, as long as the information is not considered confidential or provided through a Confidential Request and the Secretariat is not obliged to deliver or disclose the information.

The Secretariat will refrain from delivering confidential information or information supplied by means of confidential requests to any third party, unless this is required. 

In case it is necessary to carry out any type of additional and / or extraordinary activity that is not included in the APC or in the Secretariat Agreement; and, which implies the treatment of Personal Data, the Secretariat will request the corresponding Authorization from the Holder. 

5.9 Time Limitations to the Processing of Personal Data

The Secretariat will keep a record of the information of its Groups of Interest before, during and after the termination of the relationship that has given rise to its collection, which may include Personal Data, solely and exclusively to achieve the purposes authorized by the Data Subject or in the performance of legal duties. This information shall be kept for a reasonable retention period in view of the: (i) the time during which the Data Subject has a relationship with the Secretariat; (ii) the Secretariat carries out an activity in favor of the Data Subject; and, (ii) there is a legal, accounting or administrative obligation and/or legal, administrative, audit or regulatory requirements to which the Secretariat is subject.

The Secretariat will store Personal Data for a period of AA + 20 (current year + 20 years) after the termination of the last relationship or contact with the Secretariat. After this time, the Secretariat may destroy the Personal Data or delete it from its Databases, unless a legal or contractual duty to the contrary remains in force.  

5.10 Information security commitment 

The Secretariat is committed to the confidentiality and security of the Personal Data stored in its Databases, under restrictions of access, availability and consultation by unauthorized third parties.

Based on the above, the Secretariat informs the Personal Data Holders that it has adopted adequate measures and practices for the conservation of Personal Data under security conditions typical of the industry, which seek to prevent its adulteration, loss, theft, public consultation, unauthorized or fraudulent use or access, as well as the implementation of internal practices that contribute to a safe environment of information. 

Although the Secretariat has a technological protection system that goes from its servers to the Internet, no Internet transmission may guarantee its 100% security. Therefore, the Secretariat cannot guarantee that the information entered into its website is completely secure, and users run their own risk.

In the event that a Data Subject considers that his/her Personal Data is not being processed in a secure manner, the Secretariat would appreciate being notified as soon as possible in order to review the matter with the priority it deserves. 

5.11 Personal Data Updating and Processing of Outdated Personal Data

The Secretariat is committed to the Processing of the information under strict compliance with the principle of truthfulness or quality, for which it reminds the right that the Data Subjects have to update and rectify their Personal Data and invites them to report any update, change and/or modification regarding their Personal Data as soon as possible. Moreover, the Secretariat reserves the right to carry out activities aimed at keeping updated the Personal Data of the Data Subjects who are part of its Group of Interest.   

In the scenario of updating, changing and / or modifying Personal Data not effectively reported to the Secretariat, we request the compression of any third-party data processing (not part of our Databases) caused by this fact. In these scenarios, and as soon as it is informed to the Secretariat, the data of the Holder not related to the Interest Groups of the Secretariat will be eliminated immediately and the information will be updated in the corresponding Database. 

5.12 Processing of Personal Data of third parties provided by third parties that are part of the Interest Groups

In the event that the Secretariat has access to third parties’ Personal Data, which have been provided by a person who is part of its Group of Interest, the Secretariat will understand that the latter has the express Authorization of the third party in its capacity as Data Subject, to provide its Personal Data. Thus, the person who is part of the Group of Interest and provides the Data Subject’s information to the Secretariat declares and acknowledges that he/she has the Authorization granted by the Data Subject, so the Secretariat may access and process his/her Personal Data in accordance with this Policy. The foregoing applies, without limitation, to the Personal Data that legal entity providers share with respect to their Collaborators or contractors. 

In case the person who is part of its Group of Interest does not have the respective Authorization granted by the Data Subject, the Secretariat will limit itself to the Public Data.

  1. DATA SUBJECTS’ RIGHTS  

In line with the provisions of the GRPD, the Data Subject of the Personal Data has the following rights:

  1.   Accessing, knowing, rectifying and updating your Personal Data.
  1. Requesting proof of the Authorization granted, except in cases where it is excepted as a requirement for the Processing of Personal Data, in accordance with the exceptions established in the General System for the Personal Data Protection.
  1. Receiving information, upon request made to the Controller, regarding the Processing that has been given to your Personal Data.
  1. Filing complaints before de authority for violations of the provisions of the, prior consultation or complaint to the Secretariat.
  1. Modifying and revoking the Authorization and/or requesting the deletion of the data.
  2. Having knowledge of and access to the personal data that have been subject to Processing.
  3. The others that are acknowledged by the General Regulation for the Personal Data Protection
  1. ADDRESSING INQUIRIES, COMPLAINTS AND EXERCISING THEIR RIGHTS 
  1. Procedures for addressing Inquiries or Complaints related to Personal Data Processing
Area in charge of addressing inquiries and complaints related to personal data processingExecutive Director 
AddressCarrera 7 # 32-33, 27th floor Bogota (Colombia)
Email info@sala-seem.local 

Any questions or inquiries regarding the Policy and practices related to Personal Data Processing by the Secretariat may be submitted to this same contact address.

  1. Procedures for addressing Inquiries or Complaints related to Personal Data Processing 

The Data Subject, his or her representative or assignees may submit Inquiries and/or Complaints in the exercise of their rights, as follows:

  1. The Inquiry or Complaint must be directed to one of the mechanisms established in this Policy. The Data Subject must clearly describe his/her request for correction, update or deletion. In case the Complaint is related to a possible breach of any of the duties of the Secretariat or its Processor, the reason for the breach must be indicated in detail.
  1. In case of Inquiries: the Data Subject or petitioner must fully identify himself/herself and clearly describe his/her Inquiry. In the event that the petitioner is not acting as Data Subject, he/she must indicate the capacity in which he/she is acting and attach the document that authorizes him/her to make the request or inquiry, whether it is a power of attorney, birth certificate, among others. 

The Secretariat will answer your inquiry within a maximum of ten (10) working days from the date of safe receipt. When it is not possible to respond to the inquiry within the aforementioned term, the Secretariat shall inform the interested party, expressing the reasons for the delay and indicating the new term for responding to the request or inquiry, which shall not exceed five (5) working days, counting from the term expiration in the previous point. 

  1. In case of Complaints: the interested party must indicate in detail the reason for the breach. In this case, the Secretariat will attend the complaint in a maximum term of fifteen (15) working days from the day following the date of its receipt. When it is not possible to attend the complaint within said term, the Secretariat shall inform the interested party of the reasons for the delay and the date in which the complaint will be attended, which in no case may exceed eight (8) working days after the expiration of the first term.

If the Complaint received is incomplete, the Secretariat shall request the interested party within five (5) working days following receipt of the Complaint to correct it with respect to its inaccuracies, if two (2) months pass from the date of the request, without the petitioner submitting the required information, the Secretariat shall understand that the Complaint has been withdrawn.

If the Complaint requests the deletion of the Personal Data and/or the revocation of the Authorization for the use of the Personal Data, the Secretariat will proceed accordingly. However, it shall keep a copy of the Complaint, including the information related thereto, for documentary purposes in eventual administrative proceedings.  

  1. WEB BROWSER COOKIES 

The Secretariat may implement "cookies" on its website, understanding they are tools that collect information about users' navigation on its website, with the purpose of improving the user's experience. The Secretariat will act as the responsible for the information it collects through cookies and will subject its processing to the protection standards established in the GRPD.

In case the Secretariat decides to implement cookies, it will inform users in their capacity as Data Subjects, through the corresponding Privacy Notice, about the use of this technology, its terms and scope. In this way, Data Subjects who do not wish the installation of cookies may reject it or disable this option in the configuration of their browser. If the user rejects or deactivates the cookies, it could affect some functional aspects of the website, during his navigation experience. 

  1. VALIDITY

This document became effective as of September 9.1, 29.

9.2 The Databases under the administration of the Secretariat will have a validity equal to the time in which the Personal Data is used for the purposes described in this Policy; and, the Personal Data included in these will be kept unless the Holder requests its deletion and there is no legal or contractual duty to keep the information.

The Secretariat informs that any substantial change in the Information and Personal Data Processing Policy will be timely communicated on its website.

Carrera. 7 # 32-33, Piso 27  Bogota DC - Colombia
info@sala-seem.local  (57-1) 2853862 Ext 176  

***