Data processing policy


This document is intended to posit SANCLEMENTE FERNÁNDEZ ABOGADOS S.A. (hereinafter “SFA”) Personal Data Processing Policy (hereinafter the “Policy”) in order to evidence the secure and responsible Processing of information to the Subjects of the Personal Data stored in Databases.

In addition, SFA is also hereby observing effective regulations on the subject, Law 1581 of 2012 (hereinafter the “Law”), Decree 1074 of 2015 and External Circular 002 from the Superintendence of Industry and Commerce (hereinafter “SIC”).

Accordingly the following are the relevant definitions concerning the contents of the Policy and provided under the Law:

  1. Authorization: Prior, express and informed consent from the Data Subject in order to carry out Processing of Personal Data;
  2. Database: Organized set of Personal Data subject matter of Processing;
  3. Personal Datum: Any information related or which may be associated to one or several determined or determinable natural persons;
  4. Party in Charge of Processing: Natural person or legal entity, whether public or private, carrying out by himself/herself/itself or jointly with others Processing of Personal Data on account of the Party Responsible for Processing;
  5. Party Responsible for Processing: Natural person or legal entity, whether public or private, making decisions, either by himself, herself/itself or jointly with others, on the Database and/or Data Processing;
  6. Subject: Natural person whose Personal Data are subject matter of Processing;
  7. Processing: Any operation or set of operations on Personal Data, such as collection, storage, use, dissemination or deletion.
  8. Compliance Officer: Person in charge of addressing Data Subjects’ requests regarding exercise of their rights (hereinafter “Compliance Officer”).

In addition, SFA has also complied with parameters established to protect the integrity and maintain the significance entailed in storing Personal Data, in addition to being fully aware of the broad scope of relevance of safeguarding the Databases subject to an exclusive Processing according to the end purpose of the same.

In light of the above, it is important for SFA that Data Subjects know the Processing and handling given to their personal data, and also that they know the means through which it is possible to contact directly the Responsible Party and if necessary submit any request.

SFA intends to establish measures through which collection, storage, maintenance, care, modification, deletion or any other type of processing of the information be approved and consented by the Data Subjects.

Accordingly SFA has put forward under this policy the provisions under the Law in order to advise the same to the Data Subjects and inform such Subjects of their rights as owners of the information temporarily being held by SFA in order to meet a specific end purpose and the purpose of SFA. The duties of Data Subjects are provided below:

  1. Know, update and correct Personal Data for the Parties Responsible of Processing. This right may be exercised, among others, in regard to partial, inaccurate, incomplete, fractioned data leading into error or those whose Processing is strictly prohibited and unauthorized;
  2. Request evidence of the Authorization granted to the Party Responsible of Treatment, save when expressly exempted as a requirement for Processing, as provided under Article 10 of the Law;
  3. Be informed by the Party Responsible for Treatment upon request, in connection with the use given to the Personal Data thereof;
  4. File before the SIC any complaints for infringement to the provisions under the Law and any other regulations amending, adding or supplementing the same;
  5. Revoke the Authorization and/or request deletions of the data, when such Processing fails to respect constitutional and legal principles, rights and guarantees. Revocation and/or deletion shall apply, if the SIC determines that the Responsible Party has engaged in conducts that breach the Law and the Constitution in Processing of such Data.
  6. Access, free of charge, the Personal Data thereof subject matter of Treatment.

SFA is Responsible for information collected and stored in Databases and hence its contact information is provided below for interested parties:

Telephone:+1 57 3100555
Address:Carrera 9 # 69 – 70

In order to protect the rights held by Data Subjects, SFA intends to establish channels through which it may possible to file claims, complaints or petitions directly against the Responsible Party and regarding which SFA shall have to provide an answer in a term not exceeding fifteen (15) days, otherwise the Data Subject may address his/her consultation to the SIC.

In observance of the above, a Compliance Officer has been designated, who will endeavor the protection, update and maintenance of the Databases, in addition to responding any request made. The following are the direct communication channels with the Compliance Officer:

Compliance Officer Electronic
Address:Carrera 9 # 69 – 70

The principles developed by the Law shall be applied without any exception to any Processing carried out with Personal Data stored in the Databases and SFA shall comply with each and every one of the end purposes covered by the same to establish a transparent and effective process:

  1. Principle of Legality:The Processing provided under the Law is a regulated activity that must comply with the regulations established under the same and all other provisions developing the same;
  2. Principle of Finality:The Processing must relate to a lawful end under the Constitution and the Law, which must be informed to the Data Subject;
  3. Principle of freedom:Processing can only be conducted with prior, express and informed consent from the Data Subject. Personal Data may not be obtained or disclosed without prior Authorization or without legal or court ordered mandate disclosing consent;
  4. Principle of veracity or quality: The information subject matter of Processing must be accurate, complete, truthful, updated, verifiable and comprehensible. Processing of Partial, incomplete, fragmented or misleading Data is prohibited.
  5. Principle of transparency: During Processing the Data Subject’s right to obtain information at any time from the Party Responsible for Treatment regarding existence of any data concerning the same must be guaranteed;
  6. Principle of access and restricted dissemination: Processing is subject to the restriction arising from the character of the Personal Data, provisions under the Law and the Constitution. In this sense, Treatment shall only be made to persons authorized by the Data Subject and/or persons provided under the Law; Personal Data, except for public information, shall not be available over the internet or other means of mass communication or dissemination, except if access is technically controllable to provide restricted disclosure only to the Data Subjects or authorized third parties, as provided under the Law;
  7. Principle of security: Any information subject to Processing by the Responsible Party shall be handled with the technical, human and administrative measures that may be necessary to afford security to the files, while preventing modification, loss, consultation, unauthorized or fraudulent use thereof or access thereto;
  8. Principle of confidentiality: All persons involved in the Processing of Personal Data not being of a public nature shall be required to guarantee the confidentiality of such data, even upon termination of any relation with any of the tasks involved in such Processing, being able to provide or communicate Personal Data only when the same relates to performance of the activities authorized under the Law according to the terms of the same.

In order to offer a higher certainty of application of this Policy by SFA, the following obligations to be abided as Party Responsible for Processing have been established as provided under the Law:

  1. Guarantee the Data Subject, at all times, the effective and full exercise of the habeas data right;
  2. Request and maintain, in the conditions provided under the Law, a copy of the respective authorization granted by the Data Subject;
  3. Advise the Data Subject in due time regarding the purpose of the collection and the rights available thereto by virtue of the granted Authorization;
  4. CMaintain the information under the security conditions necessary to prevent alteration, loss, consultation or unauthorized or fraudulent use thereof or access thereto;
  5. Update the information with all new details respecting the data previously provided and adopt all other measures necessary for the information provided thereto to be updated regularly;
  6. Correct the information if the same is inaccurate;
  7. Process any consultation and claim made according to the terms provided under the Law and this Policy;
  8. Adopt an internal manual on policies and procedures in order to guarantee adequate performance of the Law and especially for addressing consultations and claims;
  9. Advise upon request of the Data Subject the use given to the data thereof;
  10. Advise data protection authorities in the event of any breach to the security codes and existence of any risks in the management of the information of the Data Subjects.
  11. Comply with the instructions and requests from the SIC.

This document shall only be amended by the Legal Representative of SFA or whoever acts as Compliance Officer.
Any amendment made shall be valid from the time it is posted at a visible place at the facilities of SFA or at the web page In addition the Company reserves the right to make changes to this Policy whenever it might deem necessary and in line with effective regulations.
This Policy shall have a term of effectiveness similar to that of SFA and shall be subject to amendments and adjustments according to the internal rules and effective regulations.