WA Solutions S.A.S.´s Personal Data processing Policy

Code: PO-02
Version: 5
Issue date: 22/06/2023

Objective. This document explains the parameters and rules that the company will use to process the personal data registered in WA Solutions S.A.S.´s databases, in order to guarantee the personal data processing in accordance with Law 1582 of 2012, Decree 1377 of 2013 and the rest of applicable regulation. 

 

Data Controller. The Data Controller is WA Solutions S.A.S., a company legally constituted in Colombia, identified with NIT 900.714.689-3. The contact details are:

 

Website: https://wasolutions.co

Address: Carrera 52 No. 14-30, Office 201. Medellín, Antioquia, Colombia.

Email: info@wasolutions.co

Cell phone number: 3233077588

 

Personal data processing. Personal data will be subject to the following operations: collection, storage, use, processing, systematization, indexing, circulation, deletion, transmission and transfer, even to other countries.

 

Purpose of personal data processing. The processing of personal data will be carried out for the development of relationships of a different nature that WA Solutions maintains with the holders, for the development of its corporate purpose, and especially, for the following purposes:

 

Current and potential Clients:

  1. Negotiate a possible commercial relationship. 
  2. Fulfill the obligations arising from the business relationship.
  3. Conduct surveys, studies and confirmation of personal data necessary for the execution of a commercial relationship.
  4. Send statements of account or invoices derived from the business relationship.
  5. Post on company social media.
  6. Offer products and services.

 

Providers:

  1. Make payments. 
  2. Comply with the obligations contracted under the contract.
  3. Post on the company’s social networks.
  4. Use a photo as the profile image in the corporate email.
  5. Monitor the company’s facilities, through security cameras and identification systems for entry.

 

Course and training students

  1. Identify students enrolled in courses and training.
  2. Report the students to the Demand Driven Institute (DDI), so that it can create a user on its platform, the students can access the institute’s material and the DDI can issue them a certificate stating the completion of the course or training, as appropriate.
  3. Enviar información, publicidad, comunicaciones, novedades y ofertas.
  4. Post on company social media.
  5. Save the students’ history.

 

Workers and interns:

  1. Comply with the obligations contracted under the employment contract.
  2. Create the resume
  3. To grant labor certifications.
  4. Respond to requests for information from competent authorities.
  5. Consult and report information for statistical, commercial and risk control purposes.
  6. Post on company social media.
  7. Configure the profile image in corporate email.
  8. Monitor the company’s facilities, through security cameras and personnel identification systems for entry.
  9. Comply with the obligations and carry out the management activities derived from the company’s commercial relations with its clients.
  10. Provide information to third parties with whom the company has a contractual relationship and that it is necessary to deliver it to them for the execution of the company’s commercial relations with its customers and suppliers.
  11. Offer corporate welfare programs and plan business activities, for the holder and its beneficiaries, that is, children, spouse and permanent partner.

 

Candidates in the selection processes:

  1. Carrying out the selection and recruitment process.

 

Rights of the holder of the personal data. The rights of the owner of the personal data are:

 

  1. Know, update and rectify all their personal data that is stored or collected in the databases managed by the Data Controller.
  2. Free  access of charge to the data provided that have been subject to processing.
  3. Request the updating and rectification of their personal data regarding partial, inaccurate, incomplete or fractionated data, which lead to error, or information whose processing is prohibited or has not been authorized. 
  4. Request evidence of the authorization granted, except when authorization is expressly exempted as a requirement for the processing.
  5. Be informed by the Data Controller, upon request, regarding the use given to their personal data.
  6. Submit to the Superintendencia de Industria y Comercio (SIC) complaints for violations of the provisions of the applicable regulations in force.
  7. Revoke the authorization and/or request the deletion of the personal data, unless there is a legal or contractual obligation that makes it imperative to keep the information.
  8. Refrain from authorizing the processing data or answering questions about sensitive data or data of children and adolescents.
  9. Others provided for in the Constitution and in Law 1581 of 2012.

 

Procedure for the exercise of the rights of the owner. The requests, queries and claims submitted by the owners in order to exercise their right to know, update, rectify and delete information and revoke the authorization, must be made through the email info@wasolutions.co and will be attended by the Administrative and Financial area.

 

The request must contain the following information:

 

  1. Full name and surname;
  2. Identification type and ID number;
  3. Contact information: address, email and cell phone number or landline telephone number;
  4. Facts that give rise to the claim;
  5. Evidence on the facts that give rise to the claim;
  6. Right that you want to exercise;

 

If the claim is incomplete, the interested party will be required to complete it within five (5) business days following the reception of the claim. It will be understood that the claim has been desisted when two (2) months have elapsed from the date of the request to correct the claim without the applicant submitting the required information.

 

The Data Controller will respond to the request within fifteen (15) business days following  from the day after the date of receipt or from the day after the date on which the corrected claim is received, if it is applicable. When it is not possible to attend the claim within the aforementioned term, the interested party shall be informed of the reasons for the delay and the date on which the claim will be attended, which in no case may exceed eight (8) business days following from the expiration of the first term.

 

Security measures. The Data Controller shall handle the personal data with the technical, human and administrative necessary measures to provide security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. In this regard, only those directors, officers, employees, providers or shareholders who, due to their work, must know the information, will have access to the personal data.

 

Validity period of the database. The personal data provided will be kept for the time that is reasonable and necessary, according to the purposes that justified the treatment, as long as the interested party do not request their deletion and there is no legal duty to keep them. Once the purposes are fulfilled and as long as there is no legal or contractual duty to keep the information, the data will be deleted from our databases.

 

Validity period of the Personal data processing policy. This Personal data processing policy is in force as of February 18, 2014.