top of page

Personal Data Processing Policy

1. OBJECTIVE: This policy contains the necessary guidelines to guarantee the protection of the fundamental right of protection of personal data in accordance with the guidelines defined by Law 1581 of October 17, 2012 and its regulatory decrees; as well as circulars and guides issued by the Superintendence of Industry and Commerce.

2. REACH: This policy contains the principles, concepts, rights, channels, commitments of the Organization, and in general the necessary elements for the effective exercise of the rights of the holders. This policy must be applied by all officials and involved in the processes that are carried out. Likewise, it applies to our commercial allies, suppliers and contractors who, in the development of their work, have access to personal data of holders.

3. DEFINITIONS: In accordance with current legislation on the matter and with the objective that the recipients of this document are clear about the terms used, the following definitions are established below._cc781905-5cde-3194-bb3b -136bad5cf58d_

Authorization: Prior, express and informed consent of the owner to carry out the Processing of personal data.

Notice of Privacy: Verbal or written communication generated by the Responsible Party, addressed to the Holder for the Processing of their personal data, through which they are informed about the existence of the information Processing policies that will be applicable to them, the way to access them and the purposes of the Treatment that is intended to be given to personal data.

Database: Organized set of personal data that is subject to Treatment. (Files are included) These can be automated or not. Automated databases are those that are stored and managed with the help of computer tools. Manual databases or files are those whose information is physically organized and stored.

Candidate: It is the term used for natural persons whose resumes are subject to treatment in accordance with this policy.

Contractors/suppliers: Natural or legal persons with whom RISK GROUP INTERNATIONAL SAS. has a contractual relationship.

Personal data: Any information linked or that may be associated with one or more determined or determinable natural persons.

Private data:It is the data that due to its intimate or reserved nature is only relevant to the Holder.

Public data: It is the data that is not semi-private, private or sensitive. Public data is considered, among others, the data related to the marital status of people, their profession or trade and their quality as merchant or public servant. Due to its nature, public data may be contained, among others, in public registries, public documents, gazettes and official bulletins and duly enforced judicial sentences that are not subject to reservation.

Sensitive data: They are "those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, belonging to unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data”.

Semi-private data: Semi-private data that does not have an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its Owner but to a certain sector or group of people or to society in general, such as the financial and credit data of commercial activity or services referred to in Title IV of Law 1266.

Processor: Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the controller.

Client Company: legal entity that hires the services of RISK GROUP INTERNATIONAL SAS

Evaluated by measuring psychosocial risk factors: natural person who presents the psychosocial risk survey in accordance with the regulations on the matter.

Evaluated by competencies: natural person to whom the evaluation of the competencies of the position and/or the organizational ones is applied.

Data controller: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the treatment of the data. It is the one that determines the essential purposes and means of data processing.

National Registry of Databases: is the public directory of the databases subject to Treatment that operate in the country.

Headline: Natural person whose personal data is processed.

Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

Transfer: The transfer of data takes place when the person in charge and/or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is the person in charge of the treatment and is located inside or outside the country. .

Transmission: Treatment of personal data that implies the communication of the same inside or outside the territory of the Republic of Colombia when its purpose is to carry out a Treatment by the Manager on behalf of the Responsible.


4. DESCRIPTION 

I. DETAILS OF THE CONTROLLER

RISK GROUP INTERNATIONAL SAS(RISK GROUP) is a company with NIT 900.414.957-5, domiciled at Carrera 44A No. 38A Sur 40 Barrio Alacalá, del_3b4c5819-3b5c581 -136bad5cf58d_Municipio de Envigado, Colombia, with email address: www.riskgroupinternational.com, emailinfo@riskgroup.com.co  and phone (+574) 448 5580 contact Juan Carlos Echeverri Garcés Cell phone (+57) 301 261 0345

II. PURPOSE OF THIS POLICY

RISK GROUP INTERNATIONAL SAS committed to the personal data of the owners and in compliance with the regulations on the protection of fundamental rights de PROTECCIÓN DE DATA PERSONALES_cc781905-5cde-3194-bb3d5b-13 Colombia , develops the present PERSONAL INFORMATION PROCESSING POLICY, with the purpose of guaranteeing at all times, the full and effective exercise of the rights that assist the Owner of the personal data.


III. BEGINNING

The guiding principles are the fundamental rules, of a legal and/or jurisprudential nature, that inspire and guide the processing of personal data. The guiding principles that will apply to the processing of personal data in RISK GROUP INTERNATIONAL SAS: 

  1. Principle of legality regarding data processing: The Processing of personal data carried out is a regulated activity that is subject to the provisions of the law and the other provisions that develop it.

  2. Principle of finality: The Processing of personal data carried out by de RISK GROUP INTERNATIONAL SAS obeys a legitimate purpose in accordance with the Constitution and the Law, which will be informed to the Holder.

  3. principle of freedom: Processing of personal data en RISK GROUP INTERNATIONAL SAS  can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.

  4. Principle of veracity or quality: The information subject to Treatment by de RISK GROUP INTERNATIONAL SAS  must be true, complete, exact, up-to-date, verifiable and understandable. In development of this principle in the processing of personal data, RISK GROUP INTERNATIONAL SAS  has reasonable measures to ensure that the personal data stored in the databases is accurate and sufficient.

  5. Principle of transparency: In the Processing of personal data, RISK GROUP INTERNATIONAL SAS guarantees the Owner's right to obtain information about the existence of data that concerns him/her, within the periods and terms established in this Policy.

  6. Principle of restricted access and circulation: The Treatment is subject to the limits that derive from the nature of the personal data, the provisions of the law and the Constitution. In this sense RISK GROUP INTERNATIONAL SAS  will allow the provision of information to the following persons: 1) To the Owners, their successors in title or their legal representatives; 2) To public or administrative entities in the exercise of their legal functions or by court order; case in which the entity must justify the request for personal data informing the need for the data and the respective compliance with legal or constitutional functions. 3) To third parties authorized by the Owner or by law. 4) To persons contractually linked to RISK GROUP INTERNATIONAL SAS that, by reason of their position, trade, nature of the contract or activity, know and treat said information in accordance with this policy.

  7. Security principle: The information subject to Treatment by de RISK GROUP INTERNATIONAL SAS, has the necessary technical, human and administrative measures to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access;

  8. Principle of confidentiality: All persons involved in the Processing of personal data that is not public in nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the Treatment, and may only supply or Communication of personal data when it corresponds to the development of the activities authorized in Law 1581 of 2012 and in its terms.

  9. Principle of temporality: Personal data will be kept only for the reasonable and necessary time to fulfill the purposes that justified the treatment, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical information. The data will be kept when it is necessary for the fulfillment of a legal or contractual obligation. Once the purpose of the treatment and the terms established above have been fulfilled, the data will be deleted.

  10. Principle of necessity and proportionality: The personal data registered in a database must be those strictly necessary for the fulfillment of the purposes of the treatment, for which they must be adequate, pertinent and consistent with the purposes for which they were collected.

  11. Principle of comprehensive interpretation of constitutional rights: Law 1581 of 2012 will be interpreted in the sense that constitutional rights are adequately protected.
     

IV. AUTHORIZATION 

The processing of personal data by de RISK GROUP INTERNATIONAL SAS requires the free, prior, express and informed consent of the owner thereof.

How to obtain authorization: In order to guarantee the Rights of the HOLDERS of personal information, RISK GROUP INTERNATIONAL SAS in its capacity as data controller, has provided the necessary channels and mechanisms to obtain the respective authorization from the Owner, guaranteeing in any case that it is possible to verify the granting of said authorization. It will be understood that the authorization complies with the legal requirements when it is manifested: 1. In writing; 2. Orally or; 3. Through unequivocal conduct of the Holder that allows a reasonable conclusion that the authorization was granted. Said conduct must be unequivocal in such a way that there is no doubt about the willingness to authorize the treatment. 

 

In no case can silence be assimilated to unequivocal conduct. The unequivocal conduct will be the sending of the resume to corporate emails or the entry of the same to the platform of resumes.

 

The authorization may be in a physical, electronic document or in any other format that allows guaranteeing its subsequent consultation. Once the authorization is obtained, proof of it must be kept.

 

Cases in which authorization is not necessary: The HOLDER's authorization will not be necessary in the case of: 1. Delivery of information required by a public or administrative entity in the exercise of its legal functions or by court order. 2. Processing of Data of a public nature. 3. Cases of medical or health urgency. 4. Treatment of information for historical, statistical or scientific purposes in which the information is not linked to a specific person. 5. Data related to the Civil Registry of People.

Authorization on sensitive data of the owner: In accordance with the provisions of article 6 of law 1581  and regulatory standards, authorization for sensitive data processing will only proceed when the following requirements are met: 1) That there is explicit authorization from the owner of the sensitive data; 2) That the owner knows that he is not obliged to authorize the treatment of said information; 3) That the owner be informed which of the data that will be processed are sensitive and the purpose thereof. 

Authorization for data processing of children and adolescents: The services of RISK GROUP INTERNATIONAL SAS, are not aimed at children and adolescents, which is why it does not process the personal data of minors in any of its activities. However, in the event that for any reason it becomes necessary to process the information, your prevailing interest will be taken into account, as well as the right to be heard and in no way will it be carried out without prior authorization from your representatives. legal.

V. TREATMENT AND PURPOSES

Within the business activity carried out by RISK GROUP INTERNATIONAL SAS, there is the provision of consulting and advisory services in Human Talent Management, the provision of occupational health and safety services as a legal entity, and everything related to psychosocial risk management and mental health at work, 

The Personal Data collected, stored, used, communicated, transmitted, transferred, deleted will be treated in a fair, lawful, secure and reliable manner. In case of processing of Sensitive Personal Data,RISK GROUP INTERNATIONAL SAS will comply with the provisions of Law 1581 of 2012 and regulatory standards. Sensitive personal data are those that affect the privacy of the Owner or whose improper use may generate discrimination,  such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, belonging to unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

Sensitive data is considered data collected and processed through psychotechnical tests, in-depth interviews, home visits, polygraph, safety studies, psychosocial risk assessment and, in general, through different instruments related to safety and health in the workplace. work.  It will be sensitive data, among others, data related to health, biometrics such as photo, fingerprint, voice and video surveillance. It is voluntary on the part of the holders to answer questions about sensitive data (optional nature).

RISK GROUP INTERNATIONAL SAS, managers or third parties who have access to Personal Data by virtue of Law or contract, will maintain the Treatment within the following purposes according to the interest group:

1. In the relationship with the candidates and evaluated by psychosocial risk: _CC781905-5CDE-3194-BB3B-13BAD5CF58D_EN development of the corporate object, the personal data of the_c781905-5CDE-3194-BB3B-13BAD5CF58D_CANDIDATOS_CC781905-5CDE-31 through job boards, the corporate website, social networks, by sending the resumes of the candidates by the client companies, or by sending the resume by the candidate. The personal data of the EVALUATED by psychosocial risk factors collected in exercise of the power of RISK GROUP INTERNATIONAL SAS to provide this service, it is carried out through written surveys that are carried out in person or through the media, electronic formats, systems and reports established by_cc781905-5cde-3194-bb3b- 136bad5cf58d_RISK GROUP INTERNATIONAL SAS or third parties authorized for this purpose. The treatment is carried out in accordance with the regulations that regulate the matter. In the event in which RISK GROUP INTERNATIONAL SAS perform the processing of personal data as MANAGER of the treatment, it will comply with law 15121 and regulatory standards Personal Data and sensitive personal data will be processed for the purposes that have been Authorized and those indicated below:

  1. The provision of selection and promotion services for human talent. For this purpose, access and treatment of Personal Data may be allowed to natural or legal persons contractually linked with RISK GROUP INTERNATIONAL SAS. for the adequate provision of services in accordance with this policy.

  2. Determine the level of adjustment between the profile and skills of the candidate for the vacancy, through evaluation by different tools, in order to provide an efficient human talent consulting service.

  3. For the provision of safety and health services at work, among which are activities such as measurement, analysis, intervention and training in psychosocial risk.

  4. Identification of the person.

  5. Send notifications about the access, use, update and blocking of the username and password on the web page.

  6. Carry out commercial, marketing, candidate, customer and training loyalty activities by sending information about new products and services, promotions, discounts, offers, vacancies, thank you messages, information about courses, seminars, events, talks, cross-selling , among other.

  7. Prepare technical and statistical studies, surveys, analysis of market trends and in general any technical or field study related to human talent and services de RISK GROUP INTERNATIONAL SAS

  8. Manage all the information necessary to comply with contractual, tax and commercial, corporate and accounting registry obligations.

  9. Comply with internal processes de RISK GROUP INTERNATIONAL SAS

  10. Comply with contracts entered into with client companies. Through the delivery of individual and/or population psychological reports, and in general, the delivery of general and/or particular reports derived from the type of service contracted.

  11. Processes within de RISK GROUP INTERNATIONAL SAS, for development or operational purposes and/or systems administration.

  12. For compliance with corporate and accounting obligations de RISK GROUP INTERNATIONAL SAS 

  13. Any other purpose directly related to the consulting activities and provision of services related to Human Management carried out by RISK GROUP INTERNATIONAL SAS.

 

2. IN RELATION WITH THOSE EVALUATED BY COMPETENCES:RISK GROUP INTERNATIONAL SAS will collect, store and process the personal information provided by the client company in order to assess the competencies of the holders, through the application of the competency assessment of the position and/or the organizational ones, which may be carried out directly or by natural or legal persons with whom RISK GROUP INTERNATIONAL SAS has a contractual bond and in accordance with the purposes described here and under the security and confidentiality standards required by the regulations. The results will be made known to the client companies, the owner and will be treated confidentially between the parties. The data will be processed to manage all the information necessary to comply with contractual, tax, administrative and accounting obligations.

 

3. IN RELATION TO EMPLOYEES: RISK GROUP INTERNATIONAL SAS will collect, store and process the personal information necessary for the registration and linking of the person under the employment contract. Once the personal data has been collected, they will be stored in a physical folder identified with the name of each one of them. This physical folder will only be accessed and processed by the personnel designated for this purpose, in order to manage the contractual relationship between_cc781905-5cde- 3194-bb3b-136bad5cf58d_RISK GROUP INTERNATIONAL SAS and the employee. The use of employee information for any purpose other than that established in this policy is prohibited, except by order of a competent authority, in accordance with the provisions of Law 1581 of 2012 and regulatory standards. For the purposes of the Processing of sensitive personal data of employees that are collected during the employment relationship, the provisions of Law 1581 and regulatory standards will be complied with, especially data related to health, and biometric data (photo, voice, video surveillance, among others) whose purpose is to manage the contractual relationship, the identification of the employee and the security of the facilities. The information on the data obtained from the video recordings that are made in the facilities de RISK GROUP INTERNATIONAL SAS, will be used for the safety of people, property and facilities of RISK GROUP INTERNATIONAL SASand may be used as evidence in any type of process. In the same way, the information on the owner's data necessary for the provision of services and/or activities, other than the functions of their position, such as playful or recreational and/or well-being activities, will be collected. Once the contractual relationship has ended, RISK GROUP INTERNATIONAL SAS will store the personal data that make up the employee's folder in a physical file with the necessary security measures to protect this information. The conservation of personal data once the employment relationship has ended is to comply with Colombian law and the orders of judicial and administrative authorities, issue certifications related to the relationship of the data owner with RISK GROUP INTERNATIONAL SAS y statistical or historical purposes.

4. IN THE RELATIONSHIP WITH SUPPLIERS/CONTRACTORS. RISK GROUP INTERNATIONAL SAS will collect from its suppliers/contractors the data that is necessary, pertinent and not excessive for the purpose of selection, evaluation and execution of the contract that may apply. The purposes for which the personal data of suppliers/contractors will be used will be to: 1. Evaluate their profile, competence and suitability to provide services related to the corporate purpose, 2. Sending invitations to hire, 2. Carry out all the activities and procedures in pre-contractual, contractual and post-contractual stages que RISK GROUP INTERNATIONAL SAS requires for the development of its corporate purpose or administrative operation. 3. The information related to the tax quality of the suppliers will be collected, in order to identify the applicable withholdings and discounts. In the event in which RISK GROUP INTERNATIONAL SAS deliver personal data of any Owner to its suppliers/contractors, they must protect the personal data provided, in accordance with the provisions of current regulations and this policy. The information of the suppliers/contractors will be kept only for the reasonable and necessary time to fulfill the purposes that justified the treatment, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical aspects of information. The data will be kept when it is necessary for the fulfillment of a legal or contractual obligation. Once the purpose of the treatment and the terms established above have been fulfilled, the data will be deleted. In the Treatment of sensitive personal data of suppliers/contractors, the provisions of Law 1581 and regulatory standards will be complied with, especially biometric data (photo, video surveillance, among others) whose purpose is to identify the person , monitoring of the contractual relationship and the security of the facilities.

5. IN RELATIONSHIP WITH CLIENT COMPANIES:RISK GROUP INTERNATIONAL SAS  will collect the contact details of the people linked to the client companies, in order to comply with the different contractual stages, send information on new products and services, carry out commercial and marketing activities, loyalty of the client, offers, promotions, discounts, among others and in general for activities directly related to the development of the corporate purpose de RISK GROUP INTERNATIONAL SAS. In case of processing of sensitive personal data, the provisions of Law 1581 of 2012 and regulatory standards will be complied with.

 

SAW. SECURITY MEASURES 

RISK GROUP INTERNATIONAL SAS has the necessary technical, human and administrative measures to grant security to the personal data of the holders.

VII. VIDEO SURVEILLANCE AND CALL RECORDING

RISK GROUP INTERNATIONAL SAS will inform through video surveillance notice that it has this security mechanism. The notice will indicate that the information collected will be used for the safety of people, property and facilities, which can be used as evidence in any type of process before any authority.  Likewise will inform the owners that the recording of calls is for the purpose of service quality, adequate attention to clients, candidates, and in general the owners who contact RISK GROUP INTERNATIONAL SAS by this means. The recordings can be used as evidence in any type of process before any authority, to monitor labor obligations within the organization and to clarify any inconsistencies with internal or external clients.

VIII. RIGHTS OF HOLDERS

The holders of personal data contained in databases that rest inRISK GROUP INTERNATIONAL SASThey will have the following rights:

  1. Know, update and rectify your personal data. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized;

  2. Request proof of authorization granted a RISK GROUP INTERNATIONAL SAS for the processing of personal data, except when expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of law 1581 of 2012;

  3. Be informed by de RISK GROUP INTERNATIONAL SAS, upon request regarding the use that you have given or are giving your personal data;

  4. Submit complaints to the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it; once you have exhausted the consultation or claim process before the Treatment Manager.

  5. Request information and make inquiries or claims following the guidelines established by law and this policy, aimed at obtaining information on the use of your personal data.

  6. Access the revocation of the authorization and/or request the deletion of the data when the Superintendence of Industry and Commerce has determined that in the Processing of personal data RISK GROUP INTERNATIONAL SAS has engaged in conduct contrary to the law and the Constitution

  7. Request the revocation of the authorization and request the deletion of the data, when there is no legal or contractual duty that imposes the duty to remain in the database or file of the Responsible or Processor.

  8. Free access to your personal data that have been processed. 

 

Exercise of the rights of the holders: The rights of the Holders may be exercised by the following persons:

  1. By the Owner, who must sufficiently prove their identity by the different means made available by the person in charge.

  2. By their successors in title, who must prove such quality.

  3. By the representative and/or attorney of the Holder, prior accreditation of the representation or empowerment.

  4. By stipulation in favor of another or for another.

The rights of children or adolescents shall be exercised by the persons empowered to represent them.

IX. AREA RESPONSIBLE FOR PERSONAL DATA PROTECTION

RISK GROUP INTERNATIONAL SAS has established the INNOVATION AND PROJECTS AREA as the area responsible for handling requests, queries and claims before which the holders can exercise their rights to know, update, rectify and delete the data and revoke the authorization.

Los datos de contacto son: Carrera 44A No. 38A Sur 40 Barrio Alacalá, del Municipio de Envigado, Colombia, con dirección electrónica:_cc781905- 5cde-3194-bb3b-136bad5cf58d_www.riskgroupinternational.com, emailinfo@riskgroup.com.co  and phone (+574) 448 5580 contact Juan Carlos Echeverri Garcés Cell phone (+57) 301 261 0345

X. PROCEDURES

The procedures through which the exercise of the rights of the holders is guaranteed, especially the consultation and claim in accordance with the provisions of Law 1581 of 2012 and regulatory norms, are described below.

Yo. RIGHT OF ACCESS: This right allows the owner or persons entitled to exercise their rights to access and know if their personal information is being processed, as well as the scope, conditions and generalities of said treatment.

RISK GROUP INTERNATIONAL SAS guarantees the exercise of this right prior accreditation of the identity of the owner or legitimized person,_cc781905-5cde-3194-bb3b-136bad5cf58d allowing free consultation of their data personal information at least once every calendar month and whenever there are substantial modifications to the Information Treatment Policies that lead to new queries. The procedure for this is described below. 

CONSULTATION: The Holders or persons entitled to exercise their rights may consult the personal information of the Holder that rests in the databases of RISK GROUP INTERNATIONAL SAS sending your request to the email: info@riskgroup.com.co.  The owner of the data and/or interested party must prove this condition by means of a copy of the pertinent document that they can provide in the same email. The application must include the following information:

  • Names and surnames

  • Document type.

  • Document number

  • Phone

  • Email

  • Country

  • Business

 

The query will be answered within a maximum term of ten (10) business days from the date of receipt thereof. In the event that it is not possible to attend to the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be addressed, which in no case may exceed five (5) business days. following the expiration of the first term.

ii. RIGHT TO UPDATE, RECTIFY, DELETE PERSONAL DATA AND REVOCATE AUTHORIZATION

CLAIM: This procedure is intended to allow the Owner or persons entitled to exercise their rights to file a claim in the event that they consider that the information contained in a database should be subject to of correction, updating, deletion, when they notice the alleged breach of any of the duties contained in the law or revocation of the authorization. To exercise these rights, the claim must be processed under the following rules:

Claim submission mode

  1. The claim will be made by sending your request to the email: info@riskgroup.com.co.

  2. The owner of the data and/or interested party must prove this condition by means of a copy of the relevant document and their identity document, which they can provide in the same email. In the event that the owner is represented by a third party, the respective power of attorney must be attached. The proxy must also prove their identity in the terms indicated.

  3. The communication must contain the description of the facts that give rise to the claim, accompanying the documents that you want to assert.

  4. Indicate the physical and/or electronic address for notifications. In case any of the indicated requirements are missing, RISK GROUP INTERNATIONAL SASwill proceed to inform the interested party within 5 days of receipt of the request so that they can be corrected. If after two (2) months without submitting the required information, it will be understood that the application has been withdrawn.

    In case RISK GROUP INTERNATIONAL SAS is not competent to resolve it, it will notify the appropriate person within a maximum term of two (2) business days and inform the interested party of the situation. 

 

Procedure once the claim is received. Once the complete claim is received, RISK GROUP INTERNATIONAL SAS will include in the database a legend that says "claim in process" and the reason for it, within a term of no more than two (2) business days. Said legend must be maintained until the claim is decided.

The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.

 

Rectification and Update of Data.RISK GROUP INTERNATIONAL SAS  has the obligation to rectify and update at the request of the owner, the information of the latter that turns out to be incomplete or inaccurate, in accordance with the procedure and the terms indicated above. In this regard, the holder must indicate in the request for rectification and updating the corrections to be made and provide the documentation that supports his request. 

Data Deletion. The holder has the right, at all times, to request a RISK GROUP INTERNATIONAL SAS the deletion of your personal data when:

  • Consider that in the treatment of the same, the principles, rights and constitutional and legal guarantees are not being respected. In this case, the deletion will proceed when the Superintendence of Industry and Commerce has determined that in the treatment by the RISK GROUP INTERNATIONAL SAS he has engaged in conduct contrary to law 1581 of 2012 or the Constitution;

  • There is no legal or contractual duty that imposes the duty to remain in the database or file.

  • They have ceased to be necessary or pertinent for the purpose for which they were collected.

  • The period necessary for the fulfillment of the purposes for which they were collected has been exceeded.

  • The request to delete the information will not proceed when the Owner has a legal or contractual duty to remain in the database 

 

Revocation of Authorization. The Holders may at any time request a RISK GROUP INTERNATIONAL SAS revoke the authorization granted for their Treatment, by filing a claim, in accordance with the provisions of this document and in accordance with article 15 of Law 1581 of 2012.

The revocation of the authorization will not proceed when the Owner has a legal or contractual duty to remain in the database.

iii. PROCEDURES REQUIREMENT: The Owner or assignee may only file a complaint with the Superintendence of Industry and Commerce once the consultation or claim process has been exhausted before RISK GROUP INTERNATIONAL SAS.

 

XI. MODIFICATIONS TO THE PROCESSING POLICY

In case there are substantial changes in the content of this treatment policy referring to the identification of the Responsible and the purpose of the Treatment of personal data, which may affect the content of the authorization, they will be communicated to the Holder efficiently before or at at the latest when implementing the new policies. In addition, you must obtain a new authorization from the Owner when the change refers to the purpose of the Treatment.

XII. EFFECTIVE DATE OF THIS POLICY AND VALID PERIOD OF THE DATABASE.

This policy is effective from the date of its publication. The validity of the databases will depend on the purposes of the treatment established in this policy, on the special rules that regulate the matter and will remain in force during the time in which RISK GROUP INTERNATIONAL SAS exercise the activities of its corporate purpose.

XIII.  PRIVACY NOTICE

In cases where it is not possible to make the information treatment policies available to the Holder,  RISK GROUP INTERNATIONAL SAS  will inform the owner through a privacy notice about the existence of such policies and how to access them. The privacy notice will be available on the web page www.riskgroupinternational.com

XIV. MECHANISMS BY WHICHRISK GROUP INTERNATIONAL SAS WILL INFORM YOU ABOUT ANY SUBSTANTIAL CHANGES TO THE POLICY FOR THE PROCESSING OF PERSONAL INFORMATION OR TO THE PRIVACY NOTICE.

 

RISK GROUP INTERNATIONAL SAS will inform you, before or at the latest when implementing any substantial change to the Personal Information Treatment Policy and/or the Privacy Notice, through the page _cc781905-5cde-3194- bb3b-136bad5cf58d_www.riskgroupinternational.com  in the link Personal Information Treatment Policy.

bottom of page