NIT: 890.985.250-0

Address: Carrera 42 No. 8 -00

Palermo Cultural

Phone: (57) 4 2625500

Email: info@filarmed.org

Web page: https://www.filarmed.org

 

1. LEGAL REGULATIONS AND SCOPE OF APPLICATION

In compliance with the provisions of the regulations in force in Colombia on the Protection and Processing of Personal Data, contained in Statutory Law 1581 of 2012, Regulatory Decree 1377 of 2013, Decree 886 of 2014, Circular No 002 of November 3, 2015 of the SIC, Articles 15 and 20 of the Political Constitution of Colombia and the other provisions that modify, add or complement them; The MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION has established the policies and procedures for the collection, handling and processing of personal data managed by its staff, in development of the corporate purpose of the corporation, the employment contracts signed with its workers, the maintenance of commercial links and the fulfillment of orders. of judicial and/or administrative authorities.

This Policy applies to the information of natural and legal persons; employees, clients, suppliers, contractors, commercial agents and people in the selection process, that the corporation has in its databases, physical or digital, for the development of its activities and that are subject to processing by it. The MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION, only collects personal data when it has been previously authorized by its owner, implementing clear measures on confidentiality and privacy for this purpose.

It does not apply to databases with personal information that will not be rotated or circulated, transferred or published. Nor for data related to the civil registry of people, nor for public content databases, such as those recorded by chambers of commerce.

2. DEFINITIONS

For the purposes of the execution of this policy and in accordance with legal regulations, the following definitions will be applicable:

  • Personal information: any information found in a database, linked to one or more specific or determinable persons or that can be associated with a natural or legal person.
  • Database: organized set of personal data that is subject to processing.
  • Headline: Natural person whose personal data is subject to processing, as well as legal entities when the data of the natural persons that comprise them are involved.
  • Treatment: Any operation on personal data, such as collection, storage, use, circulation or deletion.
  • Responsible for Treatment: Natural or legal person, public or private, who, by themselves or in association with others, decides on the database and/or processing of the data.
  • Treatment Manager: Natural or legal person, public or private, who, by themselves or in association with others, processes personal data on behalf of the person responsible for the treatment.
  • Authorization: Prior, express and informed consent of the Owner to carry out the processing of personal data.
  • Notice of Privacy: Verbal or written communication generated by the person responsible for the treatment, addressed to the owner, through which he or she is informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the treatment that will be applied. intends to give personal data.
  • Public Data: It is the data that is not semi-private, private or sensitive. Public data are considered, among others, data relating to the marital status of people, their profession or trade, and their status as a merchant or public servant. Due to its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed judicial rulings that are not subject to confidentiality.
  • Sensitive Data: Sensitive data is understood to be data that affects the privacy of the owner or whose improper use may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, of human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
  • Habeas Data: Right of any person to know, update and rectify the information that has been collected about them in the data bank and in files of public and private entities.
  • Data transfer: It takes place when the person responsible and/or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is located inside or outside the country.
  • Data transmission: It involves the communication of personal data within or outside the territory of the Republic of Colombia when its purpose is to carry out processing by the person in charge on behalf of the person responsible.
  • The National Registry of Databases (RNBD): It is the public directory of databases subject to processing that operate in the country and will be administered by the Superintendence of Industry and Commerce and will be freely available to citizens.

 

3. PURPOSE

In the development of its corporate purpose, the employment contracts signed with its workers, the maintenance of commercial ties and compliance with orders from judicial and/or administrative authorities, La MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION may process personal data to:

  • Report on events of interest to the owner.
  • Comply with obligations contracted with the owner.
  • Report changes to events or services.
  • Evaluate the quality of events or services.
  • Develop marketing or promotional activities.
  • Send to physical, email, cell phone or mobile device, via text messages (SMS and/or MMS) commercial, advertising or promotional information about products, events and/or commercial promotions, in order to promote, invite, direct, execute, inform and, in general, carry out campaigns, promotions or contests of a commercial or advertising nature.
  • Sharing, including the transfer and transmission of personal data to third parties for purposes related to the operation of the MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION, including personnel selection.
  • Carry out internal studies on compliance with commercial relations and market studies at all levels.
  • Respond to legal requirements from administrative and judicial entities.

 

4. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

  • Purpose: Personnel authorized by the corporation will collect only personal data that is relevant and appropriate, all for a purpose; which must inform the owner, as well as the specific use that will be given to them.
  • Freedom: Personal data may not be collected or disclosed without prior authorization or consent expressly by the owner, or in the absence of a legal or judicial mandate that requires consent.
  • Veracity: The processing of partial, incomplete, fragmented or misleading data is prohibited; Therefore, truthful, complete, accurate, updated, verifiable and understandable data must be collected.
  • Transparency: The corporation must guarantee the owner the right to obtain information about the existence of personal data that concerns him, through the Controller or the person in charge of processing personal data.
  • Restricted access and circulation: The processing of personal data is subject to the limits derived from the nature of the data, the provisions of the law and the constitution, and can only be done by persons authorized by the owner and/or by the persons provided for in the law. . Personal data, except those that are public, will not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide knowledge restricted only to the owners or third parties authorized in accordance with the law.
  • Security: The information subject to processing must be handled with the technical, human and administrative measures that are necessary to guarantee the security of the data; avoiding its loss, adulteration, unauthorized or fraudulent consultation or use.
  • Confidentiality: All persons involved in the processing of personal data are obliged to guarantee the confidentiality of the information, even after the completion of the work or contract in which they must handle it. They may provide or communicate personal data only in the development of activities authorized by law.

 

5. RIGHTS AND DUTIES

The owner of the personal data will have the following rights:

  • Know, update and rectify your personal data against the MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION in its capacity as data controller. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or data whose processing is expressly prohibited or has not been authorized.
  • Request proof of the authorization granted to the MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION except when it is expressly excepted as a requirement for treatment (events in which authorization is not necessary, section 5.1.1).
  • Be informed by MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION, upon request, regarding the use you have given to your personal data.
  • Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it.
  • Revoke the authorization and/or request the deletion of the data when the processing does not respect the constitutional and legal principles, rights and guarantees.
  • Free access to your personal data that has been processed

 

The MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION will have the following duties:

  • Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.
  • Request and keep a copy of the respective authorization granted by the owner.
  • Duly inform the owner about the purpose of the collection and the rights granted to him by virtue of the authorization granted.
  • Maintain the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Guarantee that the information is true, complete, accurate, up-to-date, verifiable and understandable.
  • Update the information, thus addressing all the news regarding the owner's data. Additionally, all necessary measures must be implemented so that the information is kept up to date.
  • Rectify information when it is incorrect and communicate what is pertinent.
  • Respect the security and privacy conditions of the owner's information.
  • Process queries and claims made in the terms established by law.
  • Identify when certain information is under discussion by the owner.
  • Inform at the request of the owner about the use given to their data.
  • Inform the data protection authority when violations of security codes occur and there are risks in the administration of the owners' information.
  • Comply with the requirements and instructions issued by the Superintendence of Industry and Commerce on the particular topic.
  • Only use data whose processing is previously authorized in accordance with the provisions of Law 1581 of 2012.
  • THE MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION will use the personal data of the owner only for those purposes for which it is duly authorized and respecting in all cases the current regulations on the protection of personal data.

 

6. AUTHORIZATION AND CONSENT OF THE DATA OWNER

At the time of collecting personal data, the MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION will request authorization from the Owner to process their personal data, indicating the purpose for which the corporation requires authorization and the time to use it. The authorization will be obtained by automated technical means, by written or oral means (recorded) in a way that allows accessible proof of the same and/or of the unequivocal conduct described in article 7 of Decree 1377 of 2013 that allows it to be concluded in a reasonable manner. that authorization was granted by the Owner. In personnel selection processes, simply sending your resume is an unequivocal conduct that allows us to conclude that the Owner grants us authorization to process their personal data. In the event that this information must be transmitted to third parties or comes from third parties, as in the case of the EST (temporary services company), both the MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION as the EST must obtain authorization for said transmission and/or for any other purpose other than participating in the selection process.

In any case, said authorization may be revoked by the Owner, except when there is an employment or contractual relationship with the Owner.

 

7. DATA COLLECTED BEFORE THE ISSUANCE OF DECREE 1377

For Holders who provided their personal data before the validity of Law 1581 of 2013, and for those who, for reasons of age in the databases, geographical distance, inaccuracy or outdatedness of their data, and inactivity or termination of commercial relationships and/or contractual with the CORPORACIÓN ORQUESTA FILARMÓNICA DE MEDELLÍN, and therefore the corporation cannot obtain said authorization, it will make use of the alternative mechanisms determined by decree 1377 in article 10 numeral 3, to publicize this policy and the way to exercise their rights as owners of personal data housed in the corporation's databases.

8. PRIVACY NOTICE

The CORPORACIÓN ORQUESTA FILARMÓNICA DE MEDELLÍN will publish the privacy notice in which it informs the Owners that they can exercise their right to the processing of personal data through the page http://www.filarmed.com and the email.tratamientodedatos@ filarmed.com.

9. TEMPORARY LIMITATIONS ON THE PROCESSING OF PERSONAL DATA

The MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION may only collect, store, use or circulate personal data for as long as is reasonable and necessary, in accordance with the purposes that justified the processing, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical information. Once the purpose(s) of the processing have been fulfilled and without prejudice to legal regulations that provide otherwise, the personal data in its possession will be deleted. Notwithstanding the above, personal data must be preserved when required to comply with a legal or contractual obligation.

10. PROCEDURE FOR ATTENDING QUERIES, CLAIMS AND PETITIONS.

The MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION has designated Juan Carlos García Posada as those responsible for the management of personal data and compliance with this policy, who will carry out the processing of the personal data of the Owners and guarantee the security of the information. We will be attentive to resolve requests, queries and claims by the Owners through email; and to carry out any update, rectification and deletion of personal data.

  • Queries: The Owners may consult the personal information that is subject to processing by The MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION, as well as the conditions, generalities and the purpose for which said treatment is being carried out. To do this, the Holders will make the request through the aforementioned email, the corporation will respond within a maximum period of ten (10) business days from the date of receipt of the request. When it is not possible to attend to the request within said term, the Owner will be informed of the reason for the delay and a date will be indicated on which the request will be attended to, a period that in no case may exceed five (5) business days following the expiration. of the first term.
  • Claims: The Owner who considers that the information contained in a database should be corrected, updated or deleted, or when he notices the alleged breach of any of the duties contained in the law or this procedure, may file a claim with the MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION, which will be processed like this:
  • The Owner formulates the request addressed to The MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION through the mail, with your identification number, the description of the facts or personal data that give rise to the claim, your address or any other means to receive a response, and the documents that support the claim. When the request is made by a person other than the Owner and it is not proven that the request is acting on behalf of the Owner, it will be considered not submitted.
  • If the claim is incomplete, the Owner will be required within five (5) days of receipt of the claim to correct the deficiencies. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that the claim has been abandoned.
  • In the event that the person receiving the claim is not competent to resolve it, he or she will forward it to the appropriate person within a maximum period of two (2) business days and will inform the interested party of the situation.
  • Once the complete claim is received, a legend that says “claim in process” and the reason for it will be included in the database within a period of no more than two (2) business days. Said legend must be maintained until the claim is decided.
  • The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
  • Rectification and update: When the claims are aimed at rectification or updating, the Owner must indicate the corrections to be made and provide the documentation that supports their request.
  • Suppression: The deletion of personal data is carried out by removing all or part of the personal information as requested by the Owner, via email. Notwithstanding which, the MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION may refuse it when the Owner has a legal or contractual duty to remain in the database.
  • Revocation of authorization: The owners of the personal data may revoke the authorization granted at any time, except for the above in those events in which a legal or contractual provision prevents it. In any case, the Owner must indicate in his request whether it is a total or partial revocation, the latter when he only wants to eliminate one of the purposes for which the treatment was authorized, a scenario in which the Owner must indicate the purpose that you want to delete via mail.

 

If the respective legal term has expired, the MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION, as the case may be, have not deleted the personal data, the Owner will have the right to request the Superintendency of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal data. For these purposes, the procedure described in article 22 of Law 1581 of 2012 will be applied.

11. INFORMATION SECURITY

The MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION will adopt the necessary technical, human and administrative measures to guarantee the security of the personal data being processed, thus avoiding its adulteration, loss, unauthorized or fraudulent consultation, use or access. The personnel who process personal data will apply this policy and execute the established procedures in order to guarantee the security of the information.

Only by order of a competent authority, personal data of employees may be used, transmitted or transferred, after evaluating the competence and effectiveness of the order of the competent authority, in order to prevent unauthorized transfer of personal data. When the MEDELLÍN PHILARMONIC ORCHESTRA CORPORATION hire selection processes of personnel with third parties, the information received in transfer will be stored with high levels and security measures, given the potential that such information contains sensitive data. Once the employment relationship has ended, whatever the cause, the personal data of the retired employee will be stored in a central file, subjecting such information to high security measures and levels, given the possibility that the employment information may contain sensitive data. Unless prior written authorization is provided by the Owner of the personal data, it is prohibited to transmit or transfer said information.

12. INTERNATIONAL TRANSFER AND TRANSMISSION OF DATA TO THIRD COUNTRIES

In accordance with article 26 of Law 1581 of 2012, the transfer of personal data of any type to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendence of Industry and Commerce on the matter, which in no case may be lower than those required by Law 1581 of 2012.

This prohibition will not apply when it comes to:

  • Information regarding which the Owner has granted express and unequivocal authorization for the transfer
  • Exchange of medical data, when required by the Treatment of the Owner for reasons of health or public hygiene
  • Bank or stock transfers, in accordance with the applicable legislation
  • Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity
  • Transfers necessary for the execution of a contract between the Owner and the Data Controller, or for the execution of pre-contractual measures as long as the Owner's authorization is available.
  • Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial process.

 

13. EFFECTIVE DATE

This Personal Data Processing Policy was created on June 27, 2017 and comes into force as of July 1, 2017. Any change that occurs with respect to this policy will be reported through the electronic address : https://www.filarmed.org