This privacy notice applies to Services/Applications/Platforms provided by Aranda Enterprise Mobility Management:
In compliance with the General Habeas Data Regime, governed by Law 1581 of 2012 and its implementing decrees; the company ARANDA SOFTWARE ANDINA SAS, identified by Tax ID No. 830.099.766-1 and email address https://arandasoft.com/ , as a company that stores and collects personal data, and in its capacity as the DATA CONTROLLER, must inform you of the following:
Personal data requested while browsing the website https://arandasoft.com/ will be processed in accordance with the purposes related to the Company’s corporate purpose, and specifically to respond to inquiries submitted through this channel; and to send information deemed of interest via email newsletters. The personal and contact information requested will be stored in the Company’s database for as long as a contractual or legal relationship with the data subject exists, and in any case for a maximum period of 20 years after such relationship with the data subject has ended, for the sole purpose of complying with the obligationlegalto retain records, respond to requests from authorities, and/or for statistical purposes.
As the data subject, you have the right to access, update, and correct your personal data; request the revocation of consent and/or request the deletion of your data if the processing does not comply with constitutional and legal principles, rights, and safeguards; and access your personal data being processed free of charge.
If you wish to submit inquiries, complaints, or claims, please send your request to the following email address protecciondedatos@arandasoft.com or in person at the following address: Diagonal 97 No. 17-60, IFX Network Building, Office 702, Bogotá, D.C.
Privacy Policy for Services/Applications/Platforms provided by Aranda Enterprise Mobility Management:
In compliance with the provisions of Statutory Law 1581 of 2012 and its implementing regulations, the company establishes the general and specific policies applicable to the processing and protection of personal data within the organization.
ARANDA SOFTWARE ANDINA S.A.S., a commercial entity with Tax Identification Number (NIT) 830.099.766-1, is a Colombian company whose corporate purpose is to provide services related to the development, production, and marketing of software projects
- PHYSICAL ADDRESS: Diagonal 97 #17–60, Suite 702, Bogotá, D.C.
- WEBSITE: www.arandasoft.com
- PHONE: +57 (1) 7563000
- EMAIL: protecciondedatos@arandasoft.com
● Habeas Data: The right of every person to access, update, and correct information collected about them in public or private records and databases.
● Personal data: Any information that relates to or can be linked to one or more identified or identifiable individuals.
● Database: An organized collection of personal data that is subject to processing.
● Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, disclosure, or deletion.
● Authorization: The data subject’s prior, explicit, and informed consent to the processing of personal data.
● Privacy Notice: This is a document—whether in physical, electronic, or any other format, known or yet to be developed—that is made available to the Data Subject to inform them about the processing of their personal data.
● Data subject: An individual whose personal data is being processed.
● Successor: A person who acquires the rights of another person through inheritance or transfer.
● Data Controller: A natural or legal person, whether public or private, who, acting alone or jointly with others, determines the purposes and means of the processing of personal data.
● Data Processor: A natural or legal person, whether public or private, who, acting alone or jointly with others, processes personal data on behalf of the Data Controller.
The following guiding principles shall apply with regard to the protection of personal data:
a) Principle of legality in data processing: The processing referred to in the Habeas Data Act is a regulated activity that must comply with the provisions of that Act and any other regulations implementing it
b) Principle of purpose: The processing must serve a legitimate purpose in accordance with the Constitution and the law, and the data subject must be informed of this purpose.
c) Principle of freedom: Data processing may only be carried out with the prior, express, and informed consent of the data subject. Personal data may not be collected or disclosed without prior authorization, or in the absence of a legal or judicial order that waives the requirement for consent.
d) Principle of accuracy or quality: The information subject to processing must be accurate, complete, precise, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.
e) Principle of transparency: During processing, the data subject’s right to obtain, at any time and without restriction, information from the controller or processor regarding the existence of data concerning him or her must be guaranteed.
f) Principle of restricted access and circulation: The processing of personal data is subject to the limitations arising from the nature of the data, as well as from the provisions of the law and the Constitution. Accordingly, such processing may only be carried out by persons authorized by the Data Subject and/or by the persons specified by law.
Personal data, with the exception of public information, may not be made available on the Internet or through other means of mass dissemination or communication, unless access can be technically controlled to ensure that such information is accessible only to the data subjects or third parties authorized by law.
(g) Security Principle: Information subject to processing by the data controller or data processor referred to in the Habeas Data Act must be handled using the technical, human, and administrative measures necessary to ensure the security of the records, preventing their alteration, loss, unauthorized or fraudulent consultation, use, or access.
(h) Principle of Confidentiality: All persons involved in the processing of personal data that is not of a public nature are required to ensure the confidentiality of such information, even after their involvement in any of the processing activities has ended; they may disclose or communicate personal data only when such disclosure is necessary for the performance of activities authorized by law and in accordance with the terms thereof.
Data subjects shall have the following rights, as well as any others granted to them by law:
a) To access, update, and correct your personal data by contacting the data controller or data processors. This right may be exercised, among other things, in cases where data is incomplete, inaccurate, fragmented, misleading, or where its processing is expressly prohibited or has not been authorized;
(b) Request proof of the authorization granted to the data controller, unless such authorization is expressly exempted as a requirement for processing, in accordance with the provisions of Article 10 of the Act;
c) To be informed by the data controller or data processor, upon request, regarding the use that has been made of their personal data;
d) File complaints with the Superintendency of Industry and Commerce regarding violations of the provisions of the law and any other regulations that amend, supplement, or expand upon it;
e) Revoke consent and/or request the deletion of data when the processing fails to comply with constitutional and legal principles, rights, and safeguards. Such revocation and/or deletion shall be granted when the Superintendency of Industry and Commerce has determined that, in the course of processing, the Data Controller or Data Processor has engaged in conduct contrary to the law and the Constitution;
f) To access, free of charge, your personal data that has been processed.
Without prejudice to the exceptions provided for in Statutory Law 1581 of 2012, as a general rule, when processing personal data, ARANDA SOFTWARE ANDINA S.A.S. will obtain the data subject’s prior and informed consent, which may be obtained by any means that can be verified at a later date.
7.1 Events for which authorization is not required
The data subject's consent will not be required in the following cases:
(a) Information requested by a public or administrative entity in the exercise of its legal functions or pursuant to a court order;
b) Publicly available data;
c) Medical or health emergencies;
(d) Processing of information authorized by law for historical, statistical, or scientific purposes;
e) Data related to the Civil Registry of Persons.
ARANDA SOFTWARE ANDINA S.A.S., as the data controller, will fulfill the following obligations:
(a) To ensure that the Data Subject may, at all times, fully and effectively exercise the right to access personal data.
(b) Request and retain, in accordance with the conditions set forth by law, a copy of the relevant authorization granted by the Data Subject.
(c) Properly inform the data subject of the purpose of the collection and the rights to which they are entitled by virtue of the authorization granted.
(d) Store the information under the necessary security conditions to prevent its alteration, loss, unauthorized or fraudulent access, use, or disclosure.
e) Ensure that the information provided to the data processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.
(f) Update the information by promptly notifying the Data Processor of any changes to the data previously provided to them and take any other necessary measures to ensure that the information provided to the Data Processor remains up to date.
g) Correct any inaccurate information and notify the data controller accordingly.
(h) Provide the data processor, as applicable, only with data whose processing has been previously authorized in accordance with the provisions of this law.
(i) Require the Data Processor to comply at all times with the security and privacy requirements regarding the Data Subject’s information.
(j) Process inquiries and complaints submitted in accordance with the provisions of Statutory Law No. 1581 of 2012.
(k) Adopt an internal manual of policies and procedures to ensure proper compliance with the law and, in particular, to address inquiries and complaints.
(l) Notify the Data Controller when certain information is being disputed by the Data Subject, once the complaint has been filed and the relevant proceedings have not yet been concluded.
m) Provide information, upon the data subject’s request, regarding the use of their data
(n) Notify the data protection authority in the event of security breaches and when there are risks associated with the management of data subjects' information.
(o) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
9.1 Processing of Employees' Personal Data
ARANDA SOFTWARE ANDINA S.A.S. collects personal data from its employees, which the company classifies as confidential; such data will only be disclosed by the company with the data subject’s express authorization or when requested by a competent authority.
The purposes for which the company’s employees’ personal data will be used are as follows:
(a) Comply with the obligations imposed on employers by Colombian labor law, or with orders issued by the competent Colombian or foreign authorities.
b) Issue certificates regarding the data subject’s relationship with the Company.
c) Comply with the obligations imposed on the company as an employer regarding occupational safety and health regulations and the Occupational Safety and Health Management System (SG-SST).
d) Manage the duties performed by employees.
e) Carry out the various stages of the Company’s disciplinary processes and review memos, warnings, or any other type of disciplinary action imposed on employees.
f) Contact family members in case of an emergency.
g) Manage and monitor payroll
h) Monitor employees' work schedules and overtime hours.
(i) Keep track of employees' sick leave, absences, leave of absence, and vacation time.
j) Keep a record of the training provided to employees
k) Store your personal data, including biometric data, on its website as a record of the activities carried out.
l) Comply with the biosafety protocols applicable to the Company in accordance with the guidelines issued by the national government.
m) Monitor, track, and evaluate employees.
(n) Take the necessary photographs and images for employee identification, compliance monitoring, and the collection of evidence regarding the services provided.
(o) In addition, employees' biometric data is used for commercial purposes related to the Company's corporate purpose.
(p) Disclose employee information to third parties with whom the Company has a contractual relationship, including partners, consortia, and clients, to the extent necessary to comply with such third parties’ protocols, solely for the purpose of enabling them to manage and coordinate the personnel who actually provide the services arising from the professional relationship, as well as to facilitate compliance with legal obligations regarding tax and social security matters.
q) Provide employee identification information to travel agencies, transportation companies, hotels, and other entities for the purpose of managing reservations and settling related expenses.
(r) Carry out international data transfers or transmissions to countries that provide a level of protection similar to that of Colombia.
(s) disclosure of information to third parties responsible for evaluation, training, certification, and other processes required for the performance of the contractual relationship.
t) Verify, compare, and evaluate employees' professional and personal skills.
(u) Submission of information to compensation funds, pension fund administrators (AFPs), occupational risk insurance companies (ARLs), insurance companies, and others.
v) Initiate internal investigations based on complaints filed by current and former employees, third parties, or the employees themselves.
w) Handling complaints against employees regarding workplace harassment or violations of codes of conduct.
ARANDA SOFTWARE ANDINA S.A.S. stores its employees' personal data—including data collected during the hiring process—and keeps it in a folder labeled with each employee's name.
Only the Human Resources Department and the Administrative Department will have access to this file and will handle it for the purpose of managing the contractual relationship between ARANDA SOFTWARE ANDINA S.A.S. and the employee.
ARANDA SOFTWARE ANDINA S.A.S. processes sensitive personal data of its employees, such as information regarding their minor children, for the sole purpose of registering them as beneficiaries of the social security and parafiscal systems. For the purposes of this processing, the company obtains the necessary authorization, which is always explicit and voluntary, clearly indicating the sensitive personal data being processed and the purpose of such processing.
In addition, it will employ robust security measures to manage and safeguard such sensitive data, on the understanding that such sensitive data will be used solely by ARANDA SOFTWARE ANDINA S.A.S. for the aforementioned purposes.
Once the employment relationship has ended, ARANDA SOFTWARE ANDINA S.A.S. will store all personal data obtained during the selection process and all documentation generated during the course of the employment relationship in a central archive with restricted access, ensuring that the information is subject to appropriate security measures and standards at all times, given that employment-related information may contain sensitive data.
In any case, the information will not be processed for a period exceeding twenty (20) years from the termination of the employment relationship, or as required by legal or contractual circumstances that necessitate the handling of the information.
Finally, in accordance with the provisions of External Circular 008 of 2020 issued by the Superintendency of Industry and Commerce, the data collected to comply with biosafety protocols will be used solely for the purposes specified by the Ministry of Health and Social Protection, and will be stored only for as long as is reasonable and necessary to comply with those protocols. Once the purpose of the processing of personal data has been fulfilled, the Company will automatically delete the collected data.
9.2 Processing of Trainees' Personal Data:
ARANDA SOFTWARE ANDINA S.A.S. collects the personal data of its trainees and stores it in a database that the company classifies as confidential; such data will only be disclosed with the data subject’s express authorization or when requested by a competent authority.
The purposes for which the personal data of ARANDA SOFTWARE ANDINA S.A.S. trainees is used are as follows:
a) Comply with the obligations imposed on employers by Colombian labor law, particularly the provisions of Law 789 of 2002 and its implementing regulations.
b) Issue certificates regarding the data subject’s relationship with the company.
c) Verify any requirements that arise during the apprentice onboarding process.
d) Comply with the obligations imposed on the company as an employer regarding occupational safety and health regulations and the Occupational Safety and Health Management System (SG-SST).
e) Oversee the tasks performed by the apprentices.
f) Monitor the progress of trainees during both the classroom and practical training phases.
g) Contact family members in case of an emergency.
In any case, the information will not be processed for a period longer than the duration of the applicant’s relationship with the company, which in no case may exceed two (2) years, plus any additional time required in accordance with legal or contractual circumstances that necessitate the handling of the information.
9.3 Processing of customers' personal data:
ARANDA SOFTWARE ANDINA S.A.S. collects its customers' personal data and stores it in a database that the Company classifies as confidential; such data will only be disclosed with the data subject's express authorization or when requested by a competent authority.
The purposes for which the personal data of ARANDA SOFTWARE ANDINA S.A.S. customers is used are as follows:
(a) Process for monitoring and recording obligations to customers.
b) Compliance with tax and legal requirements vis-à-vis public and regulatory agencies.
c) Compliance with contractual obligations, for which purpose the information may be transferred to third parties, such as financial institutions, business partners, notaries, attorneys, etc.
d) Compliance with court orders and administrative, legal, tax, and regulatory provisions.
e) Disclosure of information and personal data during audits.
f) Administrative management for the implementation of the pre-contractual, contractual, and post-contractual phases.
g) Creating a customer account on the Company's platforms or software
(h) Ensure the provision of services related to the development, production, and marketing of software projects.
(i) Ensure that their rights under Law 1581 of 2012 are upheld.
j) Conduct business development and marketing activities.
k) Evaluate customer service and conduct satisfaction surveys.
(l) Share information with third-party partners who collaborate with the company, provided that they need access to such information to the extent necessary to fulfill their obligations; these partners shall also be subject to the same obligations regarding confidentiality, information handling, and personal data protection to which this company is subject.
m) Process requests, complaints, or claims submitted directly by the customer through our customer service channels.
n) Contact the customer via physical and electronic means—such as email, SMS, or chat—to send information of interest or related to the contractual relationship, invite them to training sessions, or inform them about our portfolio of services.
(o) Maintain business contact with the Company, even after the contractual relationship has ended.
p) Consult the Clinton and UN precedents as examples of good business practice or legal obligations, with a view to preventing money laundering and terrorist financing.
q) INCLUDE ANY OTHERS YOU CONSIDER NECESSARY
In any case, the information will not be processed for a period longer than the duration of the contractual relationship between the customer and the Company, plus any additional time required in accordance with legal or contractual circumstances that necessitate the handling of the information.
9.3 Processing of Personal Data of Suppliers and Contractors
ARANDA SOFTWARE ANDINA S.A.S. collects personal data from its suppliers and contractors and stores it in a database which, although it consists mostly of public data, is classified by the company as confidential; in the case of private data, the company will only disclose it with the express authorization of the data subject or when requested by a competent authority.
The purposes for which the personal data of ARANDA SOFTWARE ANDINA S.A.S.'s suppliers and contractors are used are as follows:
a) Process invoices submitted by suppliers or contractors.
b) Keep track of the contributions made to the social security system by contractors
c) Conduct evaluations and select potential suppliers.
d) Compliance with tax and legal requirements regarding public and regulatory agencies
e) Verification and payment for goods and services received.
f) Qualitative and quantitative assessments of the service levels provided by suppliers.
(g) Process for monitoring and recording obligations to suppliers and contractors.
h) Issuing invitations to bid and handling the pre-contractual, contractual, and post-contractual phases.
(i) Any other conditions specifically set forth in the authorizations granted by the providers themselves.
ARANDA SOFTWARE ANDINA S.A.S. will collect from its suppliers and contractors only the data that is necessary, relevant, and not excessive for the purposes of selection, evaluation, and performance of the applicable contract. The collection of personal data of suppliers’ employees by ARANDA SOFTWARE ANDINA S.A.S. will, in all cases, be for the purpose of verifying the suitability and competence of the employees; that is, once this requirement has been verified, ARANDA SOFTWARE ANDINA S.A.S. will return such information to the Supplier, unless its retention is expressly authorized.
In any case, the information will not be processed for a period longer than the duration of the Supplier’s and contractors’ relationship with the company, plus any additional time required in accordance with legal or contractual circumstances that necessitate the handling of the information.
9.4 Processing of Shareholders' Personal Data
ARANDA SOFTWARE ANDINA S.A.S. collects the personal data of its shareholders and stores it in a database that the company classifies as confidential; the company will only disclose such data with the express authorization of the data subject or when requested by a competent authority.
The purposes for which shareholders' personal data will be used are as follows:
(a) To enable the exercise of the rights and duties arising from the status of shareholder
b) Allow the sending of invitations to events organized by the company
(c) Issue certificates regarding the Account Holder’s relationship with the company.
d) Comply with the provisions and regulations set forth in the Commercial Code and other applicable regulations.
e) To summon or invite him to the various corporate meetings he is required to attend in his capacity as a shareholder.
In any case, the information will not be processed for a period longer than the company’s existence, plus any additional time required by legal or contractual circumstances that necessitate the handling of the information.
9.5 Processing of Visitors’ Personal Data at the Entry Checkpoint:
ARANDA SOFTWARE ANDINA S.A.S. collects personal data from its visitors through forms and surveys that may include sensitive personal data, such as the temperature or health status of third parties, in compliance with the Company’s biosafety protocols. This information is stored in a database classified by the entity as confidential and will only be disclosed by the Company with the express authorization of the data subject or when requested by a Competent Authority.
The purposes for which the personal data of individuals entering the facilities of ARANDA SOFTWARE ANDINA S.A.S. will be used are as follows:
a) Ensure that only individuals with valid access authorization are permitted to enter the Company’s facilities and deny entry to those without such authorization.
b) Ensure security in monitored areas.
c) Ensure that work environments are suitable for the safe performance of activities within the Company.
d) Comply with the obligations set forth in the Occupational Safety and Health Management System.
e) Comply with the biosafety protocols implemented by the Company.
In any case, the information will not be processed for a period exceeding one (1) year from the date of collection, in accordance with the legal or contractual circumstances that necessitate the handling of the information.
In accordance with the provisions of External Circular 008 of 2020 issued by the Superintendency of Industry and Commerce, the data collected to comply with biosafety protocols will be used solely for the purposes specified by the Ministry of Health and Social Protection, and will be stored only for as long as is reasonable and necessary to comply with those protocols. Once the purpose of the processing of personal data has been fulfilled, the Company will automatically delete the collected data.
9.6 Processing of Personal Data on the Website
ARANDA SOFTWARE ANDINA S.A.S. collects personal data from interested third parties through its website and stores it in a database that the company classifies as confidential; such data will only be disclosed with the data subject’s express authorization or when requested by a competent authority.
The purposes for which the personal data contained on the ARANDA SOFTWARE ANDINA S.A.S. website is used are as follows:
a) Enable communication with customers or third parties through the "Contact Us" section.
b) Post events or news of interest.
c) Receive and process complaints and claims from third parties.
d) Legal, accounting, administrative, commercial, promotional, informational, marketing, and sales purposes.
e) Conduct promotional, marketing, and advertising campaigns
f) Promote the company's portfolio of services.
In any case, the information will not be processed for a period longer than that agreed upon with the third party or user through a contract or authorization to use their personal data, starting from the date of collection, in accordance with the legal or contractual circumstances that necessitate the handling of the information.
9.7 Processing of Personal Data from Video Surveillance Records
ARANDA SOFTWARE ANDINA S.A.S. collects biometric data from its employees and visitors through its surveillance cameras and stores it in a database that the company classifies as a reserve database; such data will only be disclosed with the express authorization of the data subject or when requested by a competent authority.
The purposes for which the personal data captured by ARANDA SOFTWARE ANDINA S.A.S.'s surveillance cameras will be used are as follows:
a) Ensure safety in the workplace.
b) Ensure that work environments are suitable for the safe performance of the company’s work activities.
c) Monitor the entry, presence, and exit of employees and contractors on company premises.
To fulfill its duty to provide information as a personal data controller, ARANDA SOFTWARE ANDINA S.A.S. will post privacy notices in areas where images are captured that involve the processing of personal data.
In any case, the information will not be processed for a period exceeding 30 days from the date of collection, in accordance with the legal or contractual circumstances that necessitate the handling of the information.
9.8 Processing of Personal Data by Control Biométrico
ARANDA SOFTWARE ANDINA S.A.S. collects biometric data from its employees and stores it in a database that the company classifies as confidential; such data will only be disclosed with the data subject’s express authorization or upon request by a competent authority.
The purposes for which the personal data captured by ARANDA SOFTWARE ANDINA S.A.S.'s surveillance cameras will be used are as follows:
a) Ensure safety in the workplace.
b) Allow access only to authorized personnel.
c) Monitor the entry, presence, and exit of employees at the company's facilities.
In any case, the information will not be processed for a period longer than the duration of the employment relationship with the employee.
9.9 Processing of Personal Data of Prospective Customers:
ARANDA SOFTWARE ANDINA S.A.S. maintains a database of prospective clients, whose information has been collected by the Company with the express authorization of the data subject through events or through the completion of quote requests by the data subjects themselves. ARANDA SOFTWARE ANDINA S.A.S. stores this information in a database that the company classifies as confidential, and it will only be disclosed with the data subject’s express authorization or when requested by a Competent Authority.
The purposes for which the personal data of ARANDA SOFTWARE ANDINA S.A.S. prospective customers is used are as follows:
a) Sending invitations to events organized by the company.
b) Send information about projects offered by the company to interested individuals.
c) Verify compliance with the requirements established by the Company for participation in a project, agreement, or contract.
d) Conduct business development activities and marketing campaigns.
e) Process inquiries, complaints, or claims submitted by data subjects.
f) To prepare management reports and internal statistics.
g) Ensure the exercise of your right to data access (inquiries, complaints, and requests regarding the updating, correction, deletion, or removal of data).
In any case, the information will not be processed for a period longer than that agreed upon with the prospective customer through an authorization to use their personal data, effective from the date of collection, in accordance with the legal or contractual circumstances that necessitate the handling of the information.
9.10 Processing of personal data of candidates or applicants in recruitment processes:
ARANDA SOFTWARE ANDINA S.A.S. collects the personal data of candidates participating in the selection processes conducted by the Company and stores it in a database classified as confidential; such data will only be disclosed with the express authorization of the data subject or upon request by a competent authority.
The purposes for which the personal data of applicants in the recruitment processes conducted by ARANDA SOFTWARE ANDINA S.A.S. will be used are as follows:
(a) Carrying out internal and external administrative tasks to ensure the transparent conduct of the personnel selection process.
b) Sending of scheduled communications from the Company to conduct various selection tests.
c) Verify any requests that arise during the selection process.
d) Verification of the applicant’s employment, academic, and personal references.
e) Expedite the overall onboarding process for the selected staff.
f) Conduct safety assessments and home visits.
All personal data provided to us by the applicant will be included in a “Talent Pool,” which the Company, as the Data Controller, may use for current and future recruitment processes for which the applicant’s profile is suitable. The databases where this information is stored are equipped with the necessary security measures to ensure the complete security of the data provided during the recruitment process. In any case, the information will not be processed for a period longer than that authorized by the applicant and any additional time required in accordance with legal or contractual circumstances that necessitate the handling of the information.
All personal data provided to us by the applicant will be included in a “Talent Pool,” which the Company, as the Data Controller, may use for current and future recruitment processes for which the applicant’s profile is suitable. The databases where this information is stored are equipped with the necessary security measures to ensure the complete security of the data provided during the recruitment process. In any case, the information will not be processed for a period longer than that authorized by the applicant and any additional time required in accordance with legal or contractual circumstances that necessitate the handling of the information.
ARANDA SOFTWARE ANDINA S.A.S. does not currently engage in the international transmission or transfer of personal data. In the event that it decides to carry out the international transfer of personal data, in addition to obtaining the express and unequivocal authorization of the Data Subject, it will ensure that the action provides adequate levels of data protection and complies with the requirements established in Colombia by Statutory Law 1581 of 2012 and its regulatory decrees.
On the other hand, when ARANDA SOFTWARE ANDINA S.A.S. decides to carry out international data transfers, it may do so without the data subjects’ authorization, provided that it ensures the security and confidentiality of the information and complies with the conditions governing the scope of data processing, in accordance with the provisions of Article 10 of Law 1581 of 2012.
ARANDA SOFTWARE ANDINA S.A.S. does not directly process the personal data of minors; however, specifically, the Company collects and processes the personal data of its employees’ minor children for the sole purpose of complying with the obligations imposed by law on employers regarding enrollment in the social security and parafiscal systems, as well as compliance with family leave provisions (Law 1857 of 2017), and, in particular, to enable children to enjoy their fundamental rights to health, recreation, and family life.
In any case, ARANDA SOFTWARE ANDINA S.A.S. will, where appropriate, obtain the necessary authorization from the child’s legal representatives for the processing of such data, always bearing in mind the best interests of the child and respecting the prevailing rights of children and adolescents as enshrined in Article 44 of the Political Constitution of Colombia.
The Data Subject, their successors, their representative and/or authorized agent, or any person designated by stipulation in favor of another, may exercise their rights by contacting us in writing to the administrative department responsible for personal data protection within the company. The written request may be sent to the following email address: protecciondedatos@arandasoft.com or via written communication sent to the following address: Diagonal 97 # 17 – 60, Office 702, Bogotá D.C.
12.1 Inquiries
You may access the personal information of the Data Subject stored in the databases of ARANDA SOFTWARE ANDINA S.A.S., and the company will provide all information contained in the individual record or related to the identification of the requester.
Once the company receives the inquiry, it will be addressed within a maximum of ten (10) business days from the date of receipt.
If it is not possible to respond to the inquiry within that timeframe, the interested party will be notified, stating the reasons for the delay and specifying the new date by which the inquiry will be addressed, which in no case may exceed five (5) business days following the expiration of the initial timeframe.
12.2 Claims
If you believe that the information contained in an ARANDA SOFTWARE ANDINA S.A.S. database requires correction, updating, or deletion, or if you suspect a violation of any of the obligations set forth in the Habeas Data Act, you may file a complaint with ARANDA SOFTWARE ANDINA S.A.S. which will be processed in accordance with the following rules:
- The complaint must be submitted in writing to ARANDA SOFTWARE ANDINA S.A.S., including the complainant’s identification, a description of the facts giving rise to the complaint, and the complainant’s address, along with any supporting documents.
If the complaint is incomplete, the complainant will be requested, within five (5) days of receipt of the complaint, to correct the deficiencies. If two (2) months have elapsed since the date of the request and the claimant has not submitted the required information, it will be understood that the claimant has withdrawn the complaint.
In the event that ARANDA SOFTWARE ANDINA S.A.S. receives a complaint that it is not competent to resolve, the company will forward it to the appropriate party within a maximum of two (2) business days and will inform the Data Subject. - Once the complete complaint has been received, the company will add a note to the relevant database stating “complaint pending” and the reason for the complaint within two (2) business days. The company will maintain this note on the disputed data until the complaint has been resolved.
- The maximum timeframe for addressing the complaint shall be fifteen (15) business days, starting from the day following the date of receipt. If it is not possible to address the complaint within that timeframe, the company shall inform the Data Subject of the reasons for the delay and the new date by which the complaint will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial timeframe.
MINIMUM REQUIREMENTS FOR THE APPLICATION
Requests submitted by data subjects to inquire about or file a complaint regarding the use and processing of their personal data must include certain minimum details in order to provide the data subject with a clear response that is consistent with the request. The requirements for the request are:
a) Be addressed to ARANDA SOFTWARE ANDINA S.A.S.
b) Include the data subject’s identification information (name and identification document).
c) Include a description of the facts underlying the inquiry or complaint.
d) The purpose of the request.
e) Provide the Data Subject’s mailing address and/or email address.
f) Attach any supporting documents. (Especially for claims)
If the inquiry or complaint is submitted in person, the Data Subject must submit their request or complaint in writing, subject only to the requirements set forth in the preceding paragraph.
12.3 Admissibility Requirement
The Account Holder, their successors, their representative and/or authorized agent, or any other party designated by agreement in favor of another, may only file a complaint with the Superintendency of Industry and Commerce regarding the exercise of their rights after having exhausted the consultation or complaint process directly with the company.
12.4 Request for Update and/or Correction
ARANDA SOFTWARE ANDINA S.A.S. will correct and update, at the data subject’s request, any information that is inaccurate or incomplete, in accordance with the procedure and terms set forth above. To this end, the data subject must submit the request through the channels provided by the company, specifying the update and correction of the data, and must also provide the documentation supporting such request.
The Data Subject may revoke at any time the consent or authorization given for the processing of their personal data, provided that there is no legal or contractual impediment to doing so.
The Data Subject also has the right to request at any time that ARANDA SOFTWARE ANDINA S.A.S. delete or remove their personal data when:
(a) Considers that they are not being treated in accordance with the principles, duties, and obligations set forth in current regulations.
(b) Are no longer necessary or relevant for the purpose for which they were collected.
(c) The period necessary to fulfill the purposes for which the data was collected has elapsed.
Such deletion entails the complete or partial removal of personal information, as requested by the data subject, from the records, files, databases, or processing operations carried out by ARANDA SOFTWARE ANDINA S.A.S.
The right to withdraw consent is not absolute; therefore, ARANDA SOFTWARE ANDINA S.A.S. may refuse to revoke consent or delete personal data in the following cases:
(a) The data subject has a legal or contractual obligation to remain in the database.
(b) The deletion of data would impede judicial or administrative proceedings related to tax obligations, the investigation and prosecution of crimes, or the enforcement of administrative penalties.
(c) The data is necessary to protect the data subject’s legally protected interests; to take action in the public interest; or to fulfill a legal obligation incumbent upon the data subject.
ARANDA SOFTWARE ANDINA S.A.S. reserves the right to modify the Personal Data Processing and Protection Policy at any time. However, any modifications will be communicated in a timely manner to the data subjects through the usual means of contact at least ten (10) business days prior to their effective date.
In the event that a data subject does not agree with the new General or Special Policy and has valid reasons that constitute just cause for withdrawing consent to the processing of personal data, the data subject may request that the company delete their information through the channels indicated in Chapter 12. However, Data Subjects may not request the removal of their personal data when the company has a legal or contractual obligation to process the data.
The device information we collect through the AEMM app is as follows:
- Phone number
- Location
- Installed applications
- Devices or other identifiers
This information is collected once the mobile device user has already connected (authenticated) to our servers via the Android Enterprise program, in order to provide the requested EMM services.
We use the information we automatically collect from the mobile application to ensure and support the features of Enterprise Mobility Management, such as inventory management and statistical analysis of device status.
We do not sell or rent user information that we automatically collect through the mobile application to third parties for their own marketing purposes. If Aranda decides to sell or rent your information to third parties for their own marketing purposes in the future, we will notify you and you will have the opportunity to opt in to receiving these third-party marketing communications. Aranda shares your information with third parties in certain circumstances, as follows:
- Employees, Third-Party Processors, and Third-Party Service Providers. We will disclose your information to our employees, contractors, affiliates, distributors, dealers, vendors, and suppliers (“Service Providers”) who provide certain services to us or on our behalf, such as operating and supporting the Site, analyzing data, or performing marketing or consulting. These service providers will only have access to the information necessary to perform these limited functions on our behalf.
- Responding to Subpoenas or Court Orders or to Protect Rights and Comply with Our Policies. To the extent permitted by law, we will disclose your information to government authorities or third parties if: (a) required to do so by law, or in response to a subpoena or court order; (b) we believe, in our sole discretion, that disclosure is reasonably necessary to protect us from fraud, to protect our property or other rights or those of other users, third parties, or the public; or (c) we believe that you have abused the Site by using it to attack other systems or to gain unauthorized access to any other system, to send spam, or to violate applicable laws. You should be aware that, following disclosure to a third party, your information may be accessed by others to the extent permitted or required by applicable law.
- Business Transfers; Bankruptcy. In the event of a merger, acquisition, bankruptcy, or other sale of all or a portion of our assets, any User Information owned or controlled by us may be included among the assets transferred to third parties. We reserve the right, as part of this type of transaction, to transfer or assign your information and other information we have collected from users of the Site to third parties. Except to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to this Privacy Policy. However, any information you submit or that is collected after such a transfer may be subject to a new privacy policy adopted by the successor entity.
- Aggregated Information. We may share information related to users of the Site with affiliated or unaffiliated third parties on an anonymous and aggregated basis. Although this information will not personally identify you, in some cases these third parties may combine this aggregated information with other data they have about you or receive from third parties, in a way that allows them to personally identify you.
- Our Affiliates. We may share some or all of your information with our parent company, corporate subsidiaries and affiliates, joint ventures, or other companies under common control with us. We will require these entities to comply with the terms of this Privacy Policy regarding the use of your information.
Please feel free to contact us at info@arandasoft.com if you have any questions about this Privacy Policy.
This Policy is effective as of June 2021.