Skip to content

Privacy Notice, Privacy Policy and Protection of Personal Data for services, applications and platforms of Aranda Service Desk.

This privacy notice applies to Services/Applications/Platforms provided by Aranda Service Desk:

In compliance with the General Regime of Habeas Data, regulated by Law 1581 of 2012 and its regulatory Decrees; the company ARANDA SOFTWARE ANDINA SAS identified with NIT. 830.099.766-1 and e-mail address https://arandasoft.com/ as a company that stores and collects personal data, and as RESPONSIBLE, must inform you of the following:

Personal data requested while browsing the website https://arandasoft.com/ will be treated according to the purposes related to the corporate purpose of the Company and especially to respond to the concerns raised through this channel; and to send information that is considered of interest through electronic newsletters. The personal and contact data requested will be kept in a database of the company while maintaining a contractual or legal relationship with the owner of the information, and in any case for a maximum period of 20 years after the end of such relationship with the owner, for the sole purpose of complying with the obligation of the company.óThe only purpose is to comply with the legal obligation to keep the file, to meet requests from authorities and/or for statistical purposes.

As the owner of the information, you have the right to know, update, and rectify your personal data; request the revocation of the authorization and/or request the deletion of the data when the treatment carried out does not respect the principles, rights and constitutional and legal guarantees; and access free of charge to your personal data subject to treatment.

In case you want to submit queries, complaints or claims, you can send your request to the following e-mail address protecciondedatos@arandasoft.com or in person at the following Diagonal. 97 No.17-60 IFX Network Building Office 702 in the city of Bogotá D.C.

Policy of treatment and protection of personal data for Services/Applications/Platforms provided by Aranda Service Desk:

In compliance with the provisions of the Statutory Law 1581 of 2012 and its Regulatory Decrees, the company establishes the General and Special Policy applicable to the Processing and Protection of Personal Data in the organization.

1. IDENTIFICATION OF THE PERSON IN CHARGE

ARANDA SOFTWARE ANDINA S.A.S., a commercial company identified with NIT 830.099.766-1 is constituted as a Colombian company, whose corporate purpose is to provide development, production and commercialization services for software projects.

2. OBJECTIVE
This Policy establishes the general guidelines for the protection and processing of personal data within the company, thus allowing to strengthen the level of trust between Responsibles and data subjects in relation to the treatment of their information; informing the Holders of the purposes and transfers to which their personal data are submitted and the mechanisms and forms for the exercise of their rights.
3. SCOPE
This Policy of Treatment and Protection of Personal Data will be applied to all databases and/or files that include personal data that are subject to treatment by ARANDA SOFTWARE ANDINA S.A.S., as responsible for the treatment of personal data. 

This policy constitutes version 2.0 of the company's personal data processing policy, based on the database update process carried out by the company in compliance with External Circular 003 of 2018, i.e. the update that every company must carry out of its databases between January 2nd and March 31st of each year from 2020 onwards. 
4. DEFINITIONS

● Habeas Data: The right of every person to know, update and rectify the information that has been collected about him/her in files and data banks of a public or private nature.

● Personal data: Any information linked or that can be associated to one or more specific or determinable natural person(s).

● Database: Organized set of personal data that is the subject of processing.

● Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or erasure.

● Authorization: Prior, express and informed consent of the Data Subject to carry out the processing of personal data.

● Privacy Notice: It is the physical, electronic document or in any other known or to be known format, which is made available to the Data Subject in order to inform about the processing of his/her personal data.

● Data subject: Natural person whose personal data is the subject of processing.

● Causahabient: A person who by succession or transmission acquires the rights of another person.

● Data Controller: Natural or legal person, public or private, who by itself or in association with others, decides on the database and/or the processing of the data.

● Data Processor: A natural or legal person, public or private, that by itself or in association with others, carries out the processing of personal data on behalf of the Data Controller.

5. GUIDING PRINCIPLES APPLICABLE TO PERSONAL DATA

The following guiding principles shall apply to the protection of personal data:

a) Principle of legality in data processing: The processing referred to in the Habeas Data Law is a regulated activity that must be subject to the provisions set forth therein and in the other provisions that develop it.

b) Principle of purpose: The processing must obey a legitimate purpose in accordance with the Constitution and the law, which must be informed to the Data Subject.

c) Principle of freedom: Processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent.

d) Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

e) Principle of transparency: The right of the Data Subject to obtain from the Controller or Processor, at any time and without restriction, information about the existence of data concerning him/her, must be guaranteed in the processing.

f) Principle of restricted access and circulation: The processing is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the processing may only be carried out by persons authorized by the Data Subject and/or by the persons provided for by law.

Personal data, except for public information, may not be made available on the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to Data Holders or authorized third parties in accordance with the law.

g) Principle of security: The information subject to processing by the Data Controller or Data Processor referred to in the Habeas Data Law, shall be handled with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

h) Principle of confidentiality: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only supply or communicate personal data when this corresponds to the development of the activities authorized by law and under the terms of the same.

6. RIGHTS OF THE OWNERS

Personal data owners shall enjoy the following rights, and those granted to them by law:

a) To know, update and rectify their personal data with respect to the Data Controller or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized;

b) Request proof of the authorization granted to the Data Controller, except when expressly exempted as a requirement for the processing, in accordance with the provisions of Article 10 of the Law;

c) To be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been made of their personal data;

d) File before the Superintendence of Industry and Commerce complaints for violations to the provisions of the law and other regulations that modify, add or complement it;

e) To revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the processing. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the processing the Controller or Processor has incurred in conduct contrary to the law and the Constitution;

f) Access free of charge to your personal data that have been processed.

7. AUTHORIZATION OF THE HOLDER OF PERSONAL DATA

Notwithstanding the exceptions provided for in the Statutory Law 1581 of 2012, as a general rule in the processing of personal data, ARANDA SOFTWARE ANDINA S.A.S., will collect the prior and informed authorization of the Data Subject, which may be obtained by any means that may be subject to subsequent consultation.

7.1 Events for which no authorization is required

The authorization of the Holder shall not be necessary in the case of:

a) Information required by a public or administrative entity in the exercise of its legal functions or by court order;

b) Data of a public nature;

c) Cases of medical or sanitary emergency;

d) Processing of information authorized by law for historical, statistical or scientific purposes;

e) Data related to the Civil Registry of Persons.

8. DUTIES OF ARANDA SOFTWARE ANDINA S.A.S. AS CONTROLLER OF PERSONAL DATA PROCESSING

ARANDA SOFTWARE ANDINA S.A.S. as responsible for the processing of personal data, shall comply with the following duties:

a) Guarantee to the Data Subject, at all times, the full and effective exercise of the right of habeas data.

b) Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Data Subject.

c) Duly inform the Data Subject about the purpose of the collection and the rights he/she is entitled to by virtue of the authorization granted.

d) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

e) Ensure that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.

f) Update the information, communicating in a timely manner to the Data Processor, all the news regarding the data previously provided and adopt the other necessary measures so that the information provided to the Data Processor is kept up to date.

g) Rectify the information when it is incorrect and communicate the pertinent to the Data Processor.

h) To provide to the Data Processor, as the case may be, only data whose processing is previously authorized in accordance with the provisions of this law.

i) To demand from the Data Processor at all times to respect the security and privacy conditions of the Data Subject's information.

j) To process queries and claims formulated under the terms set forth in the Statutory Law 1581 of 2012.

k) Adopt an internal manual of policies and procedures to ensure adequate compliance with the law and, in particular, for the handling of queries and complaints.

l) Inform the Data Controller when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed.

m) Inform at the Data Subject's request about the use given to his or her data.

n) Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Holders.

o) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

9. SPECIFIC POLICIES FOR THE TREATMENT OF PERSONAL DATA

9.1 Processing of Employees' personal data

ARANDA SOFTWARE ANDINA S.A.S. collects the personal data of its employees which are classified by the company as confidential, and will only be disclosed by the company with the express authorization of the owner or when a Competent Authority requests it.

The purposes for which the personal data of the company's employees are used will be:

a) To comply with the obligations imposed by Colombian labor law on employers, or with the orders issued by the competent Colombian or foreign authorities.

b) To issue certifications regarding the relationship of the data subject with the Company.

c) Comply with the obligations imposed on the company as an employer, in relation to Occupational Safety and Health standards, and the so-called Occupational Safety and Health Management System (SG-SST).

d) Manage the functions performed by the workers.

e) Execute the different stages of the Company's disciplinary processes and consult memos, warnings or any type of sanction imposed on employees.

f) Contacting family members in case of emergency.

g) To manage and control payroll.

h) Control the employees' working hours and the overtime they work.

i) Keeping a control of incapacities, absenteeism, leaves of absence and vacations of employees.

j) Keeping a control of the training given to the workers.

k) Store your personal data, including biometric data on its website as a support of the activities carried out.

l) Comply with the biosafety protocols applicable to the Company in accordance with the provisions issued by the National Government.

m) To carry out control, follow-up and evaluation of workers.

n) Take images and photographs necessary for the recognition of the worker, compliance control and collection of evidence of the services rendered.

o) Additionally, biometric data of employees are used for commercial purposes related to the Company's corporate purpose.

p) Communicate information about employees to third parties with which the Company maintains a contractual relationship, partners or consortiums and customers to the extent necessary to comply with the protocol of the third parties, for the sole purpose of allowing them to manage the control and coordination of the personnel who effectively provide the services arising from the professional relationship, as well as to enable compliance with legal, tax and social security obligations.

q) Communicate workers' identification data to travel agencies, transportation companies, hotels and other entities for the management of reservations and settlement of expenses incurred.

r) To carry out international transfer or transmission of data to countries that provide similar protection to Colombia.

s) delivery of information to third parties in charge of evaluation, training, certification and other processes required in the development of the contractual relationship.

t) Verify, compare and evaluate the work and personal competencies of employees.

u) Sending information to compensation funds, AFP, ARL, insurance companies, among others.

v) Initiate internal investigations based on complaints filed by active and non-active employees, third parties or the employees themselves.

w) Handling of complaints against employees for harassment at work or violation of codes of conduct.

ARANDA SOFTWARE ANDINA S.A.S. stores the personal data of its employees, including those obtained in the development of the selection process, and keeps them in a folder identified with the name of each of them.

This folder will only have access and will be treated by the Human Resources Area and the Administrative Area in order to manage the contractual relationship between ARANDA SOFTWARE ANDINA S.A.S. and the employee.

ARANDA SOFTWARE ANDINA S.A.S. treats sensitive personal data of its employees such as the data of their minor children for the sole purpose of registering them as beneficiaries of the social security and parafiscal system. For the purposes of this treatment the respective authorization is collected, which in any case will be express and optional, clearly indicating the Sensitive Personal Data object of treatment and the purpose of the same.

Likewise, it will have high security systems for the handling of those sensitive data and its reserve, in the understanding that such sensitive data will only be used by ARANDA SOFTWARE ANDINA S.A.S. for the aforementioned purposes.

Upon termination of the employment relationship, ARANDA SOFTWARE ANDINA S.A.S. will proceed to store all personal data obtained from the selection process and the documentation generated in the development of the employment relationship, in a central file with restricted access, subjecting the information at all times to appropriate security measures and levels, given that the employment information may contain sensitive data.

In any case, the information will not be processed for a period exceeding twenty (20) years from the termination of the employment relationship, or in accordance with the legal or contractual circumstances that make it necessary to handle the information.

Finally, in accordance with the provisions of External Circular 008 of 2020 of the Superintendence of Industry and Commerce, the data collected to comply with biosafety protocols will only be used for the purposes indicated by the Ministry of Health and Social Protection, and will only be stored for the reasonable and necessary time to comply with such protocols. Once the purpose of the Personal Data Processing has been fulfilled, the Company will automatically delete the data collected.

9.2 Processing of Trainees' personal data:

ARANDA SOFTWARE ANDINA S.A.S. collects the personal data of its trainees and stores them in a database which is classified by the company as confidential, and will only be disclosed with the express authorization of the owner or when requested by a Competent Authority.

The purposes for which the personal data of the trainees of ARANDA SOFTWARE ANDINA S.A.S. are used will be:

a) To comply with the obligations imposed by Colombian labor law on employers, especially with the provisions of Law 789 of 2002 and its Regulatory Decrees.

b) Issue certifications regarding the relationship of the data subject with the company.

c) To corroborate any requirement that may arise in the development of the apprenticeship process.

d) Comply with the obligations imposed on the company as an employer, in relation to Occupational Safety and Health standards, and the so-called Occupational Safety and Health Management System (SG-SST).

e) Manage the functions developed by the trainees.

f) To monitor the development of the trainees in the teaching and practical stages.

g) Contacting family members in case of emergency.

In any case, the information will not be processed for a period longer than the duration of the applicant's relationship with the company, which in no case may exceed two (2) years, and the additional time required according to the legal or contractual circumstances that make it necessary to handle the information.

9.3 Processing of customer personal data:

ARANDA SOFTWARE ANDINA S.A.S. collects the personal data of its customers and stores them in a database which is classified by the Company as confidential, and will only be disclosed with the express authorization of the owner or when requested by a Competent Authority.

The purposes for which the personal data of ARANDA SOFTWARE ANDINA S.A.S. customers are used will be:

a) Process of control and accounting records of the obligations contracted with customers.

b) Compliance with tax and legal aspects before public and regulatory entities.

c) Fulfillment of contractual obligations, for which the information may be transferred to third parties, such as financial entities, allied third parties, notaries, lawyers, etc.

d) Compliance with judicial decisions and administrative, legal, tax and regulatory provisions.

e) Transmission of information and personal data in auditing processes.

f) Administrative management for the execution of the pre-contractual, contractual and post-contractual stages.

g) Creation of the client in the Company's platforms or software.

h) To guarantee the provision of development, production and commercialization services for software projects.

i) Ensure compliance with the rights to which they are entitled under Law 1581 of 2012.

j) To carry out commercial prospecting and marketing activities.

k) Evaluate customer service and conduct satisfaction surveys.

l) Share the information with third party allies that collaborate with the company, considering that for the fulfillment of their duties they must access to some extent to the information, which will also be subject to the obligations of confidentiality, handling of information and protection of personal data to which this company is subject.

m) To process the requests, complaints or claims established directly by the client through the customer service channels.

n) Contact the customer through physical and electronic means - email, SMS or chat to send information of interest or related to the contractual relationship, invite them to trainings or with the portfolio of services.

o) Maintain commercial contact with the Company, even after the termination of the contractual relationship.

p) Consult as good business practice or legal obligation, Clinton and UN background, in order to prevent money laundering and terrorist financing.

q) TO INCLUDE ANY OTHERS WHICH IT CONSIDERS TO BE MISSING

In any case, the information will not be processed for a period longer than the duration of the contractual relationship between the customer and the Company, and the additional time required according to the legal or contractual circumstances that make necessary the handling of the information.

9.3 Processing of personal data of Suppliers and Contractors

ARANDA SOFTWARE ANDINA S.A.S. collects the personal data of its suppliers and contractors and stores them in a database which, although it is composed mostly of public data, is classified by the company as reserved, and that, in the case of private data, will only be disclosed by the company with the express authorization of the owner or when a Competent Authority requests it.

The purposes for which the personal data of the Suppliers and Contractors of ARANDA SOFTWARE ANDINA S.A.S. are used will be:

a) Manage the accounts receivable submitted by suppliers or contractors.

b) Keeping a control of the contributions made by contractors to the social security system.

c) Conduct evaluations and selection of potential suppliers.

d) Compliance with tax and legal aspects with public and regulatory entities.

e) Control and payment for goods and services received.

f) Qualitative and quantitative evaluations of service levels received from suppliers.

g) Process of control and accounting record of the obligations contracted with suppliers and contractors.

h) Sending invitations to contract and making arrangements for the pre-contractual, contractual and post-contractual stages.

i) Others specifically established in the authorizations granted by the suppliers themselves.

ARANDA SOFTWARE ANDINA S.A.S. will only collect from its suppliers and contractors the data that are necessary, relevant and not excessive for the purpose of selection, evaluation and execution of the contract. The collection of personal data of employees of suppliers by ARANDA SOFTWARE ANDINA S.A.S. will have in any case the purpose of verifying the suitability and competence of employees; that is, once this requirement is verified, ARANDA SOFTWARE ANDINA S.A.S. will return such information to the supplier, unless expressly authorized its conservation.

In any case, the information will not be processed for a period longer than the duration of the relationship of the Supplier and contractors with the company, and the additional time required according to legal or contractual circumstances that make it necessary to handle the information.

9.4 Processing of shareholders' personal data

ARANDA SOFTWARE ANDINA S.A.S. collects the personal data of its shareholders and stores them in a database which is classified by the company as confidential, and which will only be disclosed by the company with the express authorization of the owner or when requested by a Competent Authority.

The purposes for which the Shareholders' personal data are used will be:

a) Enable the exercise of the duties and rights derived from the quality of shareholder.

b) Allow the sending of invitations to events programmed by the company

c) To issue certifications regarding the relationship of the Holder with the company.

d) To comply with the precepts and regulations established in the Code of Commerce and other applicable regulations.

e) To summon or invite him/her to the different meetings of a corporate nature that he/she must attend due to his/her capacity as shareholder.

In any case, the information will not be processed for a period exceeding the time of existence of the company, and the additional time required according to the legal or contractual circumstances that make it necessary to handle the information.

9.5 Processing of Visitors' personal data at the Entrance Control:

ARANDA SOFTWARE ANDINA S.A.S. collects personal data of its visitors through forms and surveys that may include sensitive personal data such as temperature or health status of third parties in compliance with the Company's biosecurity protocols. This information is stored in a database which is classified by the entity as confidential, and will only be disclosed by the Company with the express authorization of the owner or when requested by a Competent Authority.

The purposes for which the personal data of those who enter the facilities of ARANDA SOFTWARE ANDINA S.A.S. are used will be:

a) To ensure the entry to the Company's facilities to persons who have the authorization of free transit and to restrict the passage to those persons who are not authorized.

b) To guarantee security in the monitored environments.

c) To provide adequate working environments for the safe development of activities within the Company.

d) To comply with the obligations stipulated in the Occupational Health and Safety Management System.

e) Comply with the biosecurity protocols implemented by the Company.

In any case, the information will not be processed for a period of more than one (1) year from its collection in accordance with the legal or contractual circumstances that make it necessary to handle the information.

In accordance with the provisions of External Circular 008 of 2020 of the Superintendence of Industry and Commerce, the data collected to comply with biosafety protocols will only be used for the purposes indicated by the Ministry of Health and Social Protection, and will only be stored for the reasonable and necessary time to comply with such protocols. Once the purpose of the Personal Data Processing has been fulfilled, the Company will automatically delete the data collected.

9.6 Processing of personal data from the Web Site

ARANDA SOFTWARE ANDINA S.A.S. collects personal data from interested third parties through its website and stores them in a database which is classified by the company as confidential, and will only be disclosed with the express authorization of the owner or when requested by a Competent Authority.

The purposes for which the personal data contained in ARANDA SOFTWARE ANDINA S.A.S. website are used will be:

a) To allow communication with customers or third parties through the contact us section.

b) To publish events or news of interest.

c) Receive and process complaints and claims from third parties.

d) Legal, accounting, administrative, commercial, promotional, informational, marketing and sales purposes.

e) To carry out promotional, marketing and advertising campaigns.

f) To publicize the company's portfolio of services.

In any case, the information will not be processed for a period longer than the period agreed with the third party or user through a contract or authorization to use their personal data counted from its collection in accordance with the legal or contractual circumstances that make necessary the handling of the information.

9.7 Processing of personal data from the Video Surveillance Record

ARANDA SOFTWARE ANDINA S.A.S. collects biometric data of its workers and visitors through its Surveillance Cameras and stores them in a database which is classified by the company as confidential, and will only be disclosed with the express authorization of the owner or when requested by a Competent Authority.

The purposes for which the personal data contained in the ARANDA SOFTWARE ANDINA S.A.S. Surveillance Cameras are used will be:

a) Ensuring safety in the work environment.

b) To provide adequate working environments for the safe development of the company's work activities.

c) Control the entry, stay and exit of employees and contractors in the company's facilities.

In order to comply with the duty of information that corresponds to ARANDA SOFTWARE ANDINA S.A.S. as administrator of personal data, the company will implement Privacy Notices in the areas where the capture of images that involve the processing of personal data is carried out.

In any case, the information will not be processed for a period longer than 30 days from its collection in accordance with the legal or contractual circumstances that make it necessary to handle the information.

9.8 Processing of Biometric Control Personal Data

ARANDA SOFTWARE ANDINA S.A.S. collects biometric data of its employees and stores them in a database which is classified by the company as confidential, and will only be disclosed with the express authorization of the owner or when requested by a Competent Authority.

The purposes for which the personal data contained in the ARANDA SOFTWARE ANDINA S.A.S. Surveillance Cameras are used will be:

a) Ensuring safety in the work environment.

b) Allow access only to authorized personnel.

c) Control the entry, permanence and exit of employees in the company's facilities.

In any case, the information will not be processed for a period longer than the duration of the employment relationship with the employee.

9.9 Processing of Personal Data of Prospective Clients:

ARANDA SOFTWARE ANDINA S.A.S. has a record of Prospects of Clients, whose information has been collected by the Company with the previous express authorization of the Holder through events or through the completion of requests for quotations by them. ARANDA SOFTWARE ANDINA S.A.S. stores such information in a database which is classified by the company as confidential, and will only be disclosed with the express authorization of the holder or when a Competent Authority requests it.

The purposes for which the personal data of the Prospects of Clients of ARANDA SOFTWARE ANDINA S.A.S. are used will be:

a) Sending invitations to events scheduled by the company.

b) Send information on projects offered by the company to interested parties.

c) Verify compliance with the requirements established by the Company to access a project, agreement or contract.

d) To carry out commercial prospecting activities and marketing operations.

e) To process inquiries, complaints or claims submitted by the owners.

f) To prepare management reports and internal statistics.

g) Guarantee the exercise of their right of Habeas Data (Consultations, complaints and claims about updating, correction, suppression or elimination of data).

In any case, the information will not be processed for a period longer than the period agreed with the prospect through an authorization to use their personal data counted from its collection in accordance with the legal or contractual circumstances that make it necessary to handle the information.

9.10 Processing of personal data of candidates or applicants in selection processes:

ARANDA SOFTWARE ANDINA S.A.S. collects the personal data of the candidates or applicants of the selection processes carried out by the Company and stores them in a database which is classified as confidential, and will only be disclosed with the express authorization of the owner or when requested by a Competent Authority.

The purposes for which the personal data of the applicants of the selection processes carried out by ARANDA SOFTWARE ANDINA S.A.S. are used will be:

a) Performing internal and external administrative management for the transparent execution of the personnel selection process.

b) Sending of communications programmed by the Company to carry out different selection tests.

c) Corroborate any requirement that may arise in the development of the selection process.

d) Verification of the applicant's work, academic and personal references.

e) To carry out the general hiring process of the selected personnel.

f) Conduct security studies and home visits.

All personal data provided by the applicant or applicant will become part of a "Talent Bank", which the Company, as Responsible, may use for current and future selection processes in which the applicant's profile is suitable. The databases where this information is stored have the necessary security measures to guarantee the total security of the data provided during the selection process. In any case, the information will not be processed for a period longer than that authorized by the applicant and the additional time required according to the legal or contractual circumstances that make it necessary to handle the information.

All personal data provided by the applicant or applicant will become part of a "Talent Bank", which the Company, as Responsible, may use for current and future selection processes in which the applicant's profile is suitable. The databases where this information is stored have the necessary security measures to guarantee the total security of the data provided during the selection process. In any case, the information will not be processed for a period longer than that authorized by the applicant and the additional time required according to the legal or contractual circumstances that make it necessary to handle the information.

10. INTERNATIONAL TRANSFER AND TRANSMISSION OF PERSONAL DATA

ARANDA SOFTWARE ANDINA S.A.S. does not currently perform international transmission or transfer of personal data. In the event that it decides to make the International Transfer of personal data, in addition to having the express and unequivocal authorization by the Holder, it will ensure that the action provides adequate levels of data protection and meets the requirements set in Colombia by the Statutory Law 1581 of 2012 and its regulatory decrees.

On the other hand, when ARANDA SOFTWARE ANDINA S.A.S. decides to carry out International Transmission of data, it may do so without authorization of the owners, as long as it guarantees the security of the information, confidentiality and the conditions that regulate the scope of data processing, in accordance with the provisions of Article 10 of Law 1581 of 2012.

11. DATA ON CHILDREN AND ADOLESCENTS

ARANDA SOFTWARE ANDINA S.A.S. does not directly process personal data of minors; however, in particular, the Company collects and processes the personal data of the minor children of its employees, with the sole purpose of complying with the obligations imposed by law on employers in relation to affiliations to the social security and parafiscal system, as well as compliance with the family day (Law 1857 of 2017), and in particular to allow the enjoyment of the fundamental rights of children to health, recreation and the right to family.

In any case, ARANDA SOFTWARE ANDINA S.A.S. will collect when appropriate the respective authorization to their legal representatives for their treatment, always bearing in mind the best interest of the minor and respect for the prevailing rights of children and adolescents enshrined in Article 44 of the Political Constitution of Colombia.

12. PROCEDURE FOR HANDLING QUERIES, CLAIMS AND PETITIONS, AND MECHANISMS FOR EXERCISING THE RIGHTS OF THE OWNERS.

The Data Subject, his or her assignees, his or her representative and/or proxy, or whoever is determined by stipulation in favor of another; may exercise his or her rights by contacting us through a written communication addressed to the administrative area in charge of the protection of personal data in the company. The communication may be sent to the following e-mail address: protecciondedatos@arandasoft.com or through written communication to the following address: Diagonal 97 # 17 - 60 Office 702 Bogotá D.C.

12.1 Consultations

The personal information of the Holder contained in the databases of ARANDA SOFTWARE ANDINA S.A.S. may be consulted and the company will be responsible for providing all the information contained in the individual record or that is linked to the identification of the applicant.

The consultation once received by the company will be answered within a maximum term of ten (10) business days from the date of receipt of the same.

When it is not possible to attend the consultation within such term, the interested party shall be informed, stating the reasons for the delay and indicating the new date on which such consultation will be attended, which in no case may exceed five (5) working days following the expiration of the first term.

12.2 Claims

When it is considered that the information contained in a database of ARANDA SOFTWARE ANDINA S.A.S. should be corrected, updated or deleted, or when the alleged breach of any of the duties contained in the Habeas Data Law is noticed, a claim may be filed before ARANDA SOFTWARE ANDINA S.A.S. which will be processed under the following rules:

  1. The claim shall be made by written communication addressed to ARANDA SOFTWARE ANDINA S.A.S. with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents you want to assert.
    If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

    In case ARANDA SOFTWARE ANDINA S.A.S. receives a Claim of which it is not competent to solve it, the company will transfer it to the person who effectively corresponds in a maximum term of two (2) working days and will inform the Holder.
  2. Once the complete claim has been received, the company will include in the respective database a legend that reads "claim in process" and the reason for the claim, within a term no longer than two (2) business days. The company will keep such legend in the data under discussion until the claim is decided.
  3. The maximum term to address the claim will be fifteen (15) working days from the day following the date of receipt. When it is not possible to address the claim within such term, the company will inform the Holder the reasons for the delay and the new date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

MINIMUM CONTENT OF THE APPLICATION

Requests submitted by the holder in order to make a query or complaint about the use and handling of their personal data must contain minimum specifications, in order to provide the holder with a clear and consistent response to the request. The requirements of the request are:

a) Be addressed to ARANDA SOFTWARE ANDINA S.A.S.

b) Contain the identification of the Holder (Name and Identification Document).

c) Contain a description of the facts that motivate the consultation or complaint.

d) The object of the petition.

e) Indicate the Holder's physical and/or electronic (e-mail) notification address.

f) Attach the documents you wish to assert (especially for claims).

In the event that the consultation or claim is submitted in person, the Holder must submit the request or claim in writing, without any formality other than the requirements set forth in the previous point.

12.3 Procedural requirement

The Holder, his assignees, his representative and/or proxy, or whoever is determined by stipulation in favor of another; may only file a complaint before the Superintendence of Industry and Commerce for the exercise of his rights once he has exhausted the process of Consultation or Claim directly before the company.

12.4 Update and/or rectification request

ARANDA SOFTWARE ANDINA S.A.S. will rectify and update, at the request of the holder, the information that is inaccurate or incomplete, following the procedure and terms indicated above, for which the Holder must submit the request according to the channels provided by the company, indicating the update and rectification of the data and in turn must provide documentation to support such request.

13. Revocation of Authorization and/or Deletion of Data

The Data Subject may revoke at any time the consent or authorization given for the processing of his/her personal data, as long as there is no impediment enshrined in a legal or contractual provision.

Likewise, the Data Subject has the right to request at any time to ARANDA SOFTWARE ANDINA S.A.S. the suppression or elimination of his personal data when:

a) Consider that they are not being treated in accordance with the principles, duties and obligations set forth in the regulations in force.

b) Are no longer necessary or pertinent for the purpose for which they were obtained.

c) The time necessary for the fulfillment of the purposes for which they were obtained has elapsed.

Such deletion implies the total or partial elimination of the personal information, as requested by the holder in the records, files, databases or treatments carried out by ARANDA SOFTWARE ANDINA S.A.S.

The right of cancellation is not absolute and therefore ARANDA SOFTWARE ANDINA S.A.S. may deny revocation of authorization or deletion of personal data in the following cases:

a) The owner has a legal or contractual duty to remain in the database.

b) The deletion of data hinders judicial or administrative proceedings related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.

c) The data are necessary to protect the legally protected interests of the holder; to carry out an action in the public interest, or to comply with an obligation legally acquired by the holder.

14. MODIFICATION OF POLICIES

ARANDA SOFTWARE ANDINA S.A.S. reserves the right to modify the Policy of Treatment and Protection of Personal Data at any time. However, any modification will be communicated in a timely manner to the holders of personal data through the usual means of contact with ten (10) working days prior to its entry into force.

In the event that a Data Subject does not agree with the new General or Special Policy and with valid reasons that constitute a just cause for not continuing with the authorization for the processing of personal data, the Data Subject may request the company to withdraw his/her information through the channels indicated in Chapter 12. However, Data Subjects may not request the withdrawal of their personal data when the company has a legal or contractual duty to process the data.

15. VALIDITY

This Policy is effective as of June 2021.