Personal data treatment policy
Privacy Policies and Information Processing
CityU informs the Holders of Personal Data, which are treated in any way by CityU, of this information treatment policy (the "Policy"), thereby complying with Law 1581 of 2012, the Single Regulatory Decree 1074 of 2015 and regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the Protection of Personal Data. The main purpose of this Policy is to inform the Holders of the Personal Data of the rights that assist them, the procedures and mechanisms provided by CityU to give effect to those rights of the Holders, and to inform them of the scope and purpose of the Treatment. to which the Personal Data will be submitted in case the Holder grants his express, prior and informed authorization.
The personal data that is voluntarily provided by the USERS of this Site will be included in an automated file in order to update our databases, as well as their use for commercial, informational and / or advertising purposes of our products. and services.
1. MAIN DEFINITIONS.
The expressions used in capital letters in this Policy will have the meaning given to them here, or the meaning that the applicable law or jurisprudence may give them, as said law or jurisprudence is modified from time to time:
a) "Authorization": It is the prior, express and informed consent of the Owner to carry out the Treatment of your Personal Data, which is carried out through the Site.
b) "Database": It is the organized set of Personal Data that are subject to Treatment, electronic or not, whatever the form of its formation, storage, organization and access.
c) “Financial Data”: It is all Personal Data referring to the birth, execution and extinction of monetary obligations, regardless of the nature of the contract that gives rise to them, the Treatment of which is governed by Law 1266 of 2008 or the regulations that complement it, modify or add.
d) "Personal Data": This is any information of any kind, linked or that may be associated with one or more determined or determinable natural or legal persons.
e) "Public Data": It is the Personal Data qualified as such according to the mandates of the law or the Political Constitution and that which is not semi-private, private or sensitive. The data relating to the civil status of individuals, their profession or trade, their status as a merchant or public servant and those that can be obtained without reservation are public, among others. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official gazettes, duly executed judicial decisions that are not subject to reservation.
f) "Sensitive Data": It is the Personal Data that affects the privacy of the Holder or whose improper use may generate their discrimination, such as those that reveal union affiliations, racial or ethnic origin, political orientation, religious, moral or philosophical, membership of unions, social organizations, human rights or that promotes the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
g) "Data Processor": Is the natural or legal person, public or private, who, by himself or in association with others, performs the Processing of Personal Data on behalf of the Data Controller.
h) "Authorized": It is CityU and all persons under the responsibility of the Company, which by virtue of the Authorization and these Policies have the legitimacy to Process the Personal Data of the Owner. The Authorized includes the gender of the Authorized.
i) "Habilitation": It is the legitimacy that expressly and in writing by means of a contract or document that substitutes for it, is granted by CITYU to third parties, in compliance with the applicable Law, for the Treatment of Personal Data, turning such third parties into Data Processors of the Personal Data delivered or made available.
j) "Responsible for Treatment": It is the natural or legal person, public or private, that by itself or in association with others, decides on the Database and / or the Treatment of Personal Data. k) “Owner” of the Personal Data: It is the natural or legal person to whom the information that rests in a Database refers to, and who is the subject of the right of habeas data. l) "Transfer": It is the Treatment of Personal Data that implies the communication of the same inside or outside the territory of the Republic of Colombia when it has as its object the realization of a Treatment by the Manager on behalf of the Responsible.
m) "Transmission": It is the activity of Personal Data Processing through which they communicate, internally or with third parties, inside or outside the territory of the Republic of Colombia, when such communication is intended to carry out any activity Treatment by the recipient of the Personal Data.
CITYU, in the development of its commercial activities, will collect, use, store, transmit and carry out various operations on the Personal Data of the Holders. In all Personal Data Processing carried out by CITYU, the Persons Responsible, Managers and / or third parties to whom Personal Data is transferred must comply with the principles and rules established in the Law and in this Policy, in order to guarantee the right to habeas data of the Holders and comply with the obligations of CITYU Law These principles are:
a) Prior authorization: All Personal Data Processing will be carried out once the prior, express and informed Authorization of the Owner has been obtained, unless the Law establishes an exception to this rule. In the event that the Personal Data has been obtained before the Law, CITYU will seek the pertinent ordinary and alternative means to summon the Holders and obtain their retroactive authorization, following the provisions of the Single Regulatory Decree 1074 of 2015 and the corresponding rules .
b) Authorized purpose: All Personal Data Processing activity must obey the purposes mentioned in this Policy or in the Authorization granted by the Personal Data Holder, or in the specific documents that regulate each type or process of Data Treatment Personal. The purpose of the particular Treatment of a Personal Data must be informed to the Holder of the Personal Data at the time of obtaining its Authorization. Personal Data may not be processed outside of the purposes informed and consented by the Data Holders.
c) Data Quality: The Personal Data subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. When you are in possession of partial, incomplete, fractional or misleading Personal Data, CITYU must refrain from Processing them, or request the owner to complete or correct the information.
d) Delivery of information to the Holder: When the Holder requests it, CITYU must deliver the information about the existence of Personal Data that concerns the applicant. This delivery of information will be carried out by the CITYU department responsible for the protection of personal data (see points 7 and 8 of this Policy).
e) Restricted circulation: Personal Data can only be processed by those CITYU personnel who have authorization or authorization for it, or who within their functions are in charge of carrying out such activities. No Personal Data may be delivered to those who do not have Authorization or have not been Enabled by CITYU to carry out the Treatment.
f) Temporality: CITYU will not use the information of the owner beyond the reasonable period that the purpose that was reported to the Owner of the Personal Data requires.
g) Restricted access: Except for the expressly authorized Data, CITYU may not make Personal Data available for access through the Internet or other mass communication means, unless technical and security measures are established to control and restrict access. only to Authorized persons.
h) Confidentiality: CITYU must always carry out the Treatment arranging the technical, human and administrative measures that are necessary to maintain the confidentiality of the data and to prevent it from being adulterated, modified, consulted, used, accessed, deleted, or known by persons not Authorized or by Authorized and unauthorized persons fraudulently, or that the Personal Data is lost. All new projects involving the Processing of Personal Data must consult this Treatment Policy to ensure compliance with this rule.
i) Confidentiality and Subsequent Treatment: All Personal Data that is not Public Data must be treated by the Responsible Parties as confidential, even when the contractual relationship or the link between the Owner of the Personal Data and CITYU has ended. Upon termination of said link, such Personal Data must continue to be Processed in accordance with this Policy and the Law.
j) Individuality: CITYU will keep separately the databases in which it has the quality of Manager of the databases in which it is Responsible.
k) Necessity: Personal Data can only be Processed during the time and to the extent that the purpose of its Treatment justifies it.
3. TREATMENT AND PURPOSES.
The Personal Data processed by CITYU must be strictly submitted only for the purposes indicated below. Likewise, the Managers or third parties who have access to the Personal Data by virtue of Law or contract, will maintain the Treatment within the following purposes:
a) Manage all the information necessary for compliance with CITYU's tax and commercial, corporate and accounting records.
b) Comply with CITYU's internal processes regarding supplier and contractor administration.
c) Comply with service contracts concluded with clients.
d) Provide their services in accordance with the particular needs of CITYU clients, in order to fulfill the service contracts concluded, including but not limited to verification of affiliations and rights of the individuals to whom CITYU clients will provide its services, use Personal Data for marketing and / or commercialization of new services or products.
e) The other purposes determined by the Responsible in the process of obtaining Personal Data for its Treatment and which are communicated to the Holders at the time of the collection of personal data.
f) The control and prevention of fraud and money laundering, including but not limited to consulting restrictive lists, and all the necessary information required for the Money Laundering Risk Management and Terrorism Financing System - SARLAFT.
g) The process of filing, updating of systems, protection and custody of information and databases of CITYU.
h) Processes within CITYU, for development or operational purposes and / or systems administration.
i) The transmission of data to third parties with whom contracts have been concluded for this purpose, for commercial, administrative, marketing and / or operational purposes, including, but not limited to the issuance of cards, personalized certificates and certifications to third parties, in accordance with current legal provisions.
j) Maintain and process by computer or other means, any type of information related to the client's business in order to provide the relevant services and products.
k) The other purposes determined by those Responsible in the process of obtaining Personal Data for its Treatment, in order to comply with legal and regulatory obligations, as well as CITYU's policies.
4. RIGHTS OF THE PERSONAL DATA HOLDER.
In accordance with the Law, the Personal Data Holders have the following rights:
a) Know, update and rectify your Personal Data in front of CITYU or those in charge of their treatment. This right may be exercised, among others, against partial, inaccurate, incomplete, fractional data that is misleading, or those whose Treatment is expressly prohibited or has not been authorized.
b) Request proof of the Authorization granted to CITYU, unless the Law indicates that said Authorization is not necessary.
c) Submit requests to CITYU or the Treatment Manager regarding the use that has been given to your Personal Data, and that they provide such information.
d) Present complaints to the Superintendency of Industry and Commerce for violations of the Law.
e) Revoke your Authorization and / or request the deletion of your Personal Data from the CITYU databases, when the Superintendence of Industry and Commerce has determined by means of a definitive administrative act that the CITYU Treatment or the Treatment Manager has incurred in conduct contrary to the Law or when there is no legal or contractual obligation to keep the Personal Data in the Responsible's database.
f) Request access and free access to your Personal Data that has been processed in accordance with article 184.108.40.206.4.2 of Sole Regulatory Decree 1074 of 2015.
g) Know the modifications to the terms of this Policy before and efficiently to the implementation of the new modifications or, failing that, of the new information treatment policy.
h) Have easy access to the text of this Policy and its modifications.
i) Access in an easy and simple way to the Personal Data that are under the control of CITYU to effectively exercise the rights that the Law grants to the Holders.
j) Know the agency or person empowered by CITYU against whom you can submit complaints, queries, claims and any other request about your Personal Data.
The Holders may exercise their rights under the Law and carry out the procedures established in this Policy, by presenting their citizenship card or original identification document. Minors may exercise their rights personally, or through their parents or adults holding parental authority, who must demonstrate this through the relevant documentation. Likewise, the rights of the Holder may be exercised by the successors in title that accredit said quality, the representative and / or agent of the holder with the corresponding accreditation and those who have made a stipulation in favor of another or for another.
5. COLLECTION OF INFORMATION.
To start the registration process, forms must be filled out with complete and truthful information from the Users. The information requested is of special importance for the operation of the Site. CITYU may eventually collect information about the behavior of Users using cookies, tags, web beacons and other methods. For the interpretation of these concepts, the commonly accepted one will be used. The only personal information that a cookie may contain is information that the user himself provides with his Internet browsing, such as the IP address, the pages visited and in what order, the time spent on each page, the date and the time. , etc. (the "Activity Information"). A cookie cannot read data from the user's hard drive or read cookie files created by other internet sites. CITYU can collect information from Users to improve the quality of its services, thanks to the fact that it stores the preferences of Users, and that it monitors behavioral trends, for example, the type of searches carried out by said Users. CITYU enables a registration option on the Site through a form. In this case, the User expressly consents to CITYU accessing, at any time, the information provided, which allows sharing when registering on the Platform. The universities may know certain information of the Users, such as their name and email in order to carry out the process of obtaining a scholarship, among other things. In this sense, the Users accept the communication of these data by CITYU.
6. TRANSFER OF INFORMATION.
The information provided by the Users and that which is collected directly, may be transferred between different Ad Servers or other internet sites such as search engines and others, which may be located in different countries, with different data protection laws. The use of the services of the Site implies the authorization by the Users for the international transfer of the information provided. Additionally, the information collected by CITYU may be transferred to the Colombian police authorities when there is suspicion that one of the Users committed any fraudulent or criminal conduct when using the Site.
7. USE OF PERSONAL DATA TO REQUEST AN APPOINTMENT.
In case of requesting an appointment, your personal data will be stored and used for shipping. For this purpose, the service provider contracted by us will receive your data to carry out the respective process for scheduling and confirming the appointment.
At any time, you can cancel the appointment. For this, it is sufficient to send an email to firstname.lastname@example.org indicating the reason why the cancellation is required. In case of canceling your data, they will be deleted in our systems.
As an alternative to this, you may at any time revoke your consent to the use of your data for advertising purposes, by sending an email, in writing or by telephone.
8. SOCIAL NETWORKS.
The contents of our website can be shared through social networks (Facebook, Pinterest, Youtube, Instagram, Twitter, etc.). When you are connected to social networks and at the same time navigate the page, a connection will be established between the servers of social networks and those of our website. If you react on the website by leaving a comment, for example, the information associated with that comment will be published in your personal account of the social network used. In the event that you reject that the social network collects your information through the website, it will be necessary to disconnect from the social network before any navigation through the website. To obtain more details regarding the protection and confidentiality of your personal data, we invite you to consult the data protection policies of the social networks used.