Privacy Policy

1. Introduction

​

In accordance with Statutory Law 1581 of 2012 "For the Protection of Personal Data" and Decree 1377 of 2013 "Regulating Law 1581 of 2012," IT Consultants S.A.S., with its main office located in the city of Medellin, adopts this privacy policy and protection of personal data concerning its collection, storage, and management received from clients, suppliers, contractors, consultants, collaborators, and in general, any natural person who is the owner of personal data subject to processing.

‍IT Consultants S.A.S. may update this policy at any time, whether to address legislative, regulatory, or jurisprudential developments, internal policies, or for any other reason or circumstance, which will be informed and disclosed promptly, through written documentation, publication on the website, verbal communication, or through any other technology. For this reason, it is recommended that the data subject review it regularly to ensure they have read the most updated version.

 

2. Data Controller.

​

The data controller of your personal data is IT Consultants S.A.S., identified with Tax Identification Number (NIT) 900.166.660-9, with its main office at Km 5 Av. Las Palmas, Carrera 28 # 17 - 452, Cortezza Building in Medellin, Web Portal: www.ayte.co, PBX +57-604-332 43.

​

3. Purpose of Personal Data.

​

IT Consultants S.A.S. maintains a database with information provided throughout its relationships with clients, suppliers, and employees. This includes storing documents that were submitted to our offices or sent via email, containing signatures and personal information of these individuals in the case of natural persons, or partners, employees, contractors, or dependents in the case of legal entities. The collection and automated processing of personal data aim to facilitate management, administration, statistical analysis, as well as the sending of communications and any other purpose that IT Consultants S.A.S. may require in the exercise of its corporate purpose. Therefore, personal data is used by the administrative, commercial, and service desk areas for the following purposes:

​

• Creation and preservation of documents required by accounting standards.

• Personal data processing in marketing activities.

• Adaptation of products and services to better meet customer needs.

• Data update campaigns.

• Developing the recruitment, evaluation, and hiring process.

• Executing the existing contractual relationship with clients, suppliers, and employees, including payment of contractual obligations.

• Handling requests, complaints, and claims.

 

4. Exercise of Data Subject Rights to Know, Update, Rectify, and Delete Information

​

The user may exercise their right to know, update, rectify, and delete the personal data provided to IT Consultants S.A.S. by submitting a communication through the following means:

• Email: contacto@ayte.co, direct mail addressed to IT CONSULTORES S.A.S.

• Direct mail addressed to IT CONSULTORES S.A.S. At the main office at Km 5 Av. Las Palmas, Carrera 28 # 17 - 452, Cortezza Building in Medellin, Colombia.

In accordance with Article 20 of Decree 1377 of 2013, the rights of data subjects established by law may be exercised by:

• The Data Subject, who must sufficiently prove their identity by various means provided by the data controller.

• Their heirs, who must prove such quality.

• The representative and/or attorney-in-fact of the Data Subject, after proving representation or power of attorney.

• By stipulation for another or on behalf of another.

​

The request or right exercised by the data subject must contain the user's full name and contact information to receive notifications.
‍
The data subject may request from IT Consultants S.A.S. a copy of the data it holds about them. Likewise, IT Consultants S.A.S. will update, rectify, or delete the data when it is inaccurate, incomplete, or no longer necessary or relevant for the original purpose.
‍
If the data subject has not contacted IT Consultants S.A.S. to request the deletion of their personal data, IT Consultants S.A.S. reasonably concludes that, in accordance with Article 7 of Decree 1377 of 2013, there is unequivocal conduct from the data subject authorizing the processing of the data held in the databases for the purpose indicated in this data processing policy, without prejudice to the data subject's right to exercise their right and request the elimination of the data at any time.

In compliance with the above, the following procedure is established:

4.1.1 Processing of Submitted Queries and Claims.
‍
Queries:
Data Subjects or their heirs may inquire about the personal information of the Data Subject held in any database of IT Consultants S.A.S. IT Consultants S.A.S. will provide them with all the information contained in the individual record or linked to the identification of the Data Subject. The query must be made in writing, to the areas indicated in item 4, as long as the data subject is the holder of the data and/or a legal representative.
‍
The query will be answered within ten (10) business days from the date of receipt. If it is not possible to respond to the query within this period, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be addressed, which in no case may exceed five (5) business days following the expiration of the initial term.​

Claims:
The Data Subject or their heirs who consider that the information contained in a database of IT Consultants S.A.S. must be corrected, updated, or deleted may file a claim with IT Consultants S.A.S., which will be processed under the following rules:
‍

The claim will be made by a request addressed to IT CONSULTORES S.A.S., including the following information:

• Data Subject's identification.

• Description of the facts giving rise to the claim.

• Address, and annex of the documents to be submitted.

​

If the claim is incomplete, the interested party will be required to correct the deficiencies within five (5) days following receipt of the claim. After two (2) months from the date of the request, if the applicant does not provide the required information, it will be considered that they have withdrawn the claim. In the event that the recipient of the claim is not competent to resolve it, it will be forwarded to the appropriate authority within a maximum period of two (2) business days, and the interested party will be informed of the situation.
Once the complete claim is received, it will be processed within a maximum period of fifteen (15) business days from the day following the receipt. If it is not possible to address the claim within this period, the interested party will be informed of the reasons why IT Consultants S.A.S. has not been able to conclude the process and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial term.
‍
Revocation of Authorization and/or Data Deletion:
 

Data Subjects may at any time request from IT Consultants S.A.S. as the data controller the deletion of their personal data and/or the revocation of the authorization granted for the Processing of such data. The maximum term to address the revocation and/or data deletion will be fifteen (15) business days from the day following the date of receipt.

​

5. Notification to Data Subjects of the Collection of Personal Data.

​

In accordance with the provisions of section 3 of Article 10 of Regulatory Decree 1377 of 2013, IT Consultants S.A.S. will proceed to publish a notice on its official website www.ayte.co addressed to the data subjects for the purpose of informing them of this information processing policy and how to exercise their rights as data subjects whose personal data is stored in the databases of IT Consultants S.A.S.

​

6. Duties as Data Processor.

​

IT Consultants S.A.S. directly manages the processing and custody of the personal data captured and stored; however, it reserves the right to delegate such processing to a third party, for which it will require the processor to implement appropriate policies and procedures to protect personal data and ensure its strict confidentiality, in accordance with Article 18 of Law 1581 of 2012.

​

7. Sensitive Data.

​

For the purposes of the Personal Data Protection Law and these data processing policies, sensitive data are understood to be those related to the Data Subject's privacy, such as those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or promoting the interests of any political party or ensuring the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data. IT Consultants S.A.S. reaffirms its non-political nature, as well as the fact that it is an entity without exclusive religious or ethnic orientations. However, the data subject is not obliged to provide sensitive data; therefore, any request for such data will require express authorization.

​

8. Third Parties.

​

Databases or files will not be provided to third parties, except with the explicit authorization of the data subject or in cases provided for by law. The transfer and/or sharing of data from prospects, clients, partners, and employees of IT Consultants S.A.S. with third parties refers solely and exclusively to the purposes corresponding to sending correspondence and communications from IT Consultants S.A.S. Likewise, IT Consultants S.A.S. has entered into confidentiality agreements with its suppliers to ensure data protection.

​

9. Security Measures Adopted Regarding the Processing of Personal Data.

​

In accordance with the security principle established in Law 1581 of 2012, IT Consultants S.A.S. will adopt the technical, human, and administrative measures necessary to provide security to the records, preventing their alteration, loss, consultation, use, or unauthorized or fraudulent access. The personnel processing personal data will execute the established protocols to guarantee information security.

​

10. Acceptance of These Policies.

​

The data subject declares that they have read and accepted this Personal Data Processing Policy of IT Consultants S.A.S. Given the recurrent relationship between data subjects and IT Consultants S.A.S., and that IT Consultants S.A.S. will explicitly request authorizations from its clients, collaborators, and contractors to continue processing personal data it will collect, in accordance with Article 10 of Decree 1377 of 2013; IT Consultants S.A.S. will continue to use the stored data necessary to offer the services for normal operation, while the Data Subject does not contact the Data Controller to request the deletion of their personal data under legal terms, without prejudice to the data subject's right to exercise their right and request the deletion of the data at any time.

​

11. Duration of Personal Data Processing Policies.

​

This personal data processing policy will be effective from its publication and during the time that IT Consultants S.A.S. carries out the activities inherent to its corporate purpose.

​

12. Contact with the Data Controller.

​

For any information regarding the Data Protection Policy, you can approach or send communication to IT Consultants S.A.S. using the means indicated in chapter 4 of this document. This Manual governs from its publication on the website of IT Consultants S.A.S.