Sao Paulo +55 (11) 521 75 933
Santiago de Chile +56 (2) 240 533 89
To establish the criteria for Microsyslabs S.A.S as the controller and processor (for wolkvox clients) of personal data, to collect, store, use, circulate, transfer, update, and delete information as authorized by the data subject and for the purposes established by the entity.
For the purpose of understanding this policy and in accordance with legal regulations, the following definitions, contained in Law 1581 of 2012, will apply:
Authorization: The prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.
Privacy notice: Verbal or written communication generated by the Data Controller, directed to the Data Subject for the processing of their personal data, informing them about the existence of the information processing policies applicable to them, how to access them, and the purposes of the processing intended for the personal data.
Database: An organized set of personal data that is subject to Processing.
Personal data: Any information related to or that can be associated with one or more identified or identifiable natural persons.
Public data: Data classified as such according to the mandates of the law or the Political Constitution and those that are not semi-private, private, or sensitive. Public data includes, among others, data relating to the civil status of individuals, their profession or occupation, their status as a merchant or public servant, and those that can be obtained without any reservation. By their nature, public data may be contained, among others, in public registers, public documents, official gazettes and bulletins, and duly executed court judgments that are not subject to confidentiality.
Private data: Data that, due to its intimate or reserved nature, is only relevant to the Data Subject.
Sensitive data: Sensitive data refers to data that affects the privacy of the Data Subject or whose misuse may lead to their discrimination. This includes data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, social organizations, human rights organizations, or promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data.
Employee: Any natural person who provides services to the Company under an employment contract.
Data Processor: A natural or legal person, public or private, who, on their own or in conjunction with others, carries out the Processing of personal data on behalf of the Data Controller.
Data Controller: A natural or legal person, public or private, who, on their own or in conjunction with others, decides on the database and/or the Processing of data.
Data Subject: The natural person whose personal data is subject to Processing.
Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion of such data.
Suppliers: Any natural or legal person who provides services to the Company under a contractual/obligational relationship.
Transfer: Refers to the sending, by the Company as the data controller or a processor, of data to a third party or natural/legal person (recipient), within or outside the national territory, for the effective processing of personal data.
Transmission: The Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia, when it aims to carry out processing by the processor on behalf of the data controller.
For terms not included in the above list, please refer to the current legislation, especially Law 1581 of 2012 and Decree 1377 of 2013, interpreting the terms in accordance with the meaning used in said regulations when there is doubt about their definition.
The policy and procedures contained in this document apply to the various areas that make up the company and are part of the processing of personal data. They cover databases and/or files that contain personal and/or sensitive data, whether digital or physical, that are susceptible to processing.
Microsyslabs S.A.S, identified with NIT 900663379-5, with its main address at Carrera 30 #4A – 45 Office 205 Ed. Forever W&L, Medellín, Colombia; website: www.wolkvox.com, email: [email protected], phone number +57(604)322-9880, has designated the Information Security and Continuity Risk Leader as the role responsible for enforcing regulations and these policies for the processing of personal data.
This Personal Data Processing Policy is addressed to active and inactive personnel, contractors, clients, and other individuals who have had any type of relationship with Microsyslabs and whose personal data is included in the Company’s Databases.
This policy is mandatory for Microsyslabs as the data controller, as well as for the processors who process personal data on behalf of the company, in accordance with the obligations established in Law 1581 of 2012, Title IV, Articles 17 and 18.
For the purpose of ensuring the protection of personal and sensitive data, Microsyslabs will apply harmoniously and comprehensively the guiding principles of Law 1581 of 2012:
PARAGRAPH: The Data Subject may refuse to authorize the processing of their sensitive, personal, and semi-private data.
With prior and/or at the time of collecting personal data, Microsyslabs will request authorization from the data subject to collect and process their data, which must be obtained through any means or mechanisms, including electronic ones, that can be consulted later, in accordance with the law.
In accordance with the principles of purpose and freedom, data collection should be limited to personal data that is relevant and appropriate for the purposes for which it is collected or required by current regulations and as stated in this policy. Except in cases expressly provided for by law, personal data may not be collected without the data subject’s authorization.
PARAGRAPH 1: The data subject’s authorization will not be necessary in accordance with the grounds established in Article 10 of Law 1581 of 2012.
PARAGRAPH 2: The data subject may at any time request Microsyslabs, as the data controller, to delete their personal data and/or revoke the authorization granted for its processing, for which the designated channels provided in Section 18 of this Policy may be used.
Microsyslabs may process personal, private, and/or sensitive data for the following purposes, as well as those expressed in the law:
The data subjects, either directly or through their representative and/or attorney-in-fact or their successors, may exercise the following rights with respect to their personal data that is processed by Microsyslabs, in accordance with Article 8 of Law 1581 of 2012:
PARAGRAPH: According to the provisions of Article 20 of Decree 1377 of 2013, which partially regulates Law 1581 of 2012, the rights of the data subjects established in the Law may be exercised by the following persons:
Microsyslabs is obligated to comply with the duties established in Law 1581 of 2012 for data controllers and data processors. Therefore, the following obligations must be fulfilled:
10.1.1 Duties as Data Controller, Article 17 of Law 1581 of 2012:
10.1.2 Duties as Data Processor, Article 18 of Law 1581 of 2012:
FIRST PARAGRAPH: If acting as a data processor on behalf of another entity or organization (data controller), it must be established that the data controller is authorized to provide the personal data that will be processed by the data processor.
SECOND PARAGRAPH: If processing data through an external data processor, it shall be considered a Data Transmission relationship, for which the scope of data processing and the activities to be carried out by the data processor on behalf of the data controller, as well as the obligations to the data subject and data controller, must be indicated.
According to the provisions of Article 25 of Decree 1377 of 2013, “the data processor undertakes to comply with the obligations of the data controller under the Information Processing Policy established by the latter and to process the data in accordance with the purpose authorized by the data subjects and the applicable laws.”
According to the content of Article 4 of Decree 1377 of 2013, the collection of personal data will be limited to those that are relevant and appropriate for the purposes established by Microsyslabs or by current regulations.
Microsyslabs may collect data, subject to obtaining the Data Subject’s Authorization, from:
The personal data provided by the data subjects for the purposes stated herein will not be sold, licensed, transmitted, transferred, or disclosed, except when:
Microsyslabs may subcontract third parties for the processing of certain functions or information. In such cases, when personal information is provided to third-party service providers, Microsyslabs will inform them of the need to protect such personal information with appropriate security measures. Furthermore, the use of the information for their own purposes and the disclosure of personal information to others will be prohibited, except in cases where there is express authorization from the data subject.
The Company acknowledges that employees under its charge and shareholders have the right to a reasonable expectation of privacy, taking into account their responsibilities, rights, and obligations with the company.
In the related information, data considered sensitive under Law 1581 of 2012 and Decree 1377 of 2013 may be found, regarding which the Data Subject has the rights established in said laws and any subsequent additions, substitutions, or modifications.
In accordance with the relationship established between the data subject and the Company, the following information will be collected, stored, used, and transferred to companies located within and outside of Colombia. Such personal data and information include, among others:
12.1. From Customers and Suppliers:
12.2. From Employees:
12.3. From Shareholders:
In the event that Microsyslabs is unable to provide the data subject with this information processing policy, a privacy notice will be published. The text of the notice will be kept for future reference by the data subject and/or the Superintendence of Industry and Commerce. The privacy notice will be made available on the website www.wolkvox.com and on the bulletin boards at Microsyslabs’ premises.
Microsyslabs may only collect, store, use, or disclose personal data for as long as is reasonable and necessary, in accordance with the purposes that justified the processing, taking into account applicable legal provisions and the administrative, accounting, tax, legal, and historical aspects of the information. Once the purposes of the processing have been fulfilled and without prejudice to any legal provisions to the contrary, Microsyslabs will proceed to delete the personal data in its possession. However, personal data must be retained when required to fulfill a legal or contractual obligation.
The areas responsible for the processing of data according to their purpose and scope will be responsible for addressing the requests, complaints, and claims made by the data subject in the exercise of the rights set forth in section 10 of this policy. This service will be subject to the procedure outlined in section 18 of this policy.
The data subject or their representative may submit their request, complaint, or claim from Monday to Friday, from 7:00 a.m. to 6:00 p.m., to the email address [email protected]. They can also call Microsyslabs’ telephone line in Medellín at +57(604)322-98-80 and in Bogotá at +57(601) 381-9040, or submit it in person at the physical address in Medellín: Carrera 30 # 4A – 45 Office 205 Ed. Forever W&L, Bogotá: Calle 26 # 69-76 Tower 3 Office 1204 Ed. Elemento, or through the website www.wolkvox.com.
The request, complaint, or claim should contain:
If the claim is incomplete, the interested party will be given a period of five (5) days from the receipt of the claim to remedy the deficiencies.
If two (2) months have passed since the date of the request, and the applicant has not provided the requested information, it will be understood that they have withdrawn the claim.
If the recipient of the claim is not competent to resolve it, they will forward it to the appropriate person within a maximum period of two (2) business days and inform the interested party of the situation.
Once the complete claim is received, a note stating “claim in progress” and the reason for it will be included in the corresponding database within a period not exceeding two (2) business days. This note must be maintained until the claim is resolved.
The maximum period for addressing the claim will be fifteen (15) business days, starting from the day following its receipt. If it is not possible to address the claim within this timeframe, the reasons for the delay and the date by which the claim will be addressed will be informed to the interested party. In no case shall this date exceed eight (8) business days following the expiration of the initial period.
The data subject may request Microsyslabs, as the data controller, at any time the deletion of their personal data and/or revoke the authorization they have granted for the processing of such data, by submitting a claim in accordance with Article 15 of Law 1581 of 2012.
However, it is important to note that your request for the deletion of information and the revocation of authorization will not be granted if, as the data subject, you have a legal or contractual obligation that requires your data to remain in Microsyslabs’ database.
Microsyslabs has established accessible and free mechanisms for data subjects to submit requests for the deletion of their data or the revocation of the granted authorization. These mechanisms are detailed in Section 18 of this Policy.
If, after the period specified in Section 18, Microsyslabs, as the data controller, fails to delete your personal data from its databases, you have the right to request that the Superintendence of Industry and Commerce order the revocation of the authorization and/or the deletion of your personal data. For this purpose, the procedure described in Article 22 of Law 1581 of 2012 will be applied.
In accordance with the provisions of numeral 3 of article 10 of Regulatory Decree 1377 of 2013, Microsyslabs will proceed to publish a notice aimed at data subjects to inform them about this information processing policy and the way to exercise their rights as data subjects whose personal data is stored in Microsyslabs’ databases. This notice will be published on the website www.wolkvox.com.
The Personal and Sensitive Data Handling Policy (Habeas Data) was created and published on April 3, 2019.
Any changes to this policy will be communicated through the website www.wolkvox.com or the email address [email protected]. For those who request information directly at the offices in Medellín: Carrera 30 # 4A – 45 Office 205 Ed. Forever W&L, Bogotá Calle 26 # 69-76 Tower 3 Office 1204 Ed. Elemento.
This policy can be accessed through the Wolkvox website portal: https://www.wolkvox.com/politicas-de-tratamiento-datos-personales/
The translation of the provided text is as follows:
“The review of this policy will be conducted whenever there is a modification in the laws and/or regulatory decrees related to it. Likewise, administrative decisions established by the SIC will be monitored in order to make the necessary adjustments to comply with the regulations.”
Based on Law 1581 of 2012 and Decree 1377 of 2013.