Legal Notice Policy and Terms

WEB PROCESSING POLICIES

TABLE OF CONTENTS

  1. OBJECTIVE
  2. LEGAL BASIS AND SCOPE
  3. DEFINITIONS
  4. TREATMENT POLICY AUTHORIZATION
  5. CONTROLLER
  6. TREATMENT AND PURPOSES OF THE DATABASES
  7. NAVIGATIONAL DATA
  8. COOKIES OR WEB BUGS
  9. HOLDER'S RIGHTS
  10. ATTENTION DATA HOLDERS
  11. PROCEDURES FOR EXERCISING THE HOLDER'S RIGHTS

11.1 Right of access or consultation

11.2 Complaints and grievances rights

  1. SAFETY FEATURES
  2. TRANSFER OF DATA TO THIRD COUNTRIES
  3. VALIDITY
  4. APPENDIX
  • DOWNLOAD THE CATALOGUE" FORM
  • REGISTRATION FORM "CONTACT US".
  1. OBJECTIVE

To make known the actions that e-motion Global SAS performs when users visit or browse the company's website, and to inform the good use given to personal data in compliance with internal security policies and the Statutory Law 1581 of 2012, by which general provisions are issued for the Protection of Personal Data - hereinafter LEPD.

  1. LEGAL BASIS AND SCOPE

The information processing policy is developed in compliance with Articles 15 and 20 of the Political Constitution; Articles 17 literal k) and 18 literal f) of the LEPD; Article 13 of Decree 1377 of 2013, incorporated in Article 2.2.2.25.1.1 section 1 chapter 25 of Decree 1074 of 2015, which partially regulates the LEPD.

This policy shall apply to all personal data recorded in databases that are processed.

  1. DEFINITIONS

In accordance with the provisions of Article 3 of Statutory Law 1581 of 2012 and Article 13 of Decree 1377 of 2013, incorporated in Article 2.2.2.25.1.1 section 1 chapter 25 of Decree 1074 of 2015, and for the purposes of this document, the terms mentioned below shall have the scope corresponding to that defined below:

  • Authorisation: It is the prior, express and informed consent of the Data Subject for the Processor to carry out the processing of his/her personal data.
  • Privacy notice: It is a verbal or written communication generated by the responsible party, addressed to the Data Subject for the processing of his personal data, by means of which he is informed about the existence of the information processing policies that will be applicable to him, the way to access them and the purposes of the processing that is intended to be given to the personal data.
  • Database: An organised collection of personal data that is the subject of processing.
  • Cookie: This is a small piece of information sent by a website and stored in the user's browser, so that the website can consult the user's previous activity. Its main functions are: i) To keep track of when a user enters their username and password, so that they do not have to enter them for each page. The cookie does not identify a person, but a combination of computer of the computer class with browser and user. ii) To obtain information about the user's browsing habits, and spyware attempts (spyware), by advertising agencies and others.
  • Personal data: Any information linked or linkable to one or more specific or identifiable natural person(s).
  • Public data: Data that is not semi-private, private or sensitive. Public data includes, among others, data relating to the marital status of individuals, their profession or trade, and their status as a trader or public servant. By their nature, public data may be contained, inter alia, in public registers, public documents, official gazettes and bulletins and duly enforced court rulings that are not subject to confidentiality.
  • Sensitive data: Data that affects the privacy of the Data Subject or whose improper use may lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organisations, human rights organisations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data.
  • Processor: The natural or legal person, public or private, who, alone or in association with others, carries out the processing of personal data on behalf of the controller.
  • Data controller: The natural or legal person, public or private, who alone or in association with others, decides on the database and/or the processing of the data.
  • Data subject: The natural person whose personal data is the subject of processing.
  • Transfer: This is the process by which the controller and/or processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.
  • Transmission: The processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia when the purpose of the processing is to be carried out by the processor on behalf of the controller.
  • Data processing: The use, collection, storage, use, circulation, transmission or deletion of personal data that are recorded in any database or files and whose processing is using technological or manual means.
  1. TREATMENT POLICY AUTHORIZATION

In accordance with article 9 of the LEPD, the processing of personal data requires the prior and informed authorisation of the Data Subject. By accepting this policy, any Data Subject who provides information relating to their personal data consents to the processing of their data by e-motion Global SAS under the terms and conditions set forth herein.

  1. CONTROLLER

The data controller of the databases covered by this policy is e-motion Global SAS, whose contact details are as follows:

Address: AUT. MEDELLIN KM 1 CENTRO EMPRESARIAL LOS ROBLES BG 8, COTA, CUNDINAMARCA E-mail: atencionalusuario@emotion-a.com

Telephone: 6175070

  1. TREATMENT AND PURPOSES OF THE DATABASES

e-motion Global SAS, in the development of its business activity, carries out the processing of personal data relating to natural persons that are contained and processed in databases intended for legitimate purposes, in compliance with the Constitution and the Law.

In "Annex 1. PL-01. Database Organization" presents the different databases that are managed, the information and characteristics of each one of them.

  1. NAVIGATIONAL DATA

It is possible to visit the e-motion Global SAS website without providing any personal identification. However, the navigation system and the software necessary for the operation of this website may have the option to collect some personal data, the transmission of which is implicit in the use of Internet communication protocols.

By its very nature, the information collected may allow users to be identified through its association with data from third parties, even if it is not obtained for that purpose. This category of data includes the IP address or domain name of the computer used by the user to access the website, the URL, the date and time and other parameters relating to the user's operating system.

These data are used for the purpose of obtaining anonymous statistical information on the use of the website or to monitor its proper technical functioning, and are deleted immediately after verification.

When using the contact option, you can choose whether you want to provide us with personal information, such as your name and postal or e-mail address, telephone number, and so on, so that we can communicate with you and process your request or provide information.

  1. COOKIES OR WEB BUGS

This website does not use cookies or web bugs to collect the user's personal data; their use is limited to facilitating the user's access to the website. The use of session cookies, which are not permanently stored on the user's computer and disappear when the browser is closed, has the sole purpose of collecting technical information to identify the session, in order to facilitate secure and efficient access to the website, to provide our customers with a better service on the site.

If the Holder does not wish to allow the use of cookies, they can reject them or delete existing ones by configuring their browser (Internet Explorer, Firefox, Safari, Chrome, among others), and disabling the browser's Java Script code in the security settings.

Most web browsers allow you to manage your cookie preferences, however, you should be aware that choosing to block cookies may affect or prevent the functionality of the site. Also, one of the third party services that may be used to track activity related to the service, e.g. Google Analytics, so if you do not want information to be collected and used, you can install an opt-out system in your web browser, such as: tools.google.com/dlpage/gaoptout?hl=None.

  1. HOLDER'S RIGHTS

In accordance with Article 8 of the LEPD and in Article 22 of Decree 1377 of 2013, incorporated in Article 2.2.2.25.4.3 Section 1 Chapter 25 of Decree 1074 of 2015, and for the purposes of this document, Data Subjects may exercise a number of rights in relation to the processing of their personal data. These rights may be exercised by the following persons.

  • By the Data Subject, who must provide sufficient proof of his or her identity by the various means made available to him or her by the data controller.
  • By the Beneficiary's successors in title, who must provide proof of such status.
  • By the representative and/or attorney-in-fact of the Data Controller, upon accreditation of the representation or the granting of the power of attorney.
  • By stipulation in favour of another and for another.
  • The rights of children or adolescents shall be exercised by the persons who are empowered to represent them, under the terms of Article 7 of the LEPD.

The Holder's rights are as follows:

  1. To know, update and rectify their personal data with respect to the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorised;
  2. Request proof of the authorisation granted to the Data Controller, except when expressly exempted as a requirement for the Processing, in accordance with the provisions of article 10 of the LEPD;
  3. To be informed by the Controller or the Processor, upon request, about the use made of his or her personal data;
  4. File complaints before the Superintendence of Industry and Commerce for breaches of the provisions of the LEPD and other regulations that modify, add to or complement it;
  5. To revoke the authorisation and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the Processing the Controller or Processor has incurred in conduct contrary to the LEPD and the Constitution;
  6. Access free of charge to their personal data that has been the subject of Processing.
  1. ATTENTION DATA HOLDERS

JOSÉ LUIS LÓPEZ GONZÁLEZ with C.C. No. 1032406865 of e-motion Global SAS will be responsible for the attention of requests, queries and claims to which the Data Subject may exercise their rights. Telephone: 6016175070. E-mail: atencionalusuario@emotion-a.com.

  1. PROCEDURES FOR EXERCISING THE HOLDER'S RIGHTS

11.1. Right of access or consultation 

As provided for in Article 21 of Decree 1377 of 2013, compiled in Article 2.2.2.2.25.4.2 Chapter 25 of Decree 1074 of 2015, the Data Subject may consult his or her personal data free of charge in two cases:

  • At least once every calendar month
  • Whenever there are substantial modifications to the information processing policies that lead to new consultations.

For queries whose frequency is greater than one per calendar month, e-motion Global SAS may only charge the Holder the costs of shipping, reproduction and, where appropriate, certification of documents. Reproduction costs may not exceed the costs of recovery of the corresponding material. For this purpose, e-motion Global SAS, in its capacity as Data Controller, shall demonstrate to the Superintendence of Industry and Commerce, when so required, the support of such costs.

The Data Subject may exercise the right to access or consult his/her data by writing to e-motion Global SAS and sending an e-mail to: atencionalusuario@emotion-a.com, indicating "Exercise of the right to access or consult" in the subject line, or by post to AUT. MEDELLIN KM 1 CENTRO EMPRESARIAL LOS ROBLES BG 8, COTA, CUNDINAMARCA.

The application must contain the following information:

  • Name and surname of the Holder.
  • Photocopy of the Citizenship Card of the Holder and, if applicable, of the person representing him/her, as well as the document proving such representation.
  • Request in which the request for access or consultation is made.
  • Address for notifications,
  • Date and signature of the applicant.
  • Supporting documents for the request made, where applicable.

The Holder may choose one of the following ways to consult the database in order to receive the requested information:

  • On-screen display.
  • In writing, with a copy or photocopy sent by registered or unregistered mail.
  • E-mail or other electronic means.
  • Another system appropriate to the configuration of the database or the nature of the processing, offered by e-motion Global SAS.

Once the request has been received, e-motion Global SAS, by virtue of the provisions of article 14 of the LEPD, will resolve the consultation request within a maximum period of ten (10) working days from the date of receipt of the request. When it is not possible to answer the query within this period, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the query will be answered, which in no case may exceed five (5) working days following the expiry of the first period.

If the consultation is incomplete, e-motion Global SAS will require the interested party within five (5) days of receipt of the same to rectify the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the consultation has been abandoned.

If e-motion Global SAS does not provide a substantive response to the petition within the aforementioned deadlines, the Data Subject or assignee may file a complaint with the Superintendence of Industry and Commerce.

11.2. Complaints and grievances 

The Data Subject may exercise the rights to update, correct or revoke the authorisation for data processing by submitting a written complaint addressed to e-motion Global SAS. Claims may be contained in an e-mail addressed to atencionalusuario@emotion-a.com indicating in the Subject "Exercise of the right of access or consultation", or by post sent to AUT. MEDELLIN KM 1 CENTRO EMPRESARIAL LOS ROBLES BG 8, COTA, CUNDINAMARCA. The request must contain the following information:

  • Name and surname of the Holder.
  • Photocopy of the Holder's Citizenship Card and, if applicable, of the person representing the Holder, as well as the document accrediting such representation.
  • Description of the facts of the case and the request for correction, deletion, revocation or infringement.
  • Address for notifications, date and signature of the applicant
  • Documents supporting the complaint or grievance, where applicable.

If the complaint or claim is incomplete, e-motion Global SAS will require the interested party within five (5) days of receipt of the same to rectify the faults. After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

Once the completed complaint or claim is received, a legend will be included in the database stating "complaint/claim in process" and the reason for it, within a period not exceeding two (2) business days. This legend must be maintained until the complaint or claim is decided. e-motion Global SAS will resolve the complaint or claim within a maximum period of fifteen (15) working days from the date of receipt thereof. When it is not possible to address the complaint or claim within that period, the interested party will be informed of the reasons for the delay and the date on which the complaint or claim will be addressed, which in no case may exceed eight (8) working days following the expiration of the first term.

Once the complaint process has been exhausted without a substantive response from e-motion Global SAS, the Holder or assignee may file a complaint with the Superintendence of Industry and Commerce.

  1. SAFETY FEATURES

e-motion Global SAS, in order to comply with the principle of security enshrined in Article 4 (g) of the LEPD, has implemented technical, human and administrative measures necessary to ensure the security of records to prevent tampering, loss, consultation, use or unauthorized or fraudulent access.

Furthermore, e-motion Global SAS, through the subscription of the corresponding transmission contracts, has required the data processors with whom it works to implement the necessary security measures to guarantee the security and confidentiality of the information in the processing of personal data.

The security measures implemented by e-motion Global SAS, which are set out and developed in its Internal Security Manual (I, II, III, IV), are set out below.

TABLE I: Common security measures for all types of data (public, semi-private, private, sensitive) and databases (automated, non-automated)

Document and media management Access Control  Incidents  Staff  Internal Security Security
1. Measures to prevent improper access to or recovery of data that have been discarded, erased or destroyed. 1. Limited user access to data

necessary for the performance of their duties.

1. Recording of incidents: type of incident, time of occurrence, issuer of the notification, recipient of the notification, effects and corrective measures. 1. Definition of the roles and obligations of the users with access to the data. 1. Elaboration and implementation of the Manual of obligatory compliance for the personnel.
2. Restricted access to the place where the data is stored. 2. Updated list of authorised users and access. 2. Incident notification and management procedure. 2. Definition of the control functions and authorisations delegated by the controller. 2. Minimum content: scope of application, security measures and procedures, roles and obligations of staff, description of databases, procedure for dealing with incidents, identification of data processors.
3. Authorisation of the person responsible for the output of documents or media by physical or electronic means.

electronic.

3. Mechanisms to prevent access to data with rights other than those authorised. 3. Dissemination to staff of the rules and of the consequences of non-compliance with them

same.

4. Labelling system or identification of the type of information. 4. Granting, alteration or cancellation of permits by authorised personnel.
5. Inventory of media.

TABLE II: Common security measures for all types of data (public, semi-private, private, sensitive) according to type of databases

Non-automated databases  Automated databases
Archive  Storage of documents Custody of documents  Identification and authentication Telecommunications
1. Archiving of documentation according to procedures that

guarantee correct conservation, location and consultation and allow the exercise of the rights of the Data Subjects.

1. storage devices with

mechanisms that prevent access to persons not belonging to the

authorised.

1. Duty of care and custody of the person in charge of documentsduring the review or revision of documents.

processing.

1. Personalised identification of users for access to information systems and

verification of their

authorisation.

1. Access to data through secure networks.
2. Mechanisms for identification and

authentication;

Passwords: assignment, expiration and

encrypted storage.

TABLE III: Security measures for private data by type of database

Automated and non-automated databases  Automated databases
Audit  Responsible for Security Internal Safety Manual Management of document and media management Access access control Identification and authentication Incidents
1. Regular audit (internal or external) every two months. 1. Designation of one or more responsible persons for

administering databases.

1. Periodic checks of

compliance.

1. Recording of incoming and outgoing documents and media: date, issuer and

recipient,

number, type of information,

form of dispatch, person responsible for receipt or

delivery.

1. Control of access to the site(s) where the

systems of

information.

1. Mechanism to limit the number of repeated unauthorised access attempts. 1. Recording of data recovery procedures, person performing the procedures, data restored and data recorded manually.
2. Extraordinary audit for modifications

substantial changes in the systems of

information.

2. Designation of one or more persons in charge of the

control and

coordination of the measures of the Internal Manual of

Security.

2. Authorisation of the person responsible for the treatment for the execution of the

recovery procedures.

3. Report of detection of 3. Prohibition of delegation of deficiencies and proposal of corrections.responsibility of the Controller to those responsible for managing the databases.
4. Analysis and conclusions of the

responsible for

security and

responsible for the

treatment.

TABLE IV: Security measures for sensitive data according to the type of databases

Non-automated databases  Automated databases
Access access control Document storage Copying or reproduction Transfer of documentation Management of document and media management Access access control Telecommunications
1. Access for authorised personnel only. 1. Filing cabinets, cupboards or other

located in access areas protected by keys or other measures.

1. For users only

authorised.

1. Measures to prevent access to or handling of

documents.

1. Definition of user profiles

commensurate with their function.

1. Access log: user, time, database accessed, type of access, record accessed. 1. Transmission of data via encrypted electronic networks.
2. Access identification mechanism. 2. Destruction which prevents the

access or

data recovery.

2. Data encryption. 2. Monthly monitoring of the

registration of

accesses by the person responsible for administering the databases.

3. Registration of accesses of

users do not

authorised.

3. Device encryption

laptops

when

find

out.

  1. TRANSFER OF DATA TO THIRD COUNTRIES

In accordance with Title VIII of the LEPD, e-motion Global SAS will not transfer personal data to countries that do not provide adequate levels of data protection. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendence of Industry and Commerce on the matter, which in no case may be lower than those required by this law to its recipients. This prohibition shall not apply in the case of:

Information for which the Cardholder has given his/her express and unequivocal authorization for the transfer.

  • Exchange of medical data, when the treatment of the Holder requires it for reasons of health or public hygiene.
  • Bank or stock exchange transfers, in accordance with the legislation applicable to them.
  • Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity.
  • Transfers necessary for the execution of a contract between the Data Subject and the Controller, or for the execution of pre-contractual measures provided that the Data Subject's authorization is obtained.
  • Transfers legally required for the safeguard of public interest, or for the recognition, exercise or defence of a right in legal proceedings.

In the cases not contemplated as an exception, e-motion Global SAS will only carry out the necessary transfer of data, once the Superintendence of Industry and Commerce issues the declaration of conformity regarding the international transfer of personal data. The Superintendent is empowered to request information and carry out the necessary steps to establish compliance with the requirements for the viability of the operation.

The international transfer of personal data carried out between e-motion Global SAS, in its capacity as controller and whoever the latter designates as processor, in order to allow the latter to carry out the processing on behalf of the controller, shall not require the Data Subject to be informed or to have his/her consent, provided that there is a contract for the transfer of personal data.

  1. VALIDITY

The databases under the responsibility of e-motion Global SAS, will be processed for as long as it is reasonable and necessary for the purpose for which the data is collected. Once the purpose or purposes of the processing have been fulfilled, and without prejudice to legal regulations to the contrary, e-motion Global SAS, will proceed to the deletion of the personal data in its possession unless there is a legal or contractual obligation by virtue of which their conservation is required. Therefore, these databases have been created without a defined period of validity.

This processing policy is valid from 01-11-2021.

  1. APPENDIX

1 "DOWNLOAD THE CATALOGUE" FORM 

e-motion Global SAS. identified with NIT. Nº 830.128.610-5, with physical address at Autopista Medellín Km 1 C.E. Los Robles BG 8, with telephone numbers +57 1 6175070 and +57 3174007065. Los Robles BG 8, with telephone numbers +57 1 6175070 and +57 3174007065, acting as responsible for the collection and use of your personal information, informs you that: i) Your rights as holder of personal data are those provided for in the Constitution and the law, especially: To know, update and rectify such information; access free of charge to the same; request proof of the authorization granted; go before the Superintendence of Industry and Commerce and file complaints for violations of the provisions of current regulations, only after having made prior consultation or request directly to e-motion Global SAS as responsible; and in appropriate cases, modify and revoke the authorization and / or request the deletion of my personal data. ii) We collect, store and use your personal data for the purposes of formalizing your registration in the organization as an interested party, allow the download of the catalogue available and maintain efficient communication by sending information of interest. In order to fulfil these purposes, your information will be stored under the conditions and for the periods mentioned in paragraph 14 of the Legal notice - data processing. Likewise, your information may be transmitted internationally for the sole purpose of being stored on servers located outside the country. iii) Our Personal Data Processing Policy is available on our website. iv) To submit requests and exercise your rights, you can contact us in writing to our customer service channel atencionalusuario@emotion-a.com.

By selecting the check box, you declare that you give your prior, express and informed consent to e-motion Global S.A.S. to process your personal data in the terms described herein, and you attest that the information you have provided belongs to you, that you have provided it voluntarily and that it is true.

15.2 "CONTACT US REGISTRATION" FORM 

e-motion Global SAS. identified with NIT. Nº 830.128.610-5, with physical address at Autopista Medellín Km 1 C.E. Los Robles BG 8, with telephone numbers +57 1 6175070 and +57 3174007065. Los Robles BG 8, with telephone numbers +57 1 6175070 and +57 3174007065, acting as responsible for the collection and use of your personal information, informs you that: i) Your rights as holder of personal data are those provided for in the Constitution and the law, especially: to know, update and rectify such information; access free of charge to the same; request proof of the authorization granted; go before the Superintendence of Industry and Commerce and file complaints for violations of the provisions of current regulations, only after having made prior consultation process or requirement directly to e-motion Global S.A.S. as responsible; and in appropriate cases, modify and revoke the authorization and / or request the deletion of my personal data. ii) We collect, store and use your personal data for the purposes of answering your queries and concerns, maintain contact with the organization, and send information of interest and about our portfolio of services. In order to fulfil these purposes, your information will be stored under the conditions and for the periods mentioned in paragraph 14 of the Legal Notice - data processing. Likewise, your information may be transmitted internationally for the sole purpose of being stored on servers located outside the country. iii) Our Personal Data Processing Policy is available on our website. iv) To submit requests and exercise your rights, you can contact us in writing to our customer service channel atencionalusuario@emotion-a.com.

By selecting the check box, you declare that you give your prior, express and informed consent to e-motion Global SAS to process your personal data in the terms described herein, and you attest that the information you have provided belongs to you, that you have provided it voluntarily and that it is true.