POLICY FOR THE PROCESSING OF PERSONAL DATA OF THE INTERNATIONAL INSTITUTE OF ANTI-CORRUPTION STUDIES
PERSONAL DATA PROCESSING POLICY FOR THE INTERNATIONAL INSTITUTE OF ANTI-CORRUPTION STUDIES
The following is the Personal Data Processing Policy (hereinafter the “Privacy Policy”) applicable to those who register their personal data (hereinafter the “Owner”) in the databases of the INTERNATIONAL INSTITUTE OF ANTI-CORRUPTION STUDIES (or “IIEA”).
- Objective:
The main objective of this Privacy Policy is to inform the Holder of the personal data of their rights, the procedures established by the IIEA to make them effective, the scope, the purpose and the person responsible for the handling of data; as well as providing information about the communication channels that are available to respond to any requests, queries and claims raised by the Holder.
With this policy, the IIEA complies with Law 1581 of 2012, Decree 1377 of 2013 and any regulation that adds, modifies or replaces them.
- Definitions:
In accordance with Article 3 of Law 1581 of 2012, these will be the definitions of the following terms:
- Authorization: The prior, express and informed consent from the Holder of the information provided for the handling of your personal data.
- Database: The organized set of personal data that is the object of handling.
- Personal Data: Any information linked to or that may be related to one or more specific or determinable natural persons.
- Responsible for the Handling: The Natural or Legal person, public or private, that by themselves or in association with others, decides on the database and / or the handling of the data. and Owner: The natural person whose personal data is subject to handling
- Treatment: Any operation or set of operations related to personal data, such as the collection, storage, use, circulation or deletion.
- Sensitive Data: Data that might affect the privacy of the Holder or whose improper use may lead to discrimination, such as those related to racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees from opposition political parties as well as data related to health, sexual life and biometric data.
- Responsible for the Handling:
The person responsible for the processing of the Holder’s data will be the “INSTITUTO INTERNACIONAL DE ESTUDIOS ANTICORRUPCIÓN”, a non-profit entity, identified by company registration NIT 901.157.998- 8, with the main address at Calle 71 No. 5-41 Office 202 in the city of Bogotá DC, with website https://www.estudiosanticorrupcion.org/ and telephone number +51 1 7968763.
- Scope:
This policy applies to all personal information registered in the databases of the
INSTITUTO INTERNACIONAL DE ESTUDIOS ANTICORRUPCIÓN, who acts as the person responsible for the processing of personal data.
- Obligations:
This policy is mandatory and strictly for the INTERNATIONAL INSTITUTE OF ANTI-CORRUPTION STUDIES.
- Handling and Purpose:
The IIEA will use personal data in the following ways: collection, storage, use, updating, rectification and deletion of personal data. This handling is carried out for the following purposes:
- Contact and send information of interest related to the activities carried out by the IIEA.
- Manage the relationship of the Holder with the IIEA.
- Contact the Owner to expand upon details of any complaints filed with the IIEA.
- Comply with the internal processes of the IIEA related to the management of clients, suppliers and contractors. and. For the control and prevention of fraud and money laundering, including, but not limited to consulting restrictive lists, and all the information necessary for SARLAFT.
- Notify regarding new publications and reports produced by the IIEA.
- Comply with legal obligations.
- Consult and evaluate information related to the Holder that is held in legitimately constituted databases of judicial or security background, of a state or private nature, national or foreign, or in any database related to the commercial behavior of the Holder, including consultations with credit bureaus.
- For other purposes related to the IIEA’s portfolio of activities and services that may be of interest to the Holder.
6.1. Sensitive Data Processing:
The IIEA may request sensitive data that will be expressly reported in each authorization, complying with the legal provisions for the handling of sensitive data and handling this type of data only when the Holder has granted his express authorization, except in cases in which such authorization is not necessary by legal mandate.
When the IIEA requests sensitive data, it will inform as to the type of personal data this category requires and does not carry out any activity to share sensitive data. This data will be treated with the greatest possible care and adhering to the highest security standards; only authorized personnel will have access to this information.
- Rights of the Holders:
As the Holder of your personal data, you have the right to:
(i) Freely access the data provided that has been processed.
(ii) Understand, update and amend your information regarding partial, inaccurate, incomplete, fractioned, misleading data, or if it pertains to those for whom the handling of data is prohibited or has not been authorized.
(iii) Request proof of the authorization granted.
(iv) Present before the Superintendency of Industry and Commerce (SIC) complaints about any infractions to the contents of the current regulations.
(v) Revoke the authorization and / or request the deletion of personal data, provided that there is no legal or contractual requirement that prevents them from being deleted.
(vi) Refrain from answering questions about sensitive data. Responses related to sensitive data or data regarding children and adolescents will be optional.
- Attention to Requests, Queries and Claims:
The Legal team at the IIEA is the designated agency to process the Holder’s requests to enforce their rights. For this, the Holder must send a written request to the emails juridica@instanticorrup.org and contacto@instanticorrup.org or send a written request to Calle 71 No. 5-41 Office 202, Bogotá D.C.
To process any request or claim, it is necessary to verify the identity of the claimant, who must be the Holder, their representative or one of their successors in title. Consequently, each request or claim must contain, at least:
- The full name and identification number of the Holder. When the request is presented by a third party authorized by the Holder or a successor in title, it must specify this in the request, indicate the identification data of the Holder and the representative, as well as present a supporting copy of the document that enables it.
- The reasons for the claim, with a brief description of the right you wish to exercise (understanding of data handling, update, amend, request proof of authorization granted, revoke, delete, access the information).
- Physical address or email email for notification.
- Purpose of the request or claim.
- Documents that you wish to enforce.
- Procedure for the Exercise of the Right to Habeas Data:
In compliance with the regulations on personal data protection, the INTERNATIONAL INSTITUTE OF ANTI-CORRUPTION STUDIES (IIEA) presents the procedure and minimum requirements for the exercise of your rights: For the filing and attention of your request, we ask you to provide the information indicated in paragraph 8 of this Privacy Policy. The maximum term established by law to respond to your claim is fifteen (15) business days, counted from the day following the date of receipt. If it is not possible to attend to the request within this period, the INTERNATIONAL INSTITUTE OF ANTI-CORRUPTION STUDIES will inform the interested party of the reasons for the delay and the date on which a response to their claim will be provided, which in no case may exceed eight (8 ) business days following the expiration of the first period.
- Information Security:
In compliance with the principle of security, the IIEA has established technical measures, as well as fair administrative and human rights to protect the Owner’s personal data. Access to personal data is permitted for the Holder and the persons designated by the IIEA in this Privacy Policy. Consequently, the IIEA will not share this personal information with third parties unless there is an express authorization from the Holder or the judicial or administrative authorities in the exercise of their functions to raise a requirement for the IIEA to share this information with them.
- Modifications:
This Policy may be modified by the IIEA as required without prior notification, except in the case of substantial modifications, which will be shared with the Holder in advance.
- Validity:
This Policy for the Handling of Personal Data applies as of 26 April 2021. The personal data provided will be kept as long as its deletion is not requested by the interested party and as long as there is no legal duty to keep them.