top of page

Policy of treatment of

personal information

PERSONAL DATA PROCESSING POLICY COMERCIALIZADORA MUNDIAL DE DEPORTES SAS 

 

COMERCIALIZADORA MUNDIAL DE DEPORTES SAS (hereinafter, “CMD SAS”), is a private company dedicated to developing activities related to the provision of clothing at an industrial level and for the final consumer.

 

AIM:Establish the criteria for the collection, storage, use, circulation and deletion of personal data processed by CMD SAS in its capacity as responsible, and in particular, the contents in the databases made up of customers, suppliers, employees and third parties. in general.

 

SCOPE:This policy applies to all personal information registered in the databases of CMD SAS, who acts as the person responsible for the processing of personal data.

 

TREATMENT AND PURPOSE:The treatment that CMD SAS will carry out with personal information will be the following: The collection, storage, use, circulation, verification, transfer to third parties with data security guarantees, with the purpose of:

 

  1. Carry out the pertinent steps for the development of the company's corporate purpose in what has to do with compliance with the purpose of the contract entered into with the Holder of the information.

  2. Manage procedures (requests, complaints and claims).

  3. Carry out satisfaction surveys regarding the goods and services offered by CMD SAS

  4. Comply with the obligations contracted by CMD SAS with the Holder of the information, in relation to the payment of salaries, social benefits and other remuneration enshrined in the employment contract or as provided by law (in the case of employees of the organization).

  5. Provide the services offered by CMD SAS and accepted in the signed contract.

  6. Provide the information to third parties with which CMD SAS has a contractual relationship and that it is necessary to deliver it to fulfill the contracted object.

  7. Develop and give continuity to the Integral Management System- GIS- in accordance with ISO 9001 standards, certified by INCONTEC.

 

REGARDING THE PERSONAL DATA OF OUR EMPLOYEES AND SUPPLIERS:

 

  1. Manage and operate, directly or through third parties, the selection and hiring processes of personnel, including the evaluation and qualification of the participants and the verification of work and personal references, and the performance of security studies;

  2. Develop the activities of human resources management within the Company, such as payroll, affiliations to entities of the general social security system, occupational health and welfare activities, exercise of the employer's sanctioning power, among others;

  3. Make the necessary payments derived from the execution of the employment contract and/or its termination, and the other social benefits that may apply in accordance with the applicable law;

  4. Contract labor benefits with third parties, such as life insurance, medical expenses, among others;

  5. Notify authorized contacts in case of emergency during working hours or during the development thereof;

  6. Plan business activities;

  7. Control access to the Company's offices and establish security measures;

  8. Register contractors and suppliers in the Company's systems and process their payments;

  9. Register your personal data in the information systems and in its commercial and operational databases;

    1. Develop and give continuity to the Integral Management System- GIS- in accordance with ISO 9001 standards, certified by INCONTEC.

  10. Any other activity of a similar nature to those described above that are necessary to develop the Company's corporate purpose.

 

This policy is mandatory and strict compliance for COMERCIALIZADORA MUNDIAL DE DEPORTES SAS, being the DATA CONTROLLER, a legally constituted commercial company, identified with NIT 805.013.342-0, with main address at Carrera 48ª No. 11-16, de la city of Cali, Republic of Colombia. Page www.bullwinsconfecciones.co

 

 1.DEFINITIONS

 

Authorization: Authorization is the consent that must be taken previously and expressly and informed by the Owner to carry out the Processing of personal data.

 

Database: Databases are the organized set of personal data that are processed by the person in charge.

 

Personal data: It is any information or data that can link or that can be associated with one or several determined or determinable natural persons. These data are classified into:

 

  • Public: it is the data that is not semi-private, private or sensitive. Public data is considered, among others, data related to the marital status of people, their profession or trade and their quality as a merchant or public servant.

  • Semi-private: It is semi-private data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to society in general, for example, those referring to compliance. and breach of financial obligations or data relating to relations with social security entities.

  • Private: It is the data that by its own intimate or reserved nature is only relevant to the person who owns the data.

  • Sensitive: Information that affects the privacy of the owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social organizations, human rights or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data, among others, still or moving image capture, fingerprints, photographs, iris, voice, facial or palm recognition, etc.

 

Treatment Manager: It is the natural or legal person, public or private, who by their own will or in association with others, carries out the personal data processing process designated on behalf of the person responsible for the Treatment.

 

Responsible for the Treatment: It is the natural or legal person, public or private, who decides what to do on the basis of data and/or the Treatment of personal data.

 

Owner: It is the natural person who is processed your personal data.

 

Treatment: The treatment corresponds to any activity, operation or set of operations carried out on personal data, such as collection, storage, use, circulation or deletion.

 

Transfer: The transfer of data takes place when the person in charge and/or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the treatment and is located inside or outside from the country.

 

Transmission: Treatment of personal data that implies the communication of the same inside or outside the territory of the Republic of Colombia when its purpose is to carry out a treatment by the Manager on behalf of the person in charge.

 2. RIGHTS THAT ALL HOLDERS OF PERSONAL DATA HAVE AGAINST THE COMPANY

 

Any process that involves the treatment by any area of the company of personal data of customers, suppliers, employees and in general any third party with which COMERCIALIZADORA MUNDIAL DE DEPORTES SAS maintains commercial and labor relations must take into account and inform you in a manner express and prior, by any means by which a record of its compliance can be kept, the rights that assist that owner of the data, which are listed below:

 

  1. Free access to the data provided that has been processed. for which the company, in aid of the IT and technology management, is in charge of preserving and filing in a safe and reliable manner the duly granted authorization forms of each of the holders of personal data.

  2. Know, update and rectify your information against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment is prohibited or has not been authorized.

  3. Request proof of authorization granted.

  4. Submit to the Superintendence of Industry and Commerce (SIC) complaints for violations of the provisions of current regulations.

  5. Revoke the authorization and/or request the deletion of the data, provided that there is no legal or contractual duty that prevents its deletion.

  6. Refrain from answering questions about sensitive data. The answers that deal with sensitive data or data on children and adolescents will be optional.

 

                  

2.1.  TO THIRD PARTIES TO WHOM WITHOUT HAVING THE AUTHORIZATION OF   DELIVERY FORM.

 

  • To the owners of the data, their heirs, as long as they support such position, or representatives who support such quality, at any time and through any means when they request it from CMD SAS

  • To the judicial or administrative entities in the exercise of functions that raise some requirement to the company so that the information is delivered.

  • To third parties to whom the Data Holder expressly authorizes to deliver the information and whose authorization is delivered to CMD SAS

  • According to legal provisions.

 

3. DUTIES OF CMD SAS AS RESPONSIBLE FOR TREATMENT

 

The person responsible for the Treatment has been defined by Law 1581 of 2012 as the natural or legal person, public or private, that by itself or in association with others decides on the database and/or the treatment of the data.

 

The duties of those responsible for the Treatment and, consequently, of the SIC are those established in article 17 of Law 1581 of 2012:

 

  1. Guarantee the Owner, at all times, the full and effective exercise of the right of habeas data.

  2. Request and keep, under the conditions provided in the aforementioned law, a copy of the respective authorization granted by the Owner.

  3. Duly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

  4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

  5. Guarantee that the information provided to the Treatment Manager is true, complete, exact, updated, verifiable and understandable.

  6. Update the information, communicating in a timely manner to the Treatment Manager, all the news regarding the data that has previously been provided and adopt the other necessary measures so that the information provided to it is kept updated.

  7. Rectify the information when it is incorrect and communicate what is pertinent to the Treatment Manager.

  8. Provide the Treatment Manager, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of the aforementioned law.

  9. Demand from the Treatment Manager at all times, respect for the security and privacy conditions of the Owner's information.

  10. Process the queries and claims formulated in the terms indicated in the aforementioned law.

  11. Adopt an internal manual of policies and procedures to guarantee adequate compliance with the aforementioned law and, in particular, for the attention of queries and claims.

  12. Inform the Treatment Manager when certain information is under discussion by the Owner, once the claim has been filed and the respective process has not been completed.

  13. Inform at the request of the Owner about the use given to their data.

  14. Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders.

  15. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce”.

 

4. TREATMENT OF SENSITIVE DATA

 

 

In the development of its commercial activity, CMD S SAS may process Sensitive Data for specific purposes. For example, it collects, uses and stores biometric data from visitors to its facilities to ensure its security. CMD SAS will only process sensitive Personal Data as long as it has been previously authorized by the respective owner and will process them under security and confidentiality standards corresponding to their nature.

 

For this purpose, CMD SAS, has implemented administrative, technical and legal measures contained in its Manual of Policies and Procedures, of mandatory compliance for its employees and, as far as applicable, its suppliers, related companies and commercial allies. The collection of sensitive Personal Data in any case will warn that it is optional and does not constitute a condition to access any of our products or services.

 

5. PROCESSING OF PERSONAL DATA UNDERAGE

CMD SAS, in its ordinary course of business, does not frequently collect data from minors; however, in the event of collecting said data, it will treat the information and personal data of minors in a strictly confidential manner, under adequate security measures and with strict respect for their prevailing rights.

 

In the event that CMD SAS authorizes a commercial or marketing activity that may cause the collection of data from minors, the prior, express and informed authorization of the father or mother or the legal representative of the minor must be requested.

 

6. DATA TRANSMISSIONS TO PROCESSORS

 

When CMD SAS wishes to send or transmit data to one or more Managers, it must establish contractual clauses, or enter into a contract for the transmission of personal data in which, among others, the following is agreed:

 

  1. The scope and purposes of the treatment

  2. The activities that the Processor will carry out on behalf of CMD SAS

  3. The obligations that the Manager must comply with respect to the owner of the data and CMD SAS

  4. The obligations of the Manager to adequately protect personal data and databases, as well as to keep confidentiality regarding the treatment of the data transmitted.

  5. The obligation to the Manager to treat the data for the purpose for which the transmission arose.

  6. A description of the specific security measures that are going to be adopted or that are already adopted by CMD SAS as well as by the Data Processor at its destination.

7. PROCEDURES TO ACCESS, CONSULT, RECTIFY AND UPDATE YOUR INFORMATION

 

The Human Management area is the unit in charge of processing the requests of the holders to make their rights effective. Therefore, the Holders of Personal Data processed by CMD SAS have the right to access their personal data and the details of said treatment, as well as to rectify and update them in case they are inaccurate or to request their elimination when they consider that they turn out to be excessive and unnecessary for the purposes

 

justified their obtaining or opposed to their Treatment for specific purposes.

 

The ways that have been implemented to guarantee the exercise of said rights through the presentation of the respective application are:

 

  1. Offices located at Calle 11 #48ª-05, first floor, Cali-Valle.

  2. The email address servicioalcliente@bullwinsconfecciones.com

 

These channels may be used by holders of personal data, or third parties authorized by law to act on their behalf, in order to exercise the rights mentioned in number 2.

 

In accordance with the provisions of Article 15 of Law 1581 of 2012, when the Holder or his successors in title consider that the information processed by CMD SAS should be subject to correction, updating or deletion, or when it should be revoked due to warning of the alleged breach of any of the duties contained in the Law, may submit an application to CMD SAS, which will be processed under the following rules:

 

  • The owner or his successors in title must prove his identity, that of his representative, the representation or stipulation in favor of another or for another.

  • When the request is made by a person other than the Holder and it is not proven that he is acting on behalf of the Holder, it will be considered as not submitted.

  • The request for rectification, updating, deletion or revocation must be submitted through the means enabled by CMD SAS indicated in this document and contain, at least, the following information:

 

  1. The name and address of the owner or any other means to receive the response.

  2. The documents that prove the identity of the applicant and, if necessary, that of their representative with the respective authorization.

  3. Reason(s)/fact(s) that give rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of the authorization granted, revoke it, delete it, access the information and the specific request.

 

  • The maximum term to meet this request will be ten (10) business days from the day following the date of receipt. When it is not possible to attend to it within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term. .

 

Once the terms indicated by Law 1581 of 2012 and the other norms that regulate or complement it have been fulfilled, the Owner who is denied, totally or partially, the exercise of the rights of access, update, rectification, deletion and revocation, may bring your case to the attention of the Superintendence of Industry and Commerce – Delegation for the Protection of Personal Data.

 

8. INFORMATION SECURITY

 

For COMERCIALIZADORA MUNDIAL DE DEPORTES SAS it is essential and a priority to adopt technical, legal, human and administrative measures that are necessary to ensure the security of personal data, protecting confidentiality, integrity, use, unauthorized and/or fraudulent access. Likewise, it is allowed to inform that internally the company has implemented mandatory security protocols for all personnel with access to personal data and information systems.

 

Information security is the set of technical, operational, organizational, and legal measures that allow organizations to safeguard and protect information seeking to maintain its confidentiality, availability, and integrity.

 

  • Integrity: Property of safeguarding the accuracy and completeness of information assets. [NTC 5411-1:2006].

 

  • Availability: Property that the information is accessible and usable by request of an authorized entity. [NTC 5411-1:2006].

 

  • Confidentiality: Property that determines that information is not available or disclosed to individuals, entities or unauthorized processes. [NTC5411-1:2006].

 

The internal security policies under which the owner's information is kept to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access, are the following:

 

  • Technological infrastructure policies and access control policies to information, applications and databases (security modules, encryption).

 

  • Technological implementation policies that prevent the use of USB devices from unauthorized storage.

 

  • Technological implementation policies that control the sending and electronic transmission characterized as confidential.

 

  • Confidentiality agreement with suppliers and third parties.

 

  • Confidentiality clause in employee labor contracts.

 

  • Internal audit procedures.

 

  • Habeas Data Notice.

9.VALIDITY

 

This Policy for the Processing of Personal Data is effective as of January 1, 2018. The databases in which the personal data will be recorded will be valid for the same time as the information is maintained and used for the purposes described in this policy. Once that purpose(s) is fulfilled and provided there is no legal or contractual duty to retain your information, your data will be deleted from our databases.

bottom of page