Personal Data Processing Policy
In Colombia, everyone has the right to know, update, and rectify their personal data. This applies to both public and private databases and is guaranteed through laws such as Law 1581 of 2012 and Law 2300 of 2023. You can access the full Personal Data Processing Policy here.
Types of Data We Collect
General Personal Data: Such as name, address, phone number, email, etc.
Sensitive Data: Information that could affect your privacy, such as health data, biometric info (fingerprints, facial recognition), or religious beliefs. This data requires special care and is only processed under specific conditions.
Use of Your Personal Information
Providing requested services (managing contracts, sending information).
Conducting studies, behavioral analysis, and surveys.
Complying with legal and contractual obligations, such as reporting to regulatory entities.
Updating databases and performing auditing processes.
Sending promotions and advertising, always with your consent.
Additional Purposes
Beyond standard activities, data may be used for:
Debt Collection: Debt monitoring and communication for collection purposes.
Commercial Prospecting: Activities to offer new products or services that may interest you.
Fraud Prevention: Measures to prevent fraud or unauthorized access.
Data Subject Rights
Knowing what data is held about you and how it is used.
Updating, correcting, or deleting your data if it is incorrect.
Withdrawing your consent for the use of your data at any time.
Requesting not to be contacted for commercial purposes if you so wish.
Accessing your data free of charge upon request.
Processing of Sensitive Data and Minors
Sensitive Data: Only processed with your explicit authorization, except in situations like medical emergencies.
Data of Children and Adolescents: Only collected if it is public data and their rights are fully respected.
Security Measures
Your data is stored with physical and electronic security measures to prevent unauthorized access.
The company maintains restricted access controls to protect data confidentiality.
Precautions are taken to ensure that data no longer required is securely destroyed.
Data Sharing and Transfer
Your data may be shared with third parties (providers or commercial allies) only if necessary for the services offered, always under agreements that protect your privacy.
Data may be transferred nationally or internationally with the same protection guarantees.
Procedure for Inquiries and Claims
If you wish to exercise your rights (to know, update, rectify, or delete your data):
You may contact the Data Protection Officer at legal@recu.com.co.
Inquiries will be answered within 10 business days, and claims within 15 business days.
If the company requires more time to resolve your request, you will be informed accordingly.
Data Processing Authorization
To process your personal data, the company requires your prior authorization. This can be provided in writing, verbally, or through actions that clearly show you accept the use of your data (e.g., filling out a form).
Your permission is not required for processing public data or in cases of medical urgency.
Security Incident Measures
- If an information security breach is detected, the company must take swift action to resolve it and notify authorities if necessary. Internal records and audits are maintained to verify compliance with data protection policies.
Training and Audits
Employees and contractors receive annual training on personal data protection and information security. Periodic audits are conducted to ensure policies are correctly followed.
Policy Validity and Updates
This policy is effective indefinitely but may be updated if significant changes occur. In such cases, data subjects will be informed through standard channels or via the company’s website.
