Privacy Policy & Data Treatment

PERSONAL DATA PROCESSING POLICY

(Privacy Policy)

MUNILY S.A.S.

CONTENT OF THE TREATMENT POLICY

CHAPTER I

GENERAL INFORMATION ABOUT MUNILY S.A.S.

AS PERSON RESPONSIBLE FOR THE PROCESSING Company Name: MUNILY S.A.S. Address: Calle 69 A No. 5 59 P 2 Bogotá Telephone: 3148327050 E-mail: info@munily.com Website: https://munily.com

CHAPTER II

OBJECTIVE OF THE TREATMENT POLICY

In order to comply with current legislation on data protection, especially Law 1581 of 2012 and Decree 1377 of 2013 (and other rules that modify, add, supplement or develop them), below we indicate the relevant aspects in relation to the collection, use and transfer of personal data that MUNILY S.A.S. in Colombia (hereinafter MUNILY), performs of personal data, under the authorization that has been granted for such treatment. This personal data processing policy (the “Policy”) contains the corporate and legal guidelines under which MUNILY processes personal data, the purpose, the rights of the owners, as well as the internal and external procedures that exist for the exercise of such rights before the Company, among others: In accordance with the provisions of Article 15 of the Political Constitution of Colombia and the applicable legislation (Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013 and all those rules that regulate, add, repeal or modify them), in MUNILY we have a clear policy of privacy and protection of personal data that includes independent professionals, customers, suppliers, employees who have a business or legal relationship with the MUNILY Group and who have voluntarily provided their prior, express and informed consent

CHAPTER III

TREATMENT POLICY BACKGROUND

The events that preceded the preparation and disclosure of this Personal Data Processing Policy are those set forth below:

  • Law 1581 of October 17, 2012 issued the General Regime for the Protection of Personal Data, which, according to its Article 1°, aims to: (…) develop the constitutional right that all persons have to know, update and rectify the information that has been collected about them in databases or files, and the other rights, freedoms and constitutional guarantees referred to in Article 15 of the Political Constitution; as well as the right to information enshrined in Article 20 of the same”.
  • Law 1581 of 2012 constitutes the general framework for the protection of personal data in Colombia.
  • By Ruling C-748 of October 6, 2011, the Constitutional Court declared constitutional the Statutory Bill No. 184 of 2010 – Senate, 046 of 2010 – House of Representatives.
  • By Decree 1377 of June 27, 2013, the Ministry of Commerce, Industry and Tourism regulated aspects related to the authorization of the Data Controller for the Processing of personal data, the Processing policies of the Controllers and Processors, the exercise of the rights of the Data Controllers, the transfers of personal data and the responsibility demonstrated in relation to the Processing of personal data, this last issue referring to accountability.
  • By Decree 1074 of 2015, chapter 25 partially regulates Law 1581 of 2012 and chapter 26 the National Database Registry.
  • Circular 002 of November 3, 2015 issued by the Superintendency of Industry and Commerce, with which the National Database Registry is enabled.

CHAPTER IV

TO WHOM THE TREATMENT POLICY IS ADDRESSED

This Personal Data Processing Policy is addressed to Clients and potential clients, Suppliers, MUNILY Employees, both active and inactive, administrators, security guards, residents and guests of co-ownerships whose personal data is included in the Company’s Databases.

CHAPTER V

RELEVANT DEFINITIONS OF THE TREATMENT POLICY

For the interpretation of this Policy, the following definitions should be taken into account:

  • Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Data Subject for the Processing of his personal data, by means of which he is informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the Processing that is intended to be given to the personal data.
  • Holder: Any person who, as final recipient, either of MUNILY’s services or exercising as independent professionals, workers, Clients, and potential clients, Suppliers, MUNILY’s Employees, administrators, security guards, residents and guests of co-ownerships, both active and inactive, and other persons in general.
  • Personal Data: Any information linked or that can be associated to one or several determined or determinable natural persons.
  • Sensitive Data: Data that affect the privacy of the Data Subject or whose improper use may generate discrimination.
  • Employee: A natural person who, by virtue of an employment contract, undertakes to render a personal service to another natural or legal person, under the continued dependence or subordination of the latter and for remuneration.
  • Data Processor: Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of personal data on behalf of MUNILY as Data Controller.
  • Processing Policy: Refers to this document, as the personal data processing policy applied by MUNILY in accordance with the guidelines of the current legislation on the matter.
  • Supplier: Any natural or legal person that provides any service to MUNILY by virtue of a contractual/obligatory relationship.
  • Data Controller: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Processing of the Data, for the purposes of this policy, MUNILY shall act as Data Controller, in principle, MUNILY.
  • Transfer: Refers to the sending by MUNILY as data controller or data processor, to a third party agent or natural/legal person (recipient), within or outside the national territory for the effective processing of personal data.
  • Transmission: Refers to the communication of personal data by the Controller to the Processor, located within or outside the national territory, so that the Processor, on behalf of the Controller, processes personal data.
  • Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

For the understanding of the terms that are not included in the above list, reference should be made to the legislation in force, especially Law 1581 of 2012 and Decree 1377 of 2013 and those that complement, add and/or modify the legislation in force in this regard. Additionally, in case of doubt about any of the definitions provided herein, it shall be given the meaning that has been used by the legislator in the aforementioned rules.

CHAPTER VI

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

The principles governing the Processing of Personal Data by MUNILY are the following:

  • Principle of Legality in data processing: The Processing referred to in Law 1581 of 2012 is a regulated activity that must be subject to what is established therein and in the other provisions that develop it.
  • Principle of Purpose The processing of personal data must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Data Subject.
  • Principle of Freedom: The processing of personal data can only be exercised with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent.
  • Principle of Truthfulness or Quality The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.
  • Principle of Transparency: The right of the Data Subject to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed.
  • Principle of Access and Restricted Circulation: Processing is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the Processing may only be carried out by persons authorized by the Holder and/or by the persons provided by law.

Personal data, except for public information, may not be made available on the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to Data Holders or authorized third parties in accordance with the law.

  • Security Principle: The information subject to Processing by the Data Controller or Data Processor shall be handled with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access.
  • Principle of Confidentiality: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only provide or communicate personal data when it corresponds to the development of the activities authorized by law and under the terms of the same.

    CHAPTER VII

    HOLDER’S AUTHORIZATION FOR DATA PROCESSING

    MUNILY as Data Controller has adopted procedures to request, at the latest at the time of collection of personal data, the corresponding authorization for the Processing thereof and to inform which personal data will be collected, as well as all the specific purposes of the Processing for which consent is obtained. However, in the case of personal data that are in publicly accessible sources, regardless of the means by which they are accessed, meaning those data or databases that are available to the public, they may be processed by MUNILY, provided that, by their nature, they are public data. MUNILY as Responsible for the Processing of personal data has established mechanisms to obtain the authorization of the Data Controllers or whoever is legitimized for such purpose. It shall be understood that the authorization granted by the Data Subject to MUNILY complies with the requirements of the applicable legislation in force, when it is expressed: (i) in writing; (ii) orally; or (iii) through unequivocal conduct of the Data Subject that allows the reasonable conclusion that he/she granted MUNILY the respective authorization. In no case shall the silence of the Data Subject to issue his/her consent or authorization be assimilated by MUNILY as an unequivocal conduct. The Data Subject may at any time request MUNILY as Data Controller, the deletion of their personal data and/or revoke the authorization granted to MUNILY for the Processing of the data, for which the channels provided for in Section 3 of Chapter Twelve of this Policy have been enabled.

    CHAPTER VIII

    HOLDER’S AUTHORIZATION FOR THE PROCESSING OF SENSITIVE DATA

    In accordance with the provisions of Chapter V of this Policy, Sensitive Data is understood as: “data that affect the privacy of the Data Subject or whose improper use may lead to discrimination”. The processing of sensitive data referred to in Article 5° of Law 1581 of 2012 is prohibited, except for the cases listed below:

    • When the Data Subject has given his explicit authorization to such Processing, except in those cases where by law the granting of such authorization is not required.
    • When the Processing is necessary to safeguard the vital interest of the Data Subject and he/she is physically or legally incapacitated. In these events, the legal representatives must grant their authorization.
    • When the Processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided that they refer exclusively to its members or persons who maintain regular contacts by reason of its purpose. In these events, the data may not be provided to third parties without the authorization of the Data Controller.
    • When the Processing refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process;
    • When the Processing has a historical, statistical or scientific purpose. In this event, the measures leading to the suppression of the identity of the Data Controllers must be adopted.

    In the Processing of sensitive personal data, when such Processing is possible in accordance with the provisions of Article 6 of Law 1581 of 2012, MUNILY complies with the following obligations:

    • Informs the Data Subject that since it is sensitive data, he/she is not obliged to authorize its processing.
    • It informs the Data Subject explicitly and in advance, in addition to the general requirements of authorization for the collection of any type of personal data, which of the data to be processed are sensitive and the purpose of their processing, and also obtains his or her express consent.

    None of the activities carried out by MUNILY are or will be conditioned on data subjects providing the Company with sensitive personal data.

    CHAPTER IX

    USE AND PURPOSE OF THE TREATMENT

    MUNILY recognizes that holders of personal data are entitled to have a reasonable expectation of their privacy, taking into account their responsibilities, rights and obligations to the Company. MUNILY will use the personal data collected for the following purposes:

    • Execute contracts signed with customers.
    • To provide security and community communication solutions in horizontal properties.
    • Make payment of contractual obligations.
    • Send the information to governmental or judicial entities at their express request.
    • Support external and internal audit processes.
    • Payroll payments, issuance of labor certifications, invitations to company events to its active workers.
    • Issuance of labor certificates requested by workers who have left the company.
    • Develop internal communication campaigns that may contain data of MUNILY employees in Colombia.
    • Contact independent professionals, employees, customers and suppliers, to send commercial information that may be requested or that has to do with the contractual relationship between the parties.
    • Contact professionals who send their resumes for job interviews.
    • Submission of proposals that are requested either electronically, in writing or by electronic means.
    • Sending e-mails containing newsletters, publications, invitations to events and information that may be relevant to customers and/or prospects.
    • Sending of proposals and portfolio of services.
    • Sending satisfaction surveys and service improvement programs (only for customers).

    The information provided by the Holders of personal data will be used by MUNILY only for the purposes stated herein, and, therefore, we will not proceed to sell, license, transmit or disclose the same, outside the Company, unless: (i) you expressly authorize us to do so; (ii) it is necessary to do so to allow our professionals to provide our services; (iii) it is required or permitted by law or by a competent administrative or judicial authority. In order to implement the purposes described above, your personal data may be disclosed for the purposes set forth above to the personnel that make up the Human Resources Management, Administrative and Financial Management and Commercial Management. MUNILY may subcontract to third parties for the processing of certain functions or information. When we do outsource the processing of personal information to third parties or provide personal information to third party service providers, we advise such third parties of the need to protect such personal information with appropriate security measures, prohibit them from using your personal information for their own purposes, and prevent them from disclosing the personal information to others. Once the need for data processing has ceased, the data may be removed from MUNILY’s databases or archived in a secure manner so that it can only be disclosed when required by law.

    CHAPTER X

    PROCESSING OF PERSONAL DATA

    This Security Policy extends and reaches the various areas that are part of the processing (use, collection, circulation, storage and deletion) of personal data; the above in order to standardize procedures in the management and administration of risks in the processing of personal data. This Security Policy applies to all MUNILY’s Databases containing personal data, whether digital or physical, and binds each of the areas and personnel designated for the processing of personal data. The policy shall be extended as applicable to those in charge of the processing with whom MUNILY establishes links as applicable This document applies to all employees, contractors and personnel linked to MUNILY under any type of contractual relationship and who are involved in the processing of personal data under the development of the contract For this purpose, personal data shall be understood as any information linked or that may be associated with natural persons. To consider it as personal data you must answer affirmatively to the following question With the data I can directly or directly identify a natural person? According to Decree 1377 of 2013, MUNILY, may only collect, store, use or circulate the personal data of a person, for the time that is reasonable and necessary, according to the purposes that justified the treatment, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical aspects of the information. Once the purpose or purposes of the Processing have been fulfilled and without prejudice of legal regulations that provide otherwise, MUNILY shall proceed to the deletion of the personal data in its possession. As an exception to the above, MUNILY may keep the personal data when it is required to comply with a legal or contractual obligation. In cases in which MUNILY processes sensitive data, defined as any data that affects the privacy of the owner or whose improper use may generate discrimination, such data shall be protected in accordance with the framework and limitations established by law. MUNILY shall endeavor to comply with the digital and physical security measures established herein, which are adequate to ensure the security of sensitive data. Thus, all processing (use, collection, circulation, storage and filing) of personal data must be authorized by the owner according to the purposes indicated by the responsible party. Therefore, it is MUNILY’s duty to ensure that the areas involved in the entire life cycle of the data comply with the provisions of the processing policy and that the personal data is effectively used according to the purposes authorized by the owner.

    • TREATMENT OF PERSONAL DATA OF MINORS.

      The processing of data of minors must be subject to the principles, parameters and requirements contained in Article 7 of Law 1581 of 2012, Article 12 of Decree 1377 of 2013 and Ruling C-778 of 2012 of the Constitutional Court.

    • The processing of personal data of children under 18 years of age may be subject to processing as long as the purpose pursued is in the best interest of children and adolescents and respect for their prevailing rights is ensured without exception. In accordance with the above, the processing of personal data of children and adolescents will be exceptionally possible when the following criteria are met:
      • The purpose of the treatment responds to the best interests of children and adolescents.
      • To ensure respect for the fundamental rights of children and adolescents.
      • In accordance with the maturity of the child or adolescent, his or her opinion shall be taken into account.
      • Compliance with the requirements set forth in Law 1581 of 2012 for the processing of personal data.
      • Prior authorization is obtained from the legal representative of the minor, usually the parents.
    • VIDEO SURVEILLANCE

      Through the Munily app it will be possible to capture the image of people and vehicles entering the condominiums that use the Munily app, who prior to entry are informed of this situation by the people in charge of the reception, who will additionally seek at that time the authorization of the owner. The sole purpose of these systems is the security of both the people entering the condominium and its residents.

    • POLICIES OF THE PERSON IN CHARGE OF THE PROCESSING OF PERSONAL DATA
      The PERSON IN CHARGE is the one who carries out the processing of personal data on behalf of MUNILY, that is, the person to whom MUNILY is entrusting the handling of a compendium of personal data, whether provided directly by the owners of the data or by third parties to MUNILY.In this sense, the personal data provided by MUNILY shall be used only for the entrusted task and in accordance with the established guidelines
      . According to the Colombian regulations applicable to the protection of personal data and the jurisprudence related to the subject, the person responsible for the processing of personal data, i.e. MUNILY and THE PERSON IN CHARGE of the processing, respond concurrently and jointly and severally before the owner of the personal data The foregoing with respect to the veracity, integrity, purpose and incorporation of the personal data, as well as in the treatment (use, collection, storage, circulation and suppression) of the same; in the understanding that any use must be made with the authorization of the owner.
      By virtue of the foregoing, THE PARTY undertakes with MUNILY to verify the delivery status of the personal data, as well as to provide the necessary security measures to ensure the security of the data according to the measures of this Security Policy. It is the duty of the PRINCIPAL to provide the utmost diligence in the execution of its work with respect to the protection and security of personal data, both in digital and physical databases.
      THE PERSON IN CHARGE is responsible for the use, custody and protection of the personal data provided by MUNILY, for which reason he/she shall be liable even for slightest fault with respect to the protection and custody of the personal data provided Any conduct contrary to the policies set forth herein or its omission shall engage the responsibility of the PRINCIPAL.
      THE PRINCIPAL shall comply with the duties set forth in the Policy of the Data Processor and with the other duties set forth in Article 18 of Law 1581 of 2012, and shall also be liable even for its employees or contractors.

    CHAPTER XI

    REVOCATION OF AUTHORIZATION AND/OR DELETION OF DATA

    Data Owners may at any time request MUNILY as Data Controller, the deletion of their personal data and/or revoke the authorization granted for the Processing thereof, by filing a claim, in accordance with the provisions of Article 15 of Law 1581 of 2012. However, it is important to note that the request for deletion of the information and the revocation of the authorization shall not proceed when the Data Subject has a legal or contractual duty by virtue of which it must remain in MUNILY’s database. MUNILY has provided easily accessible and free mechanisms, so that the Data Owners may submit at any time requests for deletion of their data or revocation of the authorization granted. Such mechanisms are set forth in paragraph 3 of Chapter XIII of this document. If upon expiration of the respective legal term, MUNILY as the Responsible Party does not remove the personal data from its databases, the Data Subject may request the Superintendence of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal data. For these purposes, the procedure described in Article 22 of Law 1581 of 2012 shall apply. Finally, it is important to highlight that personal data will be kept in MUNILY’s databases when so required in compliance with a legal or contractual obligation.

    CHAPTER XII

    RIGHTS OF DATA SUBJECTS

    Pursuant to the provisions of Article 8 of Law 1581 of 2012, the rights of personal data owners are:

    • To know, update and rectify their personal data with respect to the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized.
    • Request proof of the authorization granted to the Data Controller except when expressly exempted as a requirement for the Processing.
    • To be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been made of their personal data.
    • File complaints before the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it.
    • To revoke the authorization and/or request the deletion of the data when the processing does not respect the constitutional and legal principles, rights and guarantees.
    • Access free of charge to personal data that have been subject to Processing.

    The channels that exist in MUNILY for the exercise of the rights of the Data Subject are found in Chapter XIII of this Policy.

    CHAPTER XIII

    PROCEDURE FOR EXERCISING YOUR RIGHTS AS A DATA SUBJECT

    The rights of the Holders established in the Law may be exercised before MUNILY by the following persons:

    • By the Data Subject, who must provide MUNILY with sufficient proof of his or her identity.
    • By the successors of the Data Subject, who must prove such quality to MUNILY.
    • By the representative and/or proxy of the Data Subject, upon accreditation before MUNILY of the representation or proxy.
    • By stipulation in favor of or for another.

    In accordance with the provisions of the applicable legislation in force, for the exercise of any of the rights of the Data Owner, any of the mechanisms set forth below may be used before MUNILY:

    Inquiries:

    • The Data Controllers or their successors in title may consult the personal information of the Data Controller in MUNILY’s databases.
    • MUNILY, as the data controller, will provide to the Data Controllers or their successors in title, all the information contained in the individual record or that is linked to the identification of the Data Controller.
    • The consultation shall be made through the channels enabled by MUNILY for such purpose, which are described in Section 3 of this chapter.
    • The consultation will be attended by MUNILY in a maximum term of ten (10) working days counted from the date of receipt of the same.
    • When it is not possible for MUNILY to attend the consultation within said term, it shall inform the interested party, stating the reasons for the delay and indicating the date on which it will attend the consultation, which in no case shall exceed five (5) business days following the expiration of the first term.

    Claims:

    • The Titleholders or assignees who consider that the information contained in MUNILY’s databases should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with MUNILY as the party responsible for the Processing, which will be processed under the following rules:
      • The claim shall be formulated by means of a written request addressed to MUNILY, with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents to be asserted.
      • A photocopy of the data subject’s identification document must be attached to the claim.
      • The claim shall be formulated through the channels enabled by MUNILY for such purpose, which are described in Section 3 of this chapter.
      • If the claim is incomplete, MUNILY will require the interested party within five (5) business days following receipt of the claim to correct the faults.
      • After two (2) months from the date of the request made by MUNILY, without the applicant submitting the required information, the Company shall understand that the claim has been withdrawn.
      • In the event that the person who receives the claim is not competent to resolve it, he/she will transfer it to the corresponding person within a maximum term of two (2) business days and will inform the interested party of the situation.
      • Once MUNILY receives the completed claim, it will include in the database a legend indicating: claim in process and the reason for the claim, within a term no longer than two (2) business days.Such legend shall be maintained until the claim is decided.
      • The maximum term for MUNILY to respond to the claim will be fifteen (15) business days from the day following the date of its receipt.
      • When it is not possible for MUNILY to attend to the claim within said term, the interested party will be informed of the reasons for the delay and the date on which the claim will be attended to, which in no case may exceed eight (8) business days following the expiration of the first term.
      • Enabled Channels.

    The rights of the holders may be exercised by the aforementioned persons through the channels that have been enabled by MUNILY for this purpose, which are available free of charge, as follows:

    • Through the following e-mail address:
      soporte@munily.com.co
    • Physical facilities of MUNILY Calle 69 A No. 5 59 P 2 Bogota

    CHAPTER XIV

    MUNILY’S DUTIES AS DATA CONTROLLER

    As the party responsible for the Processing of personal data, MUNILY must comply with the following duties:

    • Guarantee to the Data Subject, at all times, the full and effective exercise of the right of habeas data.
    • Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Holder.
    • Duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
    • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
    • Ensure that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.
    • Update the information, communicating in a timely manner to the Data Processor, all developments regarding the data previously provided and take other necessary measures to ensure that the information provided to it is kept up to date.
    • Rectify the information when it is incorrect and communicate the pertinent to the Data Processor.
    • To provide to the Data Processor, as the case may be, only data whose processing is previously authorized in accordance with the provisions of the law.
    • To require the Data Processor at all times to respect the security and privacy conditions of the Data Subject’s information.
    • Process inquiries and claims formulated under the terms set forth in the law.
    • Adopt an internal manual of policies and procedures to ensure proper compliance with the law and, in particular, to deal with queries and complaints.
    • Inform the Data Processor when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed.
    • Inform upon request of the Data Subject about the use given to his/her data.
    • Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Data Holders.
    • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

    CHAPTER XV

    COOKIES POLICY

    MUNILY in Colombia manages the cookie policy of MUNILY and therefore in the notice on the website of Colombia should be redirected to the stipulations on cookies that MUNILY Global has. MUNILY in Colombia shall ensure that users of its app and website can access MUNILY’s cookie policy. Users of the website and the app will have the ability to change or modify the consent of the cookie statement.

    Definition of cookies

    A cookie is a small information file that is downloaded to the user’s computer, smartphone or tablet when accessing certain web pages to store and retrieve information about the navigation that is made from the equipment. Through cookies, websites remember information about the user’s visit, which allows them to provide a safer browsing experience. Cookies are associated with anonymous users, that is, those who visit the portals without identification or without registering themselves, as well as those who do. Cookies are not viruses or malicious programs that can damage the devices through which the web page is accessed, therefore, they cannot delete or read user information MUNILY may share information obtained through cookies with external persons or third parties (allies, clients, suppliers or companies linked to the MUNILY Group), in order to improve the service provided to the user. Likewise, the information received through cookies will be used by MUNILY and the third parties described for the purposes described in this document. Types of Cookies

    • Own or third party cookies: When they are managed from the terminal or domain of the same editor, they are qualified as own and are third party when they are not sent by the editor itself but by another entity.
    • Session and persistent cookies: In session cookies, the data collected is only stored while browsing the website and in persistent cookies, the data continues to be stored in the terminal and can be accessed for a certain period of time.
    • Technical/personalization/analytics/advertising cookies:
      • Techniques: those that make it possible to control traffic and data communication.
      • Personalization: Those that allow users to access according to some of their own characteristics that are collected, such as, customizing the search engine home page.
      • Analysis: these collect data on user behavior and allow for user profiling.
      • Advertising: they collect data on the management of advertising spaces, allow users to be shown advertising banners of which they may be possibly interested.

    Purpose of cookies

    They are necessary for the operation of the website, they cannot be disabled on our systems, they are only set in response to actions taken when requesting service, setting privacy preferences, logging in or completing forms. You can configure the browser of the device you are using to block or alert you to cookies. These cookies do not store any personally identifiable information.

    CHAPTER XVI

    MODIFICATION OF THE TREATMENT POLICY

    In the event of substantial changes in the content of this Personal Data Processing Policy, they shall be communicated before or at the latest at the time of the implementation of the new policies. In addition, when the change refers to the purpose of the Processing of Personal Data, MUNILY must obtain a new authorization from the owners. In any case, we invite you to regularly or periodically review our website www.munily.com., through which you will be informed about the change and the latest version of this Policy or the mechanisms enabled by MUNILY to obtain a copy of it will be made available to you.

    CHAPTER XVII

    MUNILY DATA PRIVACY POLICY

    MUNILY in Colombia is part of MUNILY INC and therefore in all that is applicable and does not contravene Colombian legislation on the matter, the MUNILY group, its customers, suppliers, contractors, active or inactive employees, will abide by the guidelines and policies established for the treatment of personal data of MUNILY INC, especially in everything related to the transmission, exchange and/or security of data information between member countries.

    CHAPTER XVIII

    TREATMENT POLICY IN EFFECT

    This Personal Data Processing Policy was created on February 18, 2022 and is effective as of this day.