AS PERSON RESPONSIBLE FOR THE PROCESSING Company Name: MUNILY S.A.S. Address: Calle 69 A No. 5 59 P 2 Bogotá Telephone: 3148327050 E-mail: email@example.com Website: https://munily.com
In order to comply with current legislation on data protection, especially Law 1581 of 2012 and Decree 1377 of 2013 (and other rules that modify, add, supplement or develop them), below we indicate the relevant aspects in relation to the collection, use and transfer of personal data that MUNILY S.A.S. in Colombia (hereinafter MUNILY), performs of personal data, under the authorization that has been granted for such treatment. This personal data processing policy (the “Policy”) contains the corporate and legal guidelines under which MUNILY processes personal data, the purpose, the rights of the owners, as well as the internal and external procedures that exist for the exercise of such rights before the Company, among others: In accordance with the provisions of Article 15 of the Political Constitution of Colombia and the applicable legislation (Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013 and all those rules that regulate, add, repeal or modify them), in MUNILY we have a clear policy of privacy and protection of personal data that includes independent professionals, customers, suppliers, employees who have a business or legal relationship with the MUNILY Group and who have voluntarily provided their prior, express and informed consent
The events that preceded the preparation and disclosure of this Personal Data Processing Policy are those set forth below:
This Personal Data Processing Policy is addressed to Clients and potential clients, Suppliers, MUNILY Employees, both active and inactive, administrators, security guards, residents and guests of co-ownerships whose personal data is included in the Company’s Databases.
For the interpretation of this Policy, the following definitions should be taken into account:
For the understanding of the terms that are not included in the above list, reference should be made to the legislation in force, especially Law 1581 of 2012 and Decree 1377 of 2013 and those that complement, add and/or modify the legislation in force in this regard. Additionally, in case of doubt about any of the definitions provided herein, it shall be given the meaning that has been used by the legislator in the aforementioned rules.
The principles governing the Processing of Personal Data by MUNILY are the following:
Personal data, except for public information, may not be made available on the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to Data Holders or authorized third parties in accordance with the law.
MUNILY as Data Controller has adopted procedures to request, at the latest at the time of collection of personal data, the corresponding authorization for the Processing thereof and to inform which personal data will be collected, as well as all the specific purposes of the Processing for which consent is obtained. However, in the case of personal data that are in publicly accessible sources, regardless of the means by which they are accessed, meaning those data or databases that are available to the public, they may be processed by MUNILY, provided that, by their nature, they are public data. MUNILY as Responsible for the Processing of personal data has established mechanisms to obtain the authorization of the Data Controllers or whoever is legitimized for such purpose. It shall be understood that the authorization granted by the Data Subject to MUNILY complies with the requirements of the applicable legislation in force, when it is expressed: (i) in writing; (ii) orally; or (iii) through unequivocal conduct of the Data Subject that allows the reasonable conclusion that he/she granted MUNILY the respective authorization. In no case shall the silence of the Data Subject to issue his/her consent or authorization be assimilated by MUNILY as an unequivocal conduct. The Data Subject may at any time request MUNILY as Data Controller, the deletion of their personal data and/or revoke the authorization granted to MUNILY for the Processing of the data, for which the channels provided for in Section 3 of Chapter Twelve of this Policy have been enabled.
In accordance with the provisions of Chapter V of this Policy, Sensitive Data is understood as: “data that affect the privacy of the Data Subject or whose improper use may lead to discrimination”. The processing of sensitive data referred to in Article 5° of Law 1581 of 2012 is prohibited, except for the cases listed below:
In the Processing of sensitive personal data, when such Processing is possible in accordance with the provisions of Article 6 of Law 1581 of 2012, MUNILY complies with the following obligations:
None of the activities carried out by MUNILY are or will be conditioned on data subjects providing the Company with sensitive personal data.
MUNILY recognizes that holders of personal data are entitled to have a reasonable expectation of their privacy, taking into account their responsibilities, rights and obligations to the Company. MUNILY will use the personal data collected for the following purposes:
The information provided by the Holders of personal data will be used by MUNILY only for the purposes stated herein, and, therefore, we will not proceed to sell, license, transmit or disclose the same, outside the Company, unless: (i) you expressly authorize us to do so; (ii) it is necessary to do so to allow our professionals to provide our services; (iii) it is required or permitted by law or by a competent administrative or judicial authority. In order to implement the purposes described above, your personal data may be disclosed for the purposes set forth above to the personnel that make up the Human Resources Management, Administrative and Financial Management and Commercial Management. MUNILY may subcontract to third parties for the processing of certain functions or information. When we do outsource the processing of personal information to third parties or provide personal information to third party service providers, we advise such third parties of the need to protect such personal information with appropriate security measures, prohibit them from using your personal information for their own purposes, and prevent them from disclosing the personal information to others. Once the need for data processing has ceased, the data may be removed from MUNILY’s databases or archived in a secure manner so that it can only be disclosed when required by law.
This Security Policy extends and reaches the various areas that are part of the processing (use, collection, circulation, storage and deletion) of personal data; the above in order to standardize procedures in the management and administration of risks in the processing of personal data. This Security Policy applies to all MUNILY’s Databases containing personal data, whether digital or physical, and binds each of the areas and personnel designated for the processing of personal data. The policy shall be extended as applicable to those in charge of the processing with whom MUNILY establishes links as applicable This document applies to all employees, contractors and personnel linked to MUNILY under any type of contractual relationship and who are involved in the processing of personal data under the development of the contract For this purpose, personal data shall be understood as any information linked or that may be associated with natural persons. To consider it as personal data you must answer affirmatively to the following question With the data I can directly or directly identify a natural person? According to Decree 1377 of 2013, MUNILY, may only collect, store, use or circulate the personal data of a person, for the time that is reasonable and necessary, according to the purposes that justified the treatment, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical aspects of the information. Once the purpose or purposes of the Processing have been fulfilled and without prejudice of legal regulations that provide otherwise, MUNILY shall proceed to the deletion of the personal data in its possession. As an exception to the above, MUNILY may keep the personal data when it is required to comply with a legal or contractual obligation. In cases in which MUNILY processes sensitive data, defined as any data that affects the privacy of the owner or whose improper use may generate discrimination, such data shall be protected in accordance with the framework and limitations established by law. MUNILY shall endeavor to comply with the digital and physical security measures established herein, which are adequate to ensure the security of sensitive data. Thus, all processing (use, collection, circulation, storage and filing) of personal data must be authorized by the owner according to the purposes indicated by the responsible party. Therefore, it is MUNILY’s duty to ensure that the areas involved in the entire life cycle of the data comply with the provisions of the processing policy and that the personal data is effectively used according to the purposes authorized by the owner.
The processing of data of minors must be subject to the principles, parameters and requirements contained in Article 7 of Law 1581 of 2012, Article 12 of Decree 1377 of 2013 and Ruling C-778 of 2012 of the Constitutional Court.
Through the Munily app it will be possible to capture the image of people and vehicles entering the condominiums that use the Munily app, who prior to entry are informed of this situation by the people in charge of the reception, who will additionally seek at that time the authorization of the owner. The sole purpose of these systems is the security of both the people entering the condominium and its residents.
Data Owners may at any time request MUNILY as Data Controller, the deletion of their personal data and/or revoke the authorization granted for the Processing thereof, by filing a claim, in accordance with the provisions of Article 15 of Law 1581 of 2012. However, it is important to note that the request for deletion of the information and the revocation of the authorization shall not proceed when the Data Subject has a legal or contractual duty by virtue of which it must remain in MUNILY’s database. MUNILY has provided easily accessible and free mechanisms, so that the Data Owners may submit at any time requests for deletion of their data or revocation of the authorization granted. Such mechanisms are set forth in paragraph 3 of Chapter XIII of this document. If upon expiration of the respective legal term, MUNILY as the Responsible Party does not remove the personal data from its databases, the Data Subject may request the Superintendence of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal data. For these purposes, the procedure described in Article 22 of Law 1581 of 2012 shall apply. Finally, it is important to highlight that personal data will be kept in MUNILY’s databases when so required in compliance with a legal or contractual obligation.
Pursuant to the provisions of Article 8 of Law 1581 of 2012, the rights of personal data owners are:
The channels that exist in MUNILY for the exercise of the rights of the Data Subject are found in Chapter XIII of this Policy.
The rights of the Holders established in the Law may be exercised before MUNILY by the following persons:
In accordance with the provisions of the applicable legislation in force, for the exercise of any of the rights of the Data Owner, any of the mechanisms set forth below may be used before MUNILY:
The rights of the holders may be exercised by the aforementioned persons through the channels that have been enabled by MUNILY for this purpose, which are available free of charge, as follows:
As the party responsible for the Processing of personal data, MUNILY must comply with the following duties:
Definition of cookies
A cookie is a small information file that is downloaded to the user’s computer, smartphone or tablet when accessing certain web pages to store and retrieve information about the navigation that is made from the equipment. Through cookies, websites remember information about the user’s visit, which allows them to provide a safer browsing experience. Cookies are associated with anonymous users, that is, those who visit the portals without identification or without registering themselves, as well as those who do. Cookies are not viruses or malicious programs that can damage the devices through which the web page is accessed, therefore, they cannot delete or read user information MUNILY may share information obtained through cookies with external persons or third parties (allies, clients, suppliers or companies linked to the MUNILY Group), in order to improve the service provided to the user. Likewise, the information received through cookies will be used by MUNILY and the third parties described for the purposes described in this document. Types of Cookies
Purpose of cookies
They are necessary for the operation of the website, they cannot be disabled on our systems, they are only set in response to actions taken when requesting service, setting privacy preferences, logging in or completing forms. You can configure the browser of the device you are using to block or alert you to cookies. These cookies do not store any personally identifiable information.
In the event of substantial changes in the content of this Personal Data Processing Policy, they shall be communicated before or at the latest at the time of the implementation of the new policies. In addition, when the change refers to the purpose of the Processing of Personal Data, MUNILY must obtain a new authorization from the owners. In any case, we invite you to regularly or periodically review our website www.munily.com., through which you will be informed about the change and the latest version of this Policy or the mechanisms enabled by MUNILY to obtain a copy of it will be made available to you.
MUNILY in Colombia is part of MUNILY INC and therefore in all that is applicable and does not contravene Colombian legislation on the matter, the MUNILY group, its customers, suppliers, contractors, active or inactive employees, will abide by the guidelines and policies established for the treatment of personal data of MUNILY INC, especially in everything related to the transmission, exchange and/or security of data information between member countries.
This Personal Data Processing Policy was created on February 18, 2022 and is effective as of this day.