Privacy Policy & Data Treatment

Personal Data Treatment Policy MUNILY S.A.S. “MUNILY”

In accordance with Article 9 of Statutory Law 1581 of 2012 and Articles 5, 6 and 7 of Decree 1377 of 2013, we inform you that the personal data collected by MUNILY S.A.S. hereinafter “MUNILY”, will be subject to collection, storage, use and circulation under the terms established in this document. Identification of the Person Responsible for Information Processing: MUNILY S.A.S. “MUNILY”, Calle 69a No. 5-59, floor 2, Bogotá D.C., Colombia, website www.munily.com, and telephone +507 6672-4603. Purposes and Treatment to which Personal Data will be subjected: The personal data provided by you to MUNILY will be stored in MUNILY’s databases and will be used for one of the following purposes: Regarding MUNILY’s clients, data will be processed for the purpose of providing contracted services consisting of legal advice and representation in various legal matters by MUNILY, as well as informing them about regulatory updates or news that MUNILY provides to keep its clients informed and up-to-date on matters of interest. Regarding MUNILY employees, data will be processed for purposes related to their employment, performance and termination of the employment relationship that arises between the employee and MUNILY.

Regarding Suppliers:

Data processing will be carried out in order to contact and contract with suppliers for products or services that MUNILY requires for the normal operation of its operation and for the proper provision of its facilities or offices.

Regarding Job Applicants:

Personal data processing will be carried out in order to carry out personnel selection processes and hiring of employees to link them to the company. Consequently, for the described purposes, MUNILY may: i) Know, store and process all the information provided by the owners in one or several databases, in the format that it deems most convenient. ii) Order, catalogue, classify, divide or separate the information provided by the owners. iii) Verify, corroborate, check, validate, investigate or compare the information provided by the owners, with any information that it legitimately has. iv) Access, consult, compare and evaluate all the information about the owners that is stored in the databases of any legitimately constituted credit risk, financial, judicial background or security central, of a national or foreign, state or private nature. v) Analyze, process, evaluate, treat or compare the information provided by the owners. vi) Study, analyze, personalize and use the information provided by the owners for the monitoring, development and/or improvement, both individually and collectively, of affiliation, service, administration, security or attention conditions, as well as for the development of academic forums, commercial promotion meetings, member lunches, business rounds and commercial missions. MUNILY may share with its business allies who are subject to the conditions of this authorization, the results of the aforementioned studies, analyses, personalizations and uses, as well as all the information and personal data provided by the owners. In the event that MUNILY is not able to carry out the processing on its own, it may transfer the data collected for it to be processed by a third party, with prior notification to the owners of the data collected, which will be responsible for the processing and must guarantee suitable conditions of confidentiality and security of the information transferred for processing.

3. Rights of Data Subjects:

i) Know, update and rectify personal data with MUNILY as the controller or processor, or to exercise the right against anyone who has received the data as a result of their transmission. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data or those whose processing is expressly prohibited or has not been authorized; ii) Request proof of the authorization granted to MUNILY as the controller of the processing, except when it is expressly exempted as a requirement for processing; iii) Be informed by MUNILY as the controller of the processing or the processor, upon request, regarding the use that has been given to my personal data; iv) Lodge complaints with the Superintendence of Industry and Commerce for breaches of the regime for the protection of personal data; v) Revoke the authorization and/or request the deletion of personal data when the constitutional and legal principles, rights and guarantees are not respected in the processing; vi) Access the personal data that have been processed for free.

Sensitive Data:

You have the right to choose not to respond to any sensitive information requested by MUNILY, related, among others, to data on your racial or ethnic origin, membership of trade unions, social or human rights organizations, political, religious, sexual life, biometric or health data.

Data of Minors:

The provision of personal data of minors is optional and must be done with the authorization of the parents or legal representatives of the minor. Attention to Requests, Complaints, Queries and Claims: To make requests, queries, and complaints in order to exercise your rights to know, update, rectify, delete data, or revoke your authorization, please contact MUNILY from Monday to Friday during business hours 8:00 AM – 12:00 PM and 2:00 PM to 5:00 PM by phone at +507 6672-4603 or by email at info@munily.com.

Procedure to Exercise Rights:

You have the right to request proof of your authorization granted to MUNILY, as well as to know, update, and rectify your personal data. To do so, you can make inquiries from Monday to Friday during business hours 8:00 AM – 12:00 PM and 2:00 PM to 5:00 PM by phone at +507 6672-4603 or by email at info@munily.com. When making your consultation request, you must provide the following documents:

If it concerns the Data Subject:

Attach a copy of the identification document.

If it concerns the heir:

Identification document, death certificate of the Data Subject, document accrediting the capacity in which he acts, and the identification number of the Data Subject.

If it concerns a legal representative and/or attorney-in-fact:

A valid identification document, a document accrediting the capacity in which he acts (Power of Attorney), and the identification number of the Data Subject. The inquiry will be addressed within a maximum term of ten (10) business days counted from the filing date. When it is not possible to address the inquiry within said term, the reasons for the delay will be informed, and the date on which the inquiry will be addressed, which in no case shall exceed the five (5) business days following the expiration of the first term. You may access your personal data for free, and the requested information may be provided by any means, including electronic means, as required. Request for deletion of information from our databases or revocation of the authorization granted for the processing of your personal data. To request the deletion of your data from our databases or revoke the authorization granted for the processing of your personal data, you can make your request from Monday to Friday from 8:00 AM to 12:00 M and 2:00 PM to 5:00 PM by calling 7495506 or emailing info@munily.com. Your request must indicate your intention to have your personal data deleted from our databases or to revoke the authorization granted for the processing of your personal data. Likewise, the request must be made clearly identifying the name of the owner, the number of their identification document, and their contact information (updated phone number and email address). When making your consultation request, you must submit the following documents:

If it is the Owner:

Attach a copy of the identification document (c.c., t.i., c.e. or passport).

If it is the heir:

Identification document, death certificate of the Owner, document accrediting the capacity in which they act and the number of the Owner’s identification document.

If it is a legal representative and/or attorney-in-fact:

Valid identification document, document accrediting the capacity in which they act (Power of Attorney), and the number of the Owner’s identification document. If the request is incomplete, the interested party will be required to remedy the deficiencies within five (5) days following its receipt. If two (2) months have elapsed since the date of the requirement without the applicant submitting the required information, it will be understood that they have withdrawn their claim. If the person who receives the claim is not competent to resolve it, they will transfer it to the corresponding authority within a maximum period of two (2) business days and inform the interested party of the situation. Once the complete request is received, the legend “request in process” and the reason for it will be included in the database within a maximum period of two (2) business days. This legend will be maintained until the request is decided. The maximum term to respond to the request will be fifteen (15) business days from the day following the date of receipt. When it is not possible to respond to the request within said term, the interested party will be informed of the reasons for the delay and the date on which their request will be attended, which may in no case exceed eight (8) business days following the expiration of the initial term.

Information Security:

MUNILY has adopted reasonable security measures to protect the information of Owners and prevent unauthorized access to their data or any unauthorized modification, disclosure, or destruction of the same. Access to personal data is restricted to those employees, contractors, representatives, and agents of MUNILY responsible for the processing of the data and who need to know the same to perform their functions and develop the services of the company. MUNILY does not allow access to this information by third parties under conditions different from those announced, except for an express request from the data owner or persons authorized in accordance with national regulations. Notwithstanding the foregoing, MUNILY will not be responsible for cyberattacks and, in general, any action aimed at infringing the security measures established for the protection of personal data and information other than that contained on its computer equipment or on those contracted with third parties. Effective Date of the Information Processing Policy and Duration of MUNILY’s databases: This policy becomes effective on April 10, 2023, and the databases will remain in force for as long as MUNILY operates.