top of page

Data Processing Policy

I. PURPOSE AND SCOPE

This policy establishes the guidelines for the processing of personal data in accordance with Statutory Law 1581 of 2012 and Decree 1074 of 2015 in Colombia, as well as any applicable regulations that supplement, modify, or replace them. Additionally, it considers the principles and provisions of the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA), to the extent that they apply.

 

This policy applies to the holders of personal data processed by Riatiga Ibáñez S.A.S., or by third parties acting on its behalf and under its direction.

 

II. DEFINITIONS

 

For the purposes of this policy, the following definitions apply:

  • Authorization: Prior, express, and informed consent from the data subject for the processing of their personal data.

  • Database: An organized collection of personal data that is subject to processing.

  • Personal Data: Information linked to or that can be associated with an identified or identifiable individual.

  • Private Data: Information that, due to its intimate or reserved nature, is relevant only to its owner.

  • Public Data: Information that is not private or sensitive, such as marital status or profession.

  • Semi-Private Data: Information that is of interest to both the owner and third parties, such as financial data.

  • Sensitive Data: Data that affects the owner’s privacy or may lead to discrimination, such as racial origin, health, or beliefs.

  • Data Processor: A natural or legal person that processes personal data on behalf of the data controller.

  • Data Controller: A natural or legal person who decides on the collection and processing of personal data.

  • Transfer: The sending of personal data to another data controller, within or outside the country.

  • Transmission: The communication of personal data to a processor who processes it on behalf of the controller.

  • Processing: Any operation on personal data, such as collection, storage, use, circulation, or deletion.

III. GUIDING PRINCIPLES

 

The processing of personal data will be governed by the following principles:

  • Purpose and Limitation: Data will be processed for a legitimate purpose that is informed to the owner.

  • Freedom and Consent: Processing will be carried out with prior authorization, except in legally permitted cases.

  • Truthfulness and Quality: Data must be accurate, updated, and verifiable.

  • Transparency: Data subjects have the right to know about the existence and use of their data.

  • Restricted Access and Circulation: Only authorized persons will have access to the data.

  • Security: Measures will be implemented to protect data against unauthorized access or fraud.

  • Confidentiality: All individuals involved in data processing must guarantee its confidentiality.

IV. AUTHORIZATION AND CONSENT

 

Riatiga Ibáñez S.A.S. will obtain express authorization from data subjects before processing their data, except in cases where the law permits omission. Authorization may be obtained through physical or digital means and must inform the data subject about:

  • The identity of the data controller.

  • The purpose of data processing.

  • The rights of the data subject.

  • The possibility of withdrawing consent at any time.

V. PURPOSE OF DATA PROCESSING

 

Personal data will be processed for the following purposes:

  • To provide contracted services and manage client relationships.

  • To comply with contractual and legal obligations.

  • To manage invoicing and payment processes.

  • To send information about products and services, with prior authorization.

  • To conduct satisfaction surveys and improve service quality.

VI. DATA SUBJECT RIGHTS

 

Data subjects have the following rights:

  • To access, update, and correct their personal data.

  • To request proof of the authorization granted.

  • To be informed about how their data is being used.

  • To file complaints with the data protection authority.

  • To revoke authorization and/or request the deletion of data when there is no legal or contractual obligation to retain it.

VII. INTERNATIONAL TRANSFER AND TRANSMISSION OF DATA

 

Personal data may only be transferred to third parties inside or outside the country when:

  • The data subject has provided consent.

  • The transfer is made to countries with an adequate level of data protection.

  • The security and confidentiality of the data are guaranteed.

VIII. SECURITY MEASURES

 

Riatiga Ibáñez S.A.S. will adopt technical, administrative, and organizational measures to protect personal data against loss, misuse, or unauthorized access.

 

IX. CONTACT INFORMATION AND PROCEDURES FOR EXERCISING RIGHTS

For inquiries, complaints, or requests related to data processing, data subjects may contact us through the following channels:

  • Responsible Entity: Riatiga Ibáñez S.A.S.

  • Email: info@riatigaibanez.com

  • Phone: (+57) 3114706794

  • Address: Cra. 8 b No. 107-30 Apto. 806, Bogotá, Colombia

X. POLICY UPDATES AND EFFECTIVENESS

 

This policy will take effect from its date of publication and may be modified at any time. Any updates will be communicated to data subjects through the company's official channels.

Copyright 2025 © Riatiga Ibáñez

bottom of page