fbpx
Potencia tu ecommerce con nuestro servicio integral

PERSONAL DATA TREATMENT POLICY SOPHIE DIGITAL SOLUTIONS S.A.S.

SOPHIE DIGITAL SOLUTIONS S.A.S., a commercial company identified with NIT 901545914, with HEADQUARTERS IN BOGOTÁ, COLOMBIA, in the development of its commercial activities, has designed its policy for the treatment of personal data, which reflects the principles and rules established in the General Data Protection Regime, contained in Law 1266 of 2008 and Law 1581 of 2012, regulated by Decree 1377 of 2013. The objective is to protect, manage, and give appropriate treatment to the personal data of our clients, suppliers, employees, affiliates, executives, and other interested parties, seeking to guarantee the fundamental right to habeas data and the decision-making and control power they have over the information, use, and destination of their personal data. This information is contained in databases, files, and information with data subject to processing. Additionally, it seeks to inform how the company collects, stores, manages, uses, circulates, and treats the information provided through various means.

1. PURPOSE

SOPHIE DIGITAL SOLUTIONS S.A.S. will obtain and manage the personal data provided to it by its clients, suppliers, employees, affiliates, executives, and other interested parties for the purposes and, consequently, in the development of its corporate purpose, in all operations, acts, or contracts that are directly related to commercial activities and are not prohibited by law, such as:

1. Compliance with obligations incurred under contracts and commercial relationships established.
2. Conducting events, campaigns, studies, promotions, or contests of a commercial, social, marketing, advertising nature, or in execution of our corporate purpose.
3. Providing information about our products and services.
4. Informing about changes made to our products, as well as their prices or changes in services.
5. Conducting surveys to evaluate the quality of our services and other necessary evaluations.
6. Transferring to third parties for promotional purposes.

2. GLOSSARY

The following are the definitions established by current regulations:

  • 2.1. Autorización: consentimiento previo, expreso e informado del titular para llevar a cabo el tratamiento de los datos personales.
  • 2.2. Privacy Notice: Communication that is made verbally or through a physical, electronic, or any other format, which is generated by SOPHIE DIGITAL SOLUTIONS S.A.S., and has been made available to the data subject for the processing of their personal data. In this notice, the data subject is informed about the existence of the personal data processing policies that will be applicable, how to access them, their purpose, and the characteristics of the processing intended for the personal data.
  • 2.3. Database: Consists of an organized set of personal data that is subject to processing.
  • 2.4. Personal Data: According to Law 1581 of 2012, it is any information linked to or that can be associated with one or more identifiable or identifiable natural persons.
  • 2.5. Public Data: Personal data classified as public by law or the Political Constitution. Public data includes, among others, information related to a person's marital status, their profession or trade, and their status as a merchant or public servant.
  • 2.6. Sensitive Data: Personal data whose use affects the privacy of the data subject or whose improper use may lead to discrimination, such as information revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social organizations, human rights organizations, or that promotes the interests of any political party or guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
  • 2.7. Processor: A natural or legal person, public or private, who on their own or in association with others, carries out the processing of personal data on behalf of the data controller.
  • 2.8. Data Protection Officer: This is the person within SOPHIE DIGITAL SOLUTIONS S.A.S., whose role is to monitor and control the implementation of the personal data protection policy and will be the legal representative of SOPHIE DIGITAL SOLUTIONS S.A.S.
  • 2.9. Data Controller: A natural or legal person, public or private, who on their own or in association with others, decides on the database and/or the processing of the data.
  • 2.10. Data Subject: A natural person whose personal data is subject to processing, as established in numeral 4 of this policy.
  • 2.11. Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion.
  • 2.12. Transfer: It consists of sending personal data to a recipient who, in turn, is responsible for the processing under the terms of Law 1581 of 2012.
  • 2.13. Transmission: It is the communication of personal data within or outside the territory of the Republic of Colombia, with the purpose of carrying out processing by the processor on behalf of SOPHIE DIGITAL SOLUTIONS S.A.S.
3. PRINCIPLES OF PERSONAL DATA PROCESSING

Our organization is committed to complying with the following principles in the processing of personal data:

  • 3.1. Legality: We will only process personal data in a legitimate manner, based on an appropriate legal basis, such as the consent of the data subject, compliance with a legal obligation, or the fulfillment of a contract.
  • 3.2. Purpose: Personal data will be collected and processed for specific and legitimate purposes and will not be processed in a manner incompatible with those purposes.
  • 3.3. Data Quality: We will keep personal data accurate, up to date, and relevant for the purposes for which it is processed.
  • 3.4. Transparency: We will inform data subjects about how their personal data is processed, including the purpose of the processing, the recipients of the data, and their rights as data subjects.
  • 3.5. Security: We will implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.
  • 3.6. Retention: We will maintain personal data for as long as necessary to fulfill the purposes for which they were collected, unless retention is required or permitted by law.
  • 3.7. Rights of Data Subjects: We will respect and uphold the rights of data subjects, including the right to access, rectification, deletion, opposition, restriction of processing, and portability of their personal data.
  • 3.8. Restricted Access and Circulation: The processing that SOPHIE DIGITAL SOLUTIONS S.A.S. will give to personal data will be subject to the provisions established in the Law and the Constitution. Personal data may not be available on the internet or in other mass dissemination or communication media, except for those that are of a public nature or those for which access is technically controllable to provide restricted knowledge to the data subject or authorized third parties.
  • 3.9. Confidentiality: Individuals involved in the processing of personal data that are not of a public nature are obligated to ensure the confidentiality of the information provided, even after their relationship with any of the tasks involved in the processing has ended.
4. DATA SUBJECT

For the purposes of this policy, data subjects shall be understood to include distributors, employees, service providers, clients, suppliers, and generally, any natural person who is the owner of the personal data recorded in the databases of SOPHIE DIGITAL SOLUTIONS S.A.S. In the case of minors (children and adolescents), their legal representatives shall have the authority to authorize or not the processing of their personal data. In the processing of this data, respect for the prevailing rights of minors, such as privacy and protection of personal information, will be ensured.

5. RIGHTS OF THE DATA SUBJECTS

Data subjects whose personal data is recorded in the databases of SOPHIE DIGITAL SOLUTIONS S.A.S. have the following rights:

  • 5.1. To know, update, and rectify their personal data. These rights may be exercised, among others, against partial, inaccurate, incomplete, fragmented data that may lead to error, or data whose processing is expressly prohibited or has not been authorized.
  • 5.2. To request proof of the authorization granted to SOPHIE DIGITAL SOLUTIONS S.A.S. for the collection, storage, or processing of their data, unless expressly exempted as a requirement for processing, in accordance with the provisions of Article 10 of Law 1581 of 2012.
  • 5.3. To be informed regarding the use that has been made of their personal data by SOPHIE DIGITAL SOLUTIONS S.A.S. or the data processor, upon request.
  • 5.4. By filing a complaint in accordance with Article 15 of Law 1581 of 2012, they may request the revocation of the authorization and/or request the deletion of the personal data when the processing does not respect the principles, rights, and constitutional and legal guarantees, or at any time as long as the data subject is not under a legal or contractual obligation to remain in the databases of SOPHIE DIGITAL SOLUTIONS S.A.S. and in accordance with the appropriate procedure.
  • 5.5. To access their personal data that has been processed free of charge once a month.
  • 5.6. To access their personal data that has been processed free of charge. According to Article 9 of Law 1581 of 2012, without prejudice to the exceptions provided by law, the processing of data requires the prior and informed authorization of the data subject, which must be obtained by any means that can be subject to later consultation.
6. OBLIGATIONS AND DUTIES OF THE DATA SUBJECT
  • 6.1. The data subject agrees to provide SOPHIE DIGITAL SOLUTIONS S.A.S. with true, accurate, updated, and complete information about themselves, as indicated in the registration form. Additionally, the data subject agrees to assist SOPHIE DIGITAL SOLUTIONS S.A.S. in keeping this information updated and complete.
  • 6.2. SOPHIE DIGITAL SOLUTIONS S.A.S. reserves the right to remove, without prior notification to the data subject, any information posted on the website that it deems harmful or detrimental to its interests or the interests of third parties.
  • 6.3. When the data subject provides any information to SOPHIE DIGITAL SOLUTIONS S.A.S., the data subject must take precautionary measures to prevent the loss or misuse of such information. If such measures are not taken, SOPHIE DIGITAL SOLUTIONS S.A.S. will not be responsible for the use that third parties may make of information improperly secured and protected by the data subject.
  • 6.4. The data subject will not collect or disclose the personal data or information of other users of the SOPHIE DIGITAL SOLUTIONS S.A.S. website that is disclosed through it or that resides in the information systems of SOPHIE DIGITAL SOLUTIONS S.A.S.
  • 6.5. The data subject will not publish on other websites or through any means the personal data or information of other data subjects from the SOPHIE DIGITAL SOLUTIONS S.A.S. website that is disclosed through it or that resides in the information systems of SOPHIE DIGITAL SOLUTIONS S.A.S.
  • 6.6. The provision of false information or the omission of any obligation or duty of the data subject established in this privacy policy grants SOPHIE DIGITAL SOLUTIONS S.A.S. the right to automatically terminate, without prior notice and definitively, the provision of services to the data subject.
  • 6.7. To know, update, and rectify their personal data before SOPHIE DIGITAL SOLUTIONS S.A.S. This right may be exercised, among others, in relation to partial, inaccurate, incomplete, fragmented data, data that may induce error, or data whose processing is expressly prohibited or has not been authorized.
  • 6.8. To request the revocation and/or deletion of their personal data when SOPHIE DIGITAL SOLUTIONS S.A.S. engages in conduct contrary to the Law and the Constitution.
7. COMPANY OBLIGATIONS
The company will use the information to fulfill its functions and obligations derived from the development of the company’s corporate purpose, establishment, or e-commerce. The company may use this information for marketing purposes, statistical analysis, sending documentation, contacting, providing information, promotions, and events, unless the individual explicitly or verbally requests the removal or deletion of their data from the databases through the mechanisms established in this policy. Additionally, data may be transferred to third parties for promotional purposes when engaging in any activity with the company, either in person or through electronic means. The individual must give explicit or tacit consent for the handling of the information. Consent must be free, prior, explicit, and informed on the part of the data subject, except in cases expressly authorized by law.
8. COMPANY DUTIES
  • 8.1. Request authorization for the processing of personal data and inform the individual of its intended use.
  • 8.2. Acknowledge the data subject’s right to exercise their fundamental right to habeas data.
  • 8.3. Use the information under maximum security conditions to prevent its loss, manipulation, alteration, or fraudulent use.
  • 8.4. Update or correct the information when necessary.
9. COLLECTION AND HANDLING OF PERSONAL DATA

This policy will apply in cases where SOPHIE DIGITAL SOLUTIONS S.A.S. requests the completion of affiliation requests, surveys, or forms via phone, digital platforms, or in-person, as well as event attendance sheets, without prejudice to the specific conditions that apply in each case. From the moment the data subject authorizes SOPHIE DIGITAL SOLUTIONS S.A.S. to collect and process their personal data, such data may be used in the course of its commercial and business activities. SOPHIE DIGITAL SOLUTIONS S.A.S. may use the data subject’s personal information, such as email address, physical address, and/or landline or mobile phone number, to send advertisements related to its product and service offerings, and to contact the subject for events and other activities. In any case, depending on the activity, SOPHIE DIGITAL SOLUTIONS S.A.S. will clearly communicate to the data subject the mechanisms available to them to access, update, modify, and delete their data, as well as to revoke the authorization granted. Data collection also occurs in the following way:

When visitors leave comments on the website, the data displayed in the comment form, as well as the visitor’s IP address and browser user agent string, are collected. This information is gathered to facilitate spam detection and prevention.

Additionally, an anonymous string created from the visitor’s email address (also known as a hash) may be provided to the Gravatar service to check if it is in use. The Gravatar service’s privacy policy is available at the following link: https://automattic.com/privacy/.

Once the comment has been approved, the visitor’s profile picture associated with Gravatar will be visible to the public in the context of the comment made.

This policy is designed to ensure transparency and proper handling of personal data in compliance with current data protection regulations.

Guidelines for Uploading Images to the Website

When uploading images to this website, users are strongly encouraged to avoid uploading images that contain embedded location data (such as GPS EXIF). It is important to note that visitors to the website may download the images and extract any location data contained in them.

The responsibility for ensuring that images do not contain such location data lies with the user who uploads them. This measure is necessary to protect users’ privacy and security and to comply with current data protection regulations.

10. AUTHORIZATION

By using the website of SOPHIE DIGITAL SOLUTIONS S.A.S. or providing personal information, the data subject authorizes the collection, use, disclosure, transfer, and transmission of their personal information as described in this Policy and in accordance with the Privacy Statements of the applicable website or country.

For purposes of protection under the Habeas Data Law, the data subject authorizes SOPHIE DIGITAL SOLUTIONS S.A.S. to report them to CIFIN, DATACREDITO, and PROCREDITO entities, as outlined in this section. SOPHIE DIGITAL SOLUTIONS S.A.S. may continue processing the data contained in its databases for the purposes indicated in this policy, without prejudice to the data subject’s right to request the deletion of their data at any time.

11. PRIVACY, CONFIDENTIALITY, AND SECURITY OF PERSONAL DATA HANDLED BY SOPHIE DIGITAL SOLUTIONS S.A.S.
  • 11.1. SOPHIE DIGITAL SOLUTIONS S.A.S. will ensure the privacy, confidentiality, and security of the data provided by the data subjects, preventing any tampering, loss, unauthorized or fraudulent consultation, use, or access by third parties.
  • 11.2. In accordance with the principle of autonomy, SOPHIE DIGITAL SOLUTIONS S.A.S. reserves the right to maintain and classify the information stored in its databases as confidential.
  • 11.3. SOPHIE DIGITAL SOLUTIONS S.A.S. will implement the necessary technical, human, and administrative measures to safeguard personal data, preventing any tampering, loss, unauthorized or fraudulent consultation, use, or access.
  • 11.4. SOPHIE DIGITAL SOLUTIONS S.A.S. acknowledges that some of its portals may contain links to third-party websites over which it has no control or management. Therefore, it is not responsible for the content, privacy policies, security, and/or handling of personal data on those sites. It is the obligation of the data subject to review the protection and data handling policies on the respective third-party portals.
  • 11.5. On the SOPHIE DIGITAL SOLUTIONS S.A.S. website, secure instructions will be provided for each data subject to interact with their personal data and submit any requests regarding correction, modification, and/or deletion of their information.
12. RIGHT TO HABEAS DATA

Article 15 of the Political Constitution establishes the right of all individuals to know, update, and rectify information that has been collected about them in databases or archives, both from public and private entities. “All persons have the right to their personal and family privacy and to their good name, and the State must respect and protect these rights.”

Likewise, individuals have the right to know, update, and rectify the information collected about them in databases or archives of public and private entities. This right includes the authority to authorize data processing, add new data, exclude or delete information from a database or archive. In accordance with this, Law 1581 “General Law on Personal Data Protection” was issued, which expands on the right to Habeas Data beyond just financial and credit aspects, allowing any data subject to control the information collected about them in any database or archive managed by private or public entities. Under this general law, the data subject is a natural person.

13. PROCEDURE FOR EXERCISING HABEAS DATA RIGHTS

Article 15 of the Political Constitution establishes the right of all individuals to know, update, and rectify the information collected about them in databases or archives, both from public and private entities. “All persons have the right to their personal and family privacy and to their good name, and the State must respect and protect these rights.”

Likewise, individuals have the right to know, update, and rectify the information collected about them in databases or archives of public and private entities. This right includes the authority to authorize data processing, add new data, exclude or delete information from a database or archive. In accordance with this, Law 1581 “General Law on Personal Data Protection” was issued, which expands on the right to Habeas Data beyond just financial and credit aspects, allowing any data subject to control the information collected about them in any database or archive managed by private or public entities. Under this general law, the data subject is a natural person.

14. HANDLING REQUESTS AND COMPLAINTS

To manage and address requests, claims, and complaints, or to exercise their rights, the data subject must send an email to info@sophie.com.co. If additional information is required, the interested party can also contact the WhatsApp number: +57 321 925 30 72. SOPHIE DIGITAL SOLUTIONS S.A.S. will respond to the petitioner within the timeframes established by Law 1581 of 2012. For petitions and claims, the request must include all necessary and applicable information to ensure a timely and effective response. It should also contain a clear and precise description of the personal data for which the data subject seeks to exercise their rights. Every request must be submitted by the data subject or their legal representative, and SOPHIE DIGITAL SOLUTIONS S.A.S. reserves the right to verify the petitioner’s identity by any means. The claim must be filed as a request addressed to the administrative department, including the identification of the data subject, the description of the facts leading to the claim, the address, and any required supporting documents. Regardless of the mechanism used to submit petitions, complaints, or claims, they will be addressed within a maximum period of ten (10) business days from the date of receipt.

If it is not possible to address the query within that period, the interested party will be informed before the deadline, stating the reasons for the delay and specifying the date on which the query will be addressed, which in no case may exceed five (5) business days following the initial deadline. Requests for updates, corrections, rectifications, or deletion of data will be answered within fifteen (15) business days from the day following the date of receipt. If it is not possible to respond within that period, the interested party will be informed before the deadline, explaining the reasons for the delay and indicating the date the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial period. Before contacting the entity responsible for overseeing compliance with data protection regulations, the data subject must first file their claim with SOPHIE DIGITAL SOLUTIONS S.A.S. through the designated channels.

15.⁠ ⁠INFORMATION SUPPLY CHANNELS

SOPHIE DIGITAL SOLUTIONS S.A.S. provides the following communication channels for data subjects:
Website: sophie.com.co
Email: info@sophie.com.co
Phone line: +57 321 925 3072

16. EFFECTIVE DATE AND MODIFICATION

This policy is effective from June 1, 2024, and will remain in force as long as SOPHIE DIGITAL SOLUTIONS S.A.S. operates within its corporate purpose in Colombia or until the law dictates otherwise. SOPHIE DIGITAL SOLUTIONS S.A.S. reserves the right to unilaterally modify this policy at any time, and it will promptly notify data subjects of any changes. According to instructions from the Superintendency of Industry and Commerce, these policies will be published in accordance with the entity’s guidelines.

When substantial changes occur in the privacy policy, a new authorization will generally be obtained through the usual means of contact between the company and the data subjects. Any significant changes in the data processing policies will be communicated promptly to the data subjects through regular communication channels and/or via: the website info@sophie.com.co. If contacting individuals is not feasible, notifications will be made through public notices at the company’s headquarters.

17. CHANGES TO THIS POLICY OR OUR PRIVACY STATEMENTS

SOPHIE DIGITAL SOLUTIONS S.A.S. reserves the right to update or modify this Policy at any time without prior notice by posting the revised version on our websites. We also reserve the right to update or modify our website or country-specific Privacy Statements at any time by posting the updated declaration on the respective SOPHIE DIGITAL SOLUTIONS S.A.S. website. In the case of modifications to this Policy or any Privacy Statement, the changes will only apply to personal information collected after the updated Policy or statement is posted on the relevant website.

18. USE OF COOKIES

Cookies are small data files that allow us to compare and understand how users navigate through our website, thereby improving and personalizing the shopping experience.

19. LEGAL COMPLIANCE

SOPHIE DIGITAL SOLUTIONS S.A.S. is committed to complying with all applicable data protection laws and regulations. We will maintain appropriate records and documentation to demonstrate compliance and will cooperate with data protection authorities in the event of investigations or audits.

20. INFORMATION SECURITY AND SECURITY MEASURES

In compliance with the security principle established by current regulations, SOPHIE DIGITAL SOLUTIONS S.A.S. has adopted the necessary technical, human, and administrative measures to secure records, preventing their alteration, loss, unauthorized or fraudulent use or access. These measures, protocols, and procedures are outlined in the organization’s internal information security documents, which are reserved for internal use only.

21. APPLICABLE LEGISLATION
  • Political Constitution of Colombia, Articles 15 and 20
  • Law 527 of 1999 – Law 1266 of 2008 – Law 1273 of 2009
  • Regulatory Decrees 1727 of 2009, 2952 of 2010, 1377 of 2013, and 886 of May 13, 2014
  • Constitutional Court Ruling C-748 of 2011
Web design experts, masters of innovation.
Instagram

Navegation

Services

Contact

All rights reserved 2024 | Sophie Digital Solutions SAS
Abrir chat
Powered by Joinchat
Hola 👋
¿En qué podemos ayudarte?