PERSONAL DATA PROCESSING POLICY
Hi Colombia School S.A.S.
Effective Date:
- Identification of the Data Controller
Company Name: Hi Colombia School S.A.S.
NIT (Tax ID): 901990022
Main Domicile: Medellín, Antioquia, Republic of Colombia.
Email for Petitions, Complaints, and Claims: hicobmn@gmail.com
Hi Colombia School S.A.S., hereinafter «The Company,» is the legal entity acting as the Data Controller for personal data and, in compliance with the law, is committed to protecting the privacy and security of its clients’, users’, employees’, and suppliers’ information.
- Applicable Legal Framework
This policy is drawn up in strict compliance with the Political Constitution of Colombia (Art. 15), Statutory Law 1581 of 2012, Decree 1377 of 2013, and other concordant regulations that govern personal data protection in the Republic of Colombia.
- Scope of Application
This document applies to the processing of all personal data registered in The Company’s databases that may be processed by it, and it is mandatory for all employees, directors, and contractors of Hi Colombia School S.A.S.
- Key Definitions
For the purposes of this policy, the terms below will have the meaning attributed to them by Law 1581 of 2012:
- Data Subject (Titular): The natural person whose personal data is subject to Processing.
- Personal Data: Any information linked or that can be associated with one or more specific or specifiable natural persons.
- Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.
- Data Controller: The natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Processing of the data. For all purposes, The Company is the Controller.
- Authorization: Prior, express, and informed consent from the Data Subject to carry out the Processing of personal data.
- Guiding Principles
The processing of personal data at The Company will be governed by the following principles: Legality, Purpose, Freedom, Veracity or Quality, Transparency, Restricted Access and Circulation, Security, and Confidentiality.
- Purposes of Processing
The Company collects, stores, uses, and deletes personal data for the following purposes:
Clients and Users:
- To provide, manage, and administer the contracted educational services.
- To carry out billing, collection, and payment management processes.
- To send service-related communications, including notifications, schedules, and academic material.
- To conduct satisfaction surveys and evaluate the quality of our services.
- With proper authorization, to send marketing information, promotions, or news about new products and services from The Company.
- To manage participation in workshops, sessions, and events.
Job Candidates:
- To carry out personnel recruitment, selection, and hiring processes.
Employees and Contractors:
- To comply with legal and contractual obligations of a labor nature.
- Rights of the Data Subject
In accordance with Article 8 of Law 1581 of 2012, the Data Subject has the following rights:
a) To know, update, and rectify their personal data.
b) To request proof of the authorization granted to The Company.
c) To be informed about the use that has been given to their personal data.
d) To file complaints with the Superintendency of Industry and Commerce for violations of the law.
e) To revoke the authorization and/or request the deletion of the data when constitutional and legal principles, rights, and guarantees are not respected.
f) To access, free of charge, their personal data that has been subject to Processing.
- Procedure for Exercising Rights
The Data Subject who wishes to exercise their rights may do so by sending a formal request to the email hicobmn@gmail.com, which must contain at a minimum:
- Full name and contact information of the Data Subject.
- Clear and precise description of the query or claim.
- Documents that support the request, if applicable.
Queries will be addressed within a maximum term of ten (10) business days. Claims will be addressed within a maximum term of fifteen (15) business days, counted from the day following the date of receipt.
- Information Security
The Company has adopted the necessary technical, human, and administrative measures to grant security to the records, preventing their adulteration, loss, consultation, use, or unauthorized or fraudulent access.
- Validity and Modifications
This policy is effective as of its publication date. The Company reserves the right to modify it at any time, in accordance with the law. Any substantial change will be communicated in a timely manner to the Data Subjects through the official website or by email.