Processing of personal data

PERSONAL INFORMATION PROCESSING POLICY OF MURÁ SAS

ENTITY RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA

  • Company name: MURÁ SAS
  • NIT: 901629888-2
  • Address: Km 17 via las palmas - Mall indiana of 282
  • Emails: notifications@gndw.co
  • Phone: 6043860157
  • Web Portals: https://muraecuestre.co/
  1. WHO ARE WE?

We are MURÁ SAS , a company that produces and markets clothing specialized in equestrian sports.

In this Policy we call ourselves "MURÁ" ; we are responsible (data controllers in technical language of Law 1581 of 2012 on Data Protection or "LEPDP") for the processing of your personal data that we capture through physical or electronic forms, email, telephone, social networks, among others.

  1. PERSONAL DATA PROCESSING POLICY

At MURÁ we respect your privacy and choices, and we make sure that privacy, data protection and information security are embedded in what we do as a company. We are committed to keeping your personal data safe, and being transparent about how we use your personal information. We respect your rights and will always try to meet your requests to the extent possible, in accordance with our legal responsibilities.

  1. DEFINITIONS AND CONCEPTS

In order to help you determine in a clear and simple way the meaning of the technical terms frequently used in the field of personal data protection, we will help you identify the terms that you will frequently find in this document, which are defined below:

  • Authorization: Prior, express and informed consent of the owner to carry out the processing of personal data.
  • Database: Organized set of personal data that is subject to processing.
  • Consent of the owner: It is an informed, free and unequivocal manifestation of will through which the owner of personal data accepts that a third party uses his or her information.
  • Queries: The holders or their successors in title may consult the holder's personal information held in any database, whether public or private. The person responsible for the processing or the person in charge of the processing must provide them with all the information contained in the individual record or that is linked to the holder's identification.
  • Personal Data: Refers to any information associated with a natural person (identified or identifiable), relating to both his or her identity (name and surname, address, affiliation, etc.) and his or her existence and occupations (studies, work, illnesses, etc.).
  • Public Data: Data classified as such by the Constitution or the Law and all data that is not semi-private or private, in accordance with Colombian law. Public data, among others, includes data contained in public documents, gazettes and judicial bulletins, duly executed judicial sentences that are not subject to reservation, and data relating to the civil status of persons.
  • Semi-private Data: Semi-private data is data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to society in general, such as financial and credit data of commercial or service activity.
  • Private Data: Data that, due to its intimate or reserved nature, is only relevant to the owner.
  • Sensitive Data: For the purposes of this Policy, sensitive data is understood to be any data that affects the privacy of the owner or whose misuse may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sexual life and biometric data.
  • Data processor: The person who manages and/or manipulates personal data on behalf of the controller, but does not decide how or for what purpose. Their work is operational and is carried out based on the instructions and directions of the controller.
  • Habeas Data: It is the right of every owner of information to know, update, rectify or oppose the information concerning his or her personal data.
  • Protection of personal data: This is a fundamental right of all natural persons. It seeks to protect their privacy and intimacy against a possible violation due to the improper processing of personal data captured by a third party.
  • Claim: The owner or his successors in title who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged non-compliance of any of the duties contained in the law or in this Policy, may file a claim with the data controller or the data processor.
  • Data controller: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the processing of personal data.
  • Processing: Any physical or automated operation or procedure that allows personal data to be captured, recorded, reproduced, stored, organized, modified or transmitted.
  • Owner of personal data: The natural person whose personal data is being processed by a third party.
  • LEPDP: Statutory Law on the Protection of Personal Data.
  1. WHAT DATA DO WE COLLECT AND HOW DO WE USE IT?

The data we collect or will collect may include, but is not limited to, the following: first and last name(s), ID type and number, gender, email address, postal address, shipping address, billing address, landline and/or mobile phone number, date of birth, date of issue of ID document, bank account details, order details, transaction information including purchased products, payment and information, purchase history, home address, user account registration, information you have shared with us about yourself (for example via social media or instant messaging services, IP address, browser information, information from your device, location, data relating to your browsing on our website(s), advertisements, length of your visit, products you searched for and/or selected to create your purchase, posts made on social media where you are part of our community, social media groups, any comments mentioned in your post; equally if you exercise any of your legal rights under the LEPDP , we will keep a record of this and how we respond. We inform you that your data may be captured, stored, used, consulted, processed, reported, deleted, updated, anonymized, dissociated, transmitted and transferred to third parties within and outside the national territory, and in general processed manually or automatically to carry out the purposes mentioned below:

  1. Customers: Validate the information provided in physical or electronic forms, promote, provide, invoice and distribute the products, guarantee the company's after-sales service, establish a channel for adequate communication between MURÁ and its customers, suppliers, business partners, etc.; build customer loyalty, conduct customer research on their tastes, consumption habits, analysis of demographic characteristics; make positive or negative reports to the centers that manage credit information; improve customer service, innovate and perfect the products and services offered, as well as publicize news of interest and updates; and in general maintain adequate knowledge and communication of and with the customer. Additionally, you authorize the transfer and/or transmission of your personal data to affiliated companies, contact center services, storage and conservation services that may be located in Colombia.
  2. Applicants, Apprentices and Employees: Verify personal, family, work, professional and historical information of APPLICANTS AND/OR EMPLOYEES, carry out affiliations to the entire General Social Security System and compliance with parafiscal obligations (ICBF, SENA and compensation funds), facilitate personal relationships between all of MURÁ's interest groups, to carry out demographic statistics on EMPLOYEES AND/OR APPLICANTS, update personal data when they are presented and thus facilitate communication, carry out processes and procedures regarding claims before state entities or those that perform public functions, carry out personal and professional training and development work, facilitate the acquisition of the products that MURÁ produces, carry out audits and continuous improvement processes, comply with fiscal and constitutional regulations, pay salaries, support and/or other expenses; enter into agreements with third parties that facilitate the fulfillment of this purpose and that improve the quality of life of employees and their families, fill vacancies and positions.
  3. Suppliers, contractors and allies: Carry out evaluations and selections of potential suppliers and contractors, establish business relationships to acquire goods and/or services, Comply with the obligations contracted by virtue of the execution of contracts, Report on new requirements and orders, enter into agreements with third parties, evaluate the levels of service received by contractors and suppliers, carry out control and accounting registration processes of the obligations contracted with suppliers, compliance with fiscal, accounting, tax and procedural standards with government and regulatory entities, exercise payment control for goods and services received, consultations, audits, simulations and reviews derived from the business relationship between the supplier and the contractor.
  4. Video Surveillance Systems: We capture personal data such as images and videos through cameras, video cameras, analog and/or digital and/or IP cameras, closed circuit television (CCTV) in order to carry out the following purposes: provide security to property and people (employees and visitors to the facilities) within a specific physical space.

  5. RIGHTS OF PERSONAL INFORMATION OWNERS AND APPLICABLE PROCEDURE

Every holder of personal information has the right to access their data free of charge, consult, request correction, update or deletion of their information, revoke their authorization and file complaints with the personal data protection authority.

  • 5.1. Access: We guarantee your right of access in accordance with the LEPDP as the owner of personal data. Access is permitted only to the owners of private personal data that correspond to natural persons, upon proof of their identity as the owner, legitimacy, or personality of their representative, making available to them, free of charge, in a detailed and detailed manner, the respective personal data processed, through any means of communication, including electronic means that allow direct access by the owner. Such access is subject to the limits established in article 21 of Regulatory Decree 1377 of 2013. We undertake to process your right of access in accordance with the procedure and terms indicated in point 5.2.
  • 5.2. Consultation: As the owner, you may consult your personal information that is in our databases and files. Consequently, we guarantee your right to consultation in accordance with the provisions of the LEPDP, providing you with the information that is under our control. We establish authentication measures that allow us to securely identify the owner of the personal data who makes the consultation or request. Regardless of the mechanism implemented to handle consultation requests, these will be processed within a maximum period of ten (10) business days from the date of receipt. In the event that a consultation request cannot be attended to within the aforementioned period, the interested party will be informed before the expiration of the period of the reasons why their query has not been answered, which in no case may exceed five (5) business days following the expiration of the first period.
  • 5.3. Complaint: As the owner, you may file a complaint if you consider that the information contained or stored in a database may be subject to correction, updating or deletion, or when you notice the alleged non-compliance with any of the duties and principles contained in the regulations on personal data protection. In this regard, you may file a complaint directly or, failing that, to the person in charge of processing your data. We will define the authentication measures that allow us to securely identify the owner of the personal data who is filing the complaint, who may file it directly, taking into account the information indicated in article 15 of the LEPDP. If the complaint is incomplete, you must complete it within five (5) business days following receipt of the complaint, in order to correct the faults or errors. After two (2) months from the date of the request, without the requested information being submitted, it will be understood that you have withdrawn the complaint. In the event of a claim that is not within our jurisdiction, we will forward it to the appropriate party within a maximum period of two (2) business days and inform you of this situation. Once we have received the complete claim, a legend stating "claim in process" and the reason for it will be included in the database within a period of no more than two (2) business days. This legend will remain until the claim is decided. The maximum period to resolve the claim is fifteen (15) business days, counted from the day following the date of receipt. When it is not possible to address the claim within this period, we will inform you of the reasons for the delay and the date on which your claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first period.
  • 5.4. Rectification and updating: We undertake to rectify and update your incomplete or inaccurate personal information in accordance with the procedure and terms set out in point 5.3. The above, provided that the data is not contained in public records. In this regard, we will take into account the following: 1. In requests for rectification and updating of personal data, you must indicate the corrections to be made and provide the documentation that supports your request; 2. We have full freedom to enable mechanisms that facilitate the exercise of this right, provided that they benefit you as the owner of the personal data. Consequently, we may enable electronic or other means that we consider pertinent and secure for better access.
  • 5.5. Deletion: As the data subject, you have the right at any time to request that we delete your personal data, provided that this is not prevented by a legal or contractual provision. We undertake to delete your personal information in accordance with the procedure and terms set out in point 5.3.
  • 5.6. Revocation of consent: You may revoke your consent to the processing of your personal data at any time, provided that this is not prevented by a legal or contractual provision. We undertake to revoke your consent in accordance with the procedure and terms set out in point 5.3.
  • 5.7. Submit complaints to the data protection authority: Holders of personal information may submit complaints to the Superintendency of Industry and Commerce (hereinafter the “SIC”) for violations of the provisions of the LEPDP and other regulations that modify, add to or complement it.
  1. EXERCISE OF THE RIGHTS OF PERSONAL INFORMATION OWNERS

Your personal data is protected by the Colombian Political Constitution and the LEPDP; All holders of personal information have the right to access their data free of charge, consult, request correction, update or deletion of their information and revoke their authorization by sending a communication to our data protection officer at the email address indicated in section 8 of this policy. Please indicate or communicate in your request the data subject: “Consultation, Petition or Complaint, Law 1581 of 2012”.

  1. HOW CAN YOU EXERCISE YOUR RIGHTS?

Any request for consultation or claim must contain at least the following information:

  • Names and surnames of the Owner and/or his/her representative and/or successors in title.
  • What you intend to consult or claim.
  • Physical address, email address and contact telephone number of the Owner and/or his/her successors or representatives.
  • Corresponding identification number.
  • Submit through the channel established in section 6 of this Policy.

The rights of consultation and claim may be exercised as follows:

  • On your own behalf: You may exercise your right directly by making a query or claim in relation to the data stored in our databases and/or files. You will have the right to know, update, access, rectify, delete, request proof of authorization granted, be informed regarding the use of your data and revoke the authorization granted.
  • Through a representative: You may exercise your right through a representative. For these purposes, you must attach the authenticated power of attorney with the request. If the request is submitted by a person who is not the owner of the personal information, without complying with the presentation of the appropriate document supporting the representation, it will be considered as not submitted and no response will be given to said request.
  • Exercise of the rights of minors: Minors must exercise their right to Habeas Data through someone who proves their legal representation.
  • Rectification and updating: We undertake to rectify and update your incomplete or inaccurate personal information in accordance with the procedure and terms set out in point 5.3. The above, provided that it is not data contained in public records. In this regard, we will take into account the following: 1. In requests for rectification and updating of personal data, you must indicate the corrections to be made and provide the documentation that supports your request; 2. We have full freedom to enable mechanisms that facilitate the exercise of this right, as long as they benefit you as the owner of the personal data. Consequently, we may enable electronic or other means that we consider pertinent and secure for better access.
  1. AREA OR PERSON IN CHARGE OF PROCESSING INQUIRIES, REQUESTS AND CLAIMS

If you have any questions about this Policy, or wish to exercise your rights to know, update, rectify and delete data, or revoke authorization, you may do so by sending an electronic communication to our data protection group, the Information Security Directorate. The data protection group will be the contact person for the holders of Personal Data, for all matters provided for in this Policy.

Channels for handling queries, complaints and claims:

 

MURA:
Email: notifications@gndw.co.

Address: Km 17 via las palmas - Mall indiana of 282.

Telephone: 6043860157.

  1. SECURITY AND CONFIDENTIALITY

In order to comply with the security principle of the LEPDP, and maintain the confidentiality, integrity and availability of the personal data contained in our databases and files, we will adopt the necessary security measures to prevent alteration, loss and unauthorized processing or access to your personal data.

  1. DATA OF MINORS

MURÁ reserves the right to recognize a minor as a CUSTOMER.

In the event that MURÁ determines that a minor is requesting to be its CLIENT, it may reject such request outright and immediately delete the data provided by the minor.

However, MURÁ may act as a data provider to adolescents and may use their data for statistical purposes, but will NEVER put it into circulation; when data processing of minors is carried out, in the terms established in this article, it is presumed that their parents have given authorization and have issued a favorable opinion on the maturity that they have in opinion, listening, autonomy and capacity to determine their perception regarding the products produced by MURÁ.

When using the MURÁ website, www.muraecuestre.co, minors will be subject to the following conditions and restrictions:

  • Consult with your parents or legal guardians about whether or not it is appropriate to browse the Website.
  • That they are registered by parents or legal guardians to register as users, or that they are authorized by them.
  • Certify that the father has given his authorization for this purpose.
  1. TRANSMISSION AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES

MURÁ may transmit or transfer the Personal Data collected to third parties and allied companies, located in Colombia or abroad, for the exercise of any of the purposes described above. In any case, MURÁ will adopt the legal and technological measures to guarantee the security and confidentiality of the Personal Data, and will require those in charge of the Processing to comply with the duties established in article 18 of Law 1581 of 2012.

For the Transfer of Personal Data of the Holders, MURÁ will take the necessary measures so that third parties are aware of and agree to observe this Policy, with the understanding that the personal information they receive may only be used for matters directly related to MURÁ and the allied companies or the purposes expressly authorized by the Holder, and only while this authorization is in force. It may not be used or intended for different purposes or ends. Confidentiality agreements will also be entered into and Responsible Person in Charge obligations will be established when the type of delivery so warrants.

  1. USE OF COOKIES

MURÁ may use cookies to improve its platform or websites and the browsing experience; and to adapt the advertising and content that the Owner displays. The Owner may modify its preferences regarding the use of cookies, but some cookie restrictions imply not being able to take full advantage of the benefits available on the platforms or websites.

The information collected through cookies is encrypted and will not be used to identify and/or reveal user information. Likewise, user data such as debit or credit card numbers or other financial or credit information will not be collected.

  1. VALIDITY OF DATABASES

We will process your personal data only for the time necessary to comply with the processing and purposes authorized by you; however, we must retain personal data when required to comply with a legal or contractual obligation.

  1. VALIDITY AND MODIFICATIONS OF THE DATA PROCESSING POLICY

This Policy will take effect on February 28, 2023.