Who are we?

Our website address is: https://amarellacafe.com.

1. OBJECTIVE

This Personal Data Protection Policy shall apply to all Databases and/or Files containing Personal Data that are subject to Processing by AMARELLA CAFÉ SAS (hereinafter referred to as, “THE COMPANY”). And aims to implement Law 1581 of 2012 and its regulatory decrees on the protection of personal data, and therefore to inform its shareholders, business partners, suppliers, customers, employees, employees, employees, contractors and, in general, any person whose Personal Data is being or will be processed by it, the mechanisms and procedures implemented by “THE COMPANY”).

2. CONTACT INFORMATION

Amarella Café SAS is located at Calle 155 a 7 g- 10 bl 14- 101 in the city of Bogotá D.C., Colombia. E-mail gerencia@amarellacafe.com, Phone +57 (1) 301 3759456 – +57 (1) 320 6650551.

POLICY

3. Definitions

Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of Personal Data.

– Privacy Notice: Verbal or written communication generated by the responsible party, addressed to the holder for the processing of his personal data, by means of which he is informed about the existence of the information processing policies that will be applicable to him, the way to access them and the purposes of the processing that is intended to be given to the personal data.

– Data Base: Organized set of Personal Data that is subject to Processing.

– Clients: Natural or legal person, public or private, with whom THE COMPANY has a business relationship. It includes stores, restaurants, distributors, importers, supermarkets, mini markets, among others.

Consumers: Natural person who consumes the goods produced by THE COMPANY.

Personal Data: Any information linked or that can be associated to one or several determined or determinable natural persons. Some examples of personal data are the following: name, citizenship card, telephone, address, e-mail, telephone number, assets, financial statements, etc.

Sensitive data: Sensitive data is understood as data that affects the privacy of the
The data subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.

Data Processor: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of Personal Data on behalf of the Data Controller. In the events in which the Controller does not act as Data Controller of the Database, it shall be expressly identified who will be the Data Controller.

Data Controller: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller.

Terms and Conditions: general framework in which the conditions for participants in promotional or related activities are established.

Data Subject: Natural person whose Personal Data is the object of Processing.

Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.

Transmission: Processing of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia when the purpose is the performance of a Processing by the Processor on behalf of the Controller.

Processing: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.

4. Principles Applicable to the Processing of Personal Data

For the Processing of Personal Data, THE COMPANY will apply the principles mentioned below, which constitute the rules to be followed in the collection, handling, use, processing, storage and exchange of personal data:

Legality: The processing of personal data will be carried out in accordance with the applicable legal provisions (Statutory Law 1581 of 2012 and its regulatory decrees).

Purpose: The personal data collected will be used for the following purposes
The data subject must be informed of the specific and explicit information that must be provided to the Data Subject or permitted by law. The Data Subject will be clearly, sufficiently and previously informed about the purpose of the information provided.

Freedom: The collection of Personal Data may only be exercised with the prior, express and informed authorization of the Data Subject.

Truthfulness or Quality: The information subject to the Processing of Personal Data must be truthful, complete, accurate, updated, verifiable and understandable.

Transparency: In the Processing of Personal Data, the right of the Data Subject to obtain at any time and without restrictions, information about the existence of data concerning him/her is guaranteed.

Restricted access and circulation: The processing of personal data may only be carried out by persons authorized by the Holder and/or by the persons provided for in the Law.

Security: Personal Data subject to Processing will be handled adopting all the necessary security measures to avoid its loss, adulteration, consultation, use or unauthorized or fraudulent access.

Confidentiality: All employees working at THE COMPANY are obliged to keep confidential all personal information to which they have access in the course of their work at THE COMPANY.

5. Processing and Purposes to which the Personal Data processed by THE COMPANY will be submitted

THE COMPANY, acting in its capacity as Controller of Personal Data, for the proper development of its commercial activities, as well as for the strengthening of its relationships with third parties, collects, stores, uses, circulates and deletes Personal Data corresponding to natural persons with whom it has or has had a relationship, such as, without the enumeration meaning limitation, workers and their relatives, shareholders, consumers, customers, distributors, suppliers, creditors and debtors, for the following purposes or purposes: 5.1. General purposes for the processing of Personal Data

– To allow the participation of Registrants in marketing and promotional activities (including participation in contests, raffles and sweepstakes) conducted by THE COMPANY;

– Evaluate service quality, conduct market research on consumption habits and statistical analysis for internal use;

– To respond to queries, petitions, complaints and claims made by the Data Controllers and control bodies and to transmit the Personal Data to other authorities that by virtue of the applicable law must receive the Personal Data;

– To eventually contact, via e-mail, or by any other means, natural persons with whom it has or has had a relationship, such as, but not limited to, employees and their relatives, shareholders, consumers, customers, clients, distributors, suppliers, creditors and debtors, for the aforementioned purposes.

– Transfer the information collected to different areas of THE COMPANY and its related companies in Colombia and abroad when necessary for the development of its operations (portfolio collection and administrative collections, treasury, accounting, among others);

– For the attention of judicial or administrative requirements and compliance with judicial or legal mandates;

– Any other activity of a similar nature to those described above that are necessary to carry out the corporate purpose of THE COMPANY.

5.2. In relation to the personal data of our Clients and Consumers:

– To fulfill the obligations contracted by THE COMPANY with its Clients and Consumers at the moment of acquiring our products;

– Send information about changes in the conditions of the products offered by THE COMPANY;

– Send information about offers related to our products offered by THE COMPANY and its related companies;

– To strengthen the relationship with its Consumers and Customers, by sending relevant information, taking orders and evaluating the quality of service;

– For the determination of outstanding obligations, the consultation of financial information and credit history and the report to information centers of unfulfilled obligations, with respect to its debtors;

– To improve, promote and develop its products in Colombia and abroad.

– To train salesmen and agents in basic aspects of commercial management of the products offered by THE COMPANY;

– Allow companies related to THE COMPANY, with which it has entered into contracts that include provisions to ensure the security and proper treatment of personal data processed, to contact the Data Subject for the purpose of offering goods or services of interest to him/her;

– Use the various services through THE COMPANY’s websites, including content downloads and formats;

5.3. Regarding the personal data of our employees:

– To make the necessary payments derived from the execution of the employment contract and/or its termination, and other social benefits in accordance with applicable law.

5.4. Regarding Supplier Data:
– To invite them to participate in selection processes and events organized or sponsored by THE COMPANY;

– For the evaluation of the fulfillment of its obligations;

– To register in the COMPANY’s systems;

– To process your payments and verify outstanding balances;

5.5. Regarding the personal data of our shareholders:

– For the recognition, protection and exercise of the rights of the shareholders of LA
COMPANY;

6. Rights of Personal Data Subjects

The natural persons whose Personal Data are processed by the following companies
THE COMPANY, have the following rights, which can be exercised at any time
moment:

6.1 To know the Personal Data on which THE COMPANY is processing, request updates or rectifications of their data.


6.2 Request proof of the authorization granted to THE COMPANY for the Processing of your Personal Data.


6.3 File complaints before the Superintendence of Industry and Commerce for violations to the provisions of the Personal Data Protection Law.


6.4 Request to THE COMPANY the deletion of your Personal Data and/or revoke the authorization granted for the Processing thereof, by filing a complaint, in accordance with the procedures set forth in paragraph 13 of this Policy. However, the request for deletion of the information and the revocation of the authorization will not proceed when the Data Subject has a legal or contractual duty to remain in the Database and/or Files, nor while the relationship between the Data Subject and the COMPANY, by virtue of which the data was collected, is still in force.

6.5 Access free of charge to your Personal Data that has been subject to Processing.


The rights of the Holders may be exercised by the following persons:

– By the Holder by a proxy representative

7. Duties of THE COMPANY as Responsible for the Processing of Personal Data

THE COMPANY is aware that Personal Data is the property of the persons to whom it refers and only they can decide about it. In this sense, THE COMPANY will use the Personal Data collected only for the purposes for which it is duly authorized and respecting, in any case, the current regulations on the Protection of Personal Data. THE COMPANY will comply with the duties foreseen for the Data Controllers, contained in article 17 of Law 1581 of 2012 and the other rules that regulate, modify or replace it.

8. Area Responsible for the Implementation and Enforcement of this Policy

The management area is responsible for the development, implementation, training and enforcement of this Policy.

9. Authorization

THE COMPANY will request prior, express and informed authorization from the Data Controllers of the Personal Data on which the Processing is required. This manifestation of the Registrant’s will may be given through different mechanisms made available by THE COMPANY, such as:
– In writing, by filling out an authorization form for the Processing of Personal Data determined by THE COMPANY.
– Orally, through a telephone conversation or videoconference.

10. Special Provisions for the Processing of Personal Data.

10.1 Processing of Personal Data of a Sensitive Nature The Processing of Personal Data of a sensitive nature is prohibited by law, except with the express, prior and informed authorization of the Data Subject, among other exceptions set forth in Article 6 of Law 1581 of 2012. In this case, in addition to complying with the requirements established for authorization, THE COMPANY will inform the Registrant:

– That because it is sensitive data is not obliged to authorize its processing.

– Which of the data to be processed are sensitive and the purpose of the processing. Additionally, THE COMPANY will treat the sensitive data collected under security and confidentiality standards corresponding to its nature.

10.2 Processing of Personal Data of Children and Adolescents According to the provisions of Article 7 of Law 1581 of 2012 and Article 12 of Decree 1377 of 2013, THE COMPANY will only carry out the Processing, corresponding to children and adolescents, provided that this Processing responds to and respects the best interests of children and adolescents and ensures respect for their fundamental rights.

Once the above requirements have been met, THE COMPANY must obtain the authorization of the legal representative of the child or adolescent, after the minor has exercised his or her right to be heard, an opinion that will be assessed taking into account the maturity, autonomy and capacity to understand the matter.

11. Procedure for Attention and Response to Petitions, Inquiries, Complaints and Claims from Personal Data Owners

The Holders of Personal Data processed by THE COMPANY have the right to access their Personal Data and the details of such Processing, as well as to rectify and update them in case they are inaccurate or to request their deletion when they consider them to be excessive or unnecessary to the following contact details:

– Communication addressed to Amarella Café SAS, Calle 155ª 7g- 10 Bogotá D.C. Colombia.

– Request submitted to e-mail: gerencia@amarellacafe.com

These channels may be used by Data Controllers, or third parties authorized by law to act on their behalf, in order to exercise the following rights:

11.1 Procedure for requests and consultations (i) The Data Subject may consult his or her personal data at any time. To this end, you may submit a request indicating the information you wish to know, through any of the mechanisms indicated above.

(ii) The Holder or its assignees must prove their identity, that of their representative, the representation. When the request is made by a person other than the Holder and it is not accredited that such person is acting on behalf of the Holder, it shall be deemed not to have been filed.


(iii) The consultation and/or petition must contain at least the name and contact address of the Data Subject or any other means to receive the response, as well as a clear and precise description of the personal data with respect to which the Data Subject seeks to exercise the right of consultation and/or petition.

(iv) If the consultation and/or request made by the Data Subject is incomplete, THE COMPANY will require the data subject within five (5) days following the receipt of the consultation and/or request to correct the faults. If two (2) months have elapsed from the date of the request without the applicant submitting the required information, it shall be understood that he/she has withdrawn his/her request.

(v) The requests and/or consultations will be answered by THE COMPANY within a maximum term of eight (8) business days from the date of receipt thereof. When it is not possible to attend the request or consultation within said term, the applicant shall be informed of this fact, stating the reasons for the delay and indicating the date on which the request or consultation will be attended, which in no case may exceed five (5) working days following the expiration of the first term.

11.2 Procedure for complaints and claims In accordance with the provisions of Article 14 of Law 1581 of 2012, when the Data Subject or his/her assignees consider that the information processed by THE COMPANY should be corrected, updated or deleted, or when it should be revoked due to an alleged breach of any of the duties contained in the Law, they may submit a request which must be processed under the following rules:

(i) The Holder or its assignees must prove their identity, that of their representative, the representation or stipulation in favor of another or for another. When the request is made by a person other than the Holder and it is not accredited that such person is acting on behalf of the Holder, it shall be deemed not to have been filed.

(ii) The request for rectification, update, deletion or revocation must be submitted through the means enabled by THE COMPANY indicated in this document and contain, at least, the following information:

– The name and address of the Holder or any other means to receive the response.

– Documents proving the identity of the applicant and, if applicable, that of his representative with the respective authorization.

– The clear and precise description of the personal data with respect to which the Data Subject seeks to exercise any of the rights and the specific request.

(iii) If the request is incomplete, THE COMPANY shall require the interested party within five (5) days of its receipt to correct the faults. If two (2) months have elapsed from the date of the request without the applicant submitting the required information, it shall be understood that he/she has withdrawn his/her request.

(iv) In the event that whoever receives the request is not competent to resolve it, he/she shall transfer it to the legal area of “THE COMPANY” within a maximum term of two (2) business days and shall inform the interested party of the situation.


(v) Once the request has been received, a legend will be included in the Data Base stating “claim in process” and the reason for the claim, within a term no longer than two (2) business days. This legend shall be maintained until it is decided.


(vi) The maximum term to respond to this request shall be fifteen (15) business days from the day following the date of its receipt. When it is not possible to respond within said term, the interested party will be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

12. Passively Obtained Information

When using the services contained within the COMPANY’s websites, the COMPANY may passively collect information through information management technologies, such as “cookies”, through which information is collected about the hardware and software of the equipment, IP address, browser type, operating system, domain name, access time and the addresses of the websites of origin; through the use of these tools, no Personal Data of the users is collected directly. Information about the pages that the individual visits most frequently on these websites will also be collected in order to learn about the individual’s browsing habits. However, the user of THE COMPANY’s websites has the ability to configure the operation of cookies, according to the options of your Internet browser.

13. Personal Data Security

THE COMPANY has the necessary technical, human and security measures in place to maintain the reasonable confidentiality and security of Personal Data, in order to avoid the adulteration, modification, consultation, elimination, and fraudulent use and access of Personal Data by unauthorized persons. THE COMPANY. It shall adjust the Processing of Personal Data to the security standards that may be regulated in the future by the competent authorities.

14 Modifications:

This Policy shall be in force as of its publication and may be modified by THE COMPANY, and shall be part of the contracts entered into by THE COMPANY where applicable. Any substantial modification of this Policy will be previously communicated to the Holders by means of efficient mechanisms, such as the web page. and/or e-mails from THE COMPANY.

15. Transfer, Transmission and Disclosure of Personal Data

THE COMPANY may disclose to its related companies worldwide, the Personal Data on which it carries out the Processing, for its use and Processing in accordance with this Personal Data Protection Policy. Likewise, THE COMPANY may provide Personal Data to third parties not related to THE COMPANY when:

– In the case of contractors in the execution of contracts for the development of the activities of THE COMPANY; – By transfer in any title of any line of business to which the information relates. In any case, when THE COMPANY wishes to send or transmit data to one or more Data Processors located within or outside the territory of the Republic of Colombia, it shall establish contractual clauses or enter into a contract for the transmission of personal data in which, among others, the following is agreed:


(i) The scope and purposes of the processing.


(ii) The activities to be carried out on behalf of THE COMPANY.

(iii) The obligations to be fulfilled by the Data Processor with respect to the Data Subject and THE COMPANY.

(iv) The duty of the Data Processor to process the data in accordance with the authorized purpose and observing the principles established in the Colombian Law and the present policy.

(v) The obligation of the Processor to adequately protect personal data and databases as well as to maintain confidentiality with respect to the processing of the data transmitted. THE COMPANY will not request authorization when the international transfer of data is covered by any of the exceptions provided for in the Law and its Regulatory Decrees.

16. Applicable Legislation

This Personal Data Protection Policy, the Privacy Notice, and the Authorization Format Annex that is part of this Policy, are governed by the provisions of current legislation on the protection of Personal Data referred to in Article 15 of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013, Decree 1727 of 2009 and other regulations that modify, repeal or replace them.

17. Validity

This Personal Data Protection Policy is effective as of November 7, 2018.
The company’s Personal Data Bases will be in force for the period of conservation required by the applicable Law, or for the time required in a particular contract, or for the period of time necessary to carry out the respective treatment in accordance with the purpose for which the personal data were collected, provided that such period is not less than the period of conservation of the information required by law or by the applicable contract, if applicable.

Let us know how we can help you!

Click here

Contact us at

Linkedin Instagram Facebook
United States
2800 Shamrock
ave suite 112
Fort Worth, Texas

Charlie@cosechadelsur.com
+1 8172356724

Colombia
Cra 42 # 54A – 71
Espacio Sur Wineries
Itagüí, Antioquia
contacto@amarellacafe.com
+57 324 5786118

@Amarellacafé 2024 | Made with love by Somos Gente Digital | Data Processing Policy

×