Central Aerospace S.A.S. will act as Responsible, for the collection, storage, use, processing, updating, circulation, deletion, transfer, transmission and, in general, any operation or set of operations in and on your Personal Data, understood as any information linked or that may be associated to you as Data Subject. 

 

PURPOSE

 

The purpose of this Personal Data Processing Policy (the “Policy”) is, together with the technical, human and administrative measures implemented, to guarantee the adequate compliance with the applicable Personal Data Protection Law, as well as the definition of the guidelines for the attention of queries and claims of the Personal Data Holders on which the Companies carry out any type of Processing.

 

DEFINITIONS

​

Authorization: Prior, express and informed consent of the data owner to carry out the processing. This may be written, verbal or through unequivocal conduct that allows the reasonable conclusion that the owner granted authorization.

 

Data Base: It is the organized set of Personal Data that are subject to processing, electronic or not, whatever the modality of its formation, storage, organization and access.

 

Consultation:. Request of the owner of the data or of the persons authorized by the owner or by law to know the information about him/her in databases or files.

 

Personal data: Any information linked or that can be associated to one or several determined or determinable natural persons. These data are classified as sensitive, public, private and semi-private.

 

Sensitive personal data: Information that affects the privacy of the person or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data (fingerprints, among others). For the purposes of this policy, Central Aerospace warns of the optional nature of the holder of the personal data to provide this type of information in cases in which, eventually, may be requested.

 

Public personal data: It is the data qualified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. Public are, among others, the data contained in public documents, public records, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality, those relating to the marital status of individuals, their profession or trade and their status as merchants or public servants. The personal data existing in the commercial registry of the Chambers of Commerce are public (Article 26 of the Code of Commerce). Likewise, public data are those which, by virtue of a decision of the owner or a legal mandate, are in files of free access and consultation. These data may be obtained and offered without any reservation and regardless of whether they refer to general, private or personal information.

 

Private personal data: It is data that, due to its intimate or reserved nature, is only relevant to the person who owns it. Examples: merchants' books, private documents, information extracted from the inspection of the domicile.

 

Semi-private personal data: Semi-private data is data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of persons or to society in general, such as, among others, data concerning the fulfillment or non-fulfillment of financial obligations or data relating to relations with social security entities.

 

Data Controller: Person who by himself or in association with others, decides on the database and/or the processing of the data.

 

Data Processor: Person who carries out the data processing on behalf of the Data Controller. Authorized” means Central Aerospace and all persons under the responsibility of the same, who by virtue of the authorization and the Policy have the legitimacy to submit the personal data of the Data Controller to processing. The Authorized Party includes the Entitlees. “Enabling” or being “Entitled”, is the legitimacy expressly and in writing by contract or document that takes its place, granted by Central Aerospace to third parties, in compliance with applicable law, for the processing of personal data, making such third parties in charge of the processing of personal data provided or made available.

 

Claim: Request from the data owner or persons authorized by the data owner or by law to correct, update or delete their personal data or when they notice that there is an alleged breach of the data protection regime, according to Article Art. 15 of Law 1581 of 2012.

 

Data subject: The natural person to whom the information refers.

 

Processing: Any operation or set of operations on personal data such as, among others, the collection, storage, use, circulation or deletion of that kind of information.

 

Transmission: Processing of personal data that involves the communication of such data within (national transmission) or outside Colombia (international transmission) and whose purpose is the performance of a processing operation by the processor on behalf of the data controller.

 

Transfer: The transfer of data takes place when the controller and/or processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.

Procedural requirement: The holder or assignee may only file a complaint with the Superintendence of Industry and Commerce once the consultation or complaint process has been exhausted before the data controller or data processor, according to Article 16 of Law 1581 of 2012.

 

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

​

The processing of personal data must be carried out in compliance with the general and special rules on the subject and for activities permitted by law. Consequently, the following principles apply for the purposes of this policy:

Legality principle: Data processing is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.

Principle of purpose: The processing must obey a legitimate purpose in accordance with the Constitution and the Law.

Principle of freedom: Processing may only be carried out with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves consent.

Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

Principle of transparency: The right of the owner to obtain from the data controller, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed in the processing.

Principle of restricted access and circulation: The processing is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the processing may only be carried out by persons authorized by the owner and/or by the persons provided for by law.

Principle of security: The information subject to processing by the Data Controller or Data Processor referred to in this law, must be handled with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

Principle of confidentiality: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only supply or communicate personal data when this corresponds to the development of the activities authorized in this law and under the terms of the same.

Any new project within the Organization that involves the Processing of Personal Data must be consulted with the Information Security Management, which is the person and unit in charge of the data protection function to ensure compliance with the policy and the necessary measures to maintain the confidentiality of personal data.

 

AUTHORIZATION

​

At the time of processing Personal Data, Central Aerospace will obtain the consent of the owner, which in any case must be prior, express and informed. The authorization may be obtained by any means that guarantees its reproduction. 

In the following events, authorization by the owner is not required:

• Information required by a public or administrative entity in the exercise of its legal functions or by court order.

• Data of a public nature.

• Cases of medical or health emergency.

• Processing of information authorized by law for historical, statistical or scientific purposes.

• Data related to the Civil Registry of Persons.

• In the case of the collection of Sensitive Data, the Authorization must be explicit as to the fact that the Personal Data to be processed are sensitive and the purposes of the Processing. In this case, the Data Subject is not obliged to authorize the Processing of such information.

 

En los casos en que no sea posible poner a disposición del Titular la Política de Tratamiento de Datos Central Aerospace will inform by means of a Privacy Notice to the Data Subject about the existence of the Policies and how to access it, in a timely manner and in any case no later than the time of collection of Personal Data. The Privacy Notice may be available in physical documents in the business premises, by electronic means in the non-face-to-face channels, by data message in the chat, telephone channel, among other means that may be available.

 

DATA COLLECTED

 

Natural person: first and last names, type of identification, type of identification, identification number, gender, marital status and date of birth, e-mail, financial data (bank accounts).

 

Legal entity: company name, NIT, address, telephone, cell phone, e-mail, country, city, financial data (bank accounts).

 

The validity of the database will be the reasonable and necessary time to fulfill the purposes of the treatment in each case, taking into account the provisions of Article 2.2.2.2.25.2.8. of Decree 1074 of 2015. The above, taking into account the legal and/or contractual duties that dictate the validity of the database.

 

 

RIGHTS OF THE OWNERS OF THE DATA

 

In accordance with the legal provisions in force, the rights of the holders of personal information are as follows:

• Right to know, update, rectify, consult your personal data at any time, with respect to the data that you consider partial, inaccurate, incomplete, fractioned and those that induce to error.

• The right to request at any time a proof of the authorization granted, except in those cases in which the Controller is legally released from having authorization to process the holder's data.

• Right to be informed, upon request of the owner of the data, regarding the use that has been made of them.

• Right to file before the Superintendence of Industry and Commerce the complaints that he/she considers pertinent to assert his/her right to Habeas Data.

• Right to revoke the authorization and/or request the deletion of any data when he/she considers that his/her constitutional rights and guarantees have not been respected.

• Right to access free of charge to the personal data that you have voluntarily shared with Central Aerospace.

 

GENERAL PURPOSES OF THE PROCESSING 

 

Central Aerospace will process personal data in accordance with the conditions established by the Holder, the law or public entities, through physical, automated or digital means according to the type and form of information collection.

 

Personal data may be processed by that collaborator who has authorization to do so, or those who within their functions are in charge of carrying out such activities, also, the treatment may be carried out by third parties in charge for the fulfillment and execution of the purposes authorized by the Holder.

 

If applicable, Central Aerospace may process personal information in accordance with the following purposes common to customers, candidates, collaborators, suppliers, visitors:   

• Compliance with legal, regulatory, pre-contractual, contractual, post-contractual, tax, financial and/or accounting duties.  

• Compliance with activities inherent to the corporate purpose of Central Aerospace, which are connatural to the execution of the business.

• Compliance with orders from competent authorities, whether administrative and/or judicial in nature.

• Validation of information in order to comply with the regulation of Money Laundering and Terrorist Financing by Central Aerospace or third parties contracted for this purpose.

• Disclose, Transfer and/or Transmit Personal Data nationally and internationally under the terms set forth in the applicable legislation.

• Fulfillment of the Policies provided according to the contractual and/or commercial relationship, including the Personal Data Processing Policy.

• Manage queries, requests, petitions, complaints and claims related to the owners of the information.

• Ensure physical and digital security, service improvement and experience in Central Aerospace facilities.

• Develop commercial, advertising and marketing activities, such as: consumption analysis; profiling, brand traceability; sending news, advertising, promotions, offers and benefits; customer loyalty programs; market research; generation of campaigns, newsletters, etc.

• Carry out statistical analysis, invoicing, offering and/or recognition of benefits and collections. 

• Notifying orders, deliveries or events related to the products or services purchased or contracted.

• Conduct Satisfaction Surveys.

• Perform video surveillance in order to ensure the security of the facilities and personnel.

 

DUTIES OF THE DATA CONTROLLER

​

• Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.

• Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the holder.

• Duly inform the holder about the purpose of the collection and the rights he/she has by virtue of the authorization granted.

• Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

• To process the consultations and claims formulated in the terms indicated in the present law.

• Adopt an internal manual of policies and procedures to ensure proper compliance with the law and especially for the attention of queries and claims.

• Inform upon request of the owner about the use given to their data.

• Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the owners.

• Comply with the instructions and requirements given by the superintendence of industry and commerce.

 

DUTIES OF DATA PROCESSORS

​

• Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.

• Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

• Timely update, rectify or delete data in accordance with the terms of this law.

• Update the information reported by the data controllers within five (5) business days from its receipt.

• To process the queries and claims made by the owners under the terms set forth in this law.

• Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the handling of queries and claims by the owners.

• Refrain from circulating information that is being disputed by the holder and whose blocking has been ordered by the superintendence of industry and commerce.

• Allow access to the information only to the persons who may have access to it.

• Inform the superintendence of industry and commerce when there are violations to the security codes and there are risks in the administration of the information of the owners.

• Comply with the instructions and requirements given by the superintendence of industry and commerce.

 

REQUESTS, COMPLAINTS AND CLAIMS 

​

For the purpose of receiving requests, complaints and queries related to the handling and processing of personal data, Central Aerospace has assigned the e-mail address soportetic@centralaerospace.com, to channel, study and answer them. Therefore, you may send your requests to this address, which will be treated in accordance with the provisions of Law 1581:  

Consultations: The holders or their assignees may consult the personal information of the holder that is in our database. Central Aerospace will provide them with all the information contained in the individual record that is linked to the identification of the holder. The consultation will be answered within a maximum term of ten (10) business days from the date of receipt thereof. When it is not possible to answer the consultation within such term, the interested party will be informed and the date on which the consultation will be answered will be indicated, which in no case may exceed five (5) working days following the expiration of the first term.

Claims: The holder or its assignees who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with Central Aerospace, which will be processed under the following rules:

The claim shall be formulated by means of a request addressed to Central Aerospace with the identification of the holder, the description of the facts that give rise to the claim, the address, and accompanying the documents to be asserted. If the claim is incomplete, Central Aerospace will require the interested party within five (5) days of receipt of the claim to correct the faults. After two (2) months from the date of the request, if the applicant does not submit the required information, it will be understood that the claim has been withdrawn.

Once the complete claim has been received, a legend will be included in the database stating “claim in process” and the reason for the claim, within a term no longer than two (2) business days. Such legend shall be maintained until the claim is decided.

The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party will be informed and the date on which the claim will be addressed will be indicated, which in no case may exceed eight (8) business days following the expiration of the first term.

In any case, the owner or the assignee may only file a complaint before the Superintendence of Industry and Commerce once the consultation or complaint process has been exhausted before Central Aerospace.

The area responsible for the reception and processing of complaints is the Administrative Management - systems area, technical support.

The request for deletion of information and the revocation of the authorization will not proceed when the holder has a legal or contractual duty to remain in the database.

 

DATA OF THE PERSON IN CHARGE OF THE TREATMENT

​

Company name: Central Aerospace S.A.S.

Address: Calle 26 # 103-22. Entrada 2, inteior 1, Bogota, Colombia

Email: soportetic@centralaerospace.com

Phone number: + 57 (601) 4139530

Website: https://www.centralaerospace.com/

 

QUESTIONS OR SUGGESTIONS

​

If you have any questions or queries about the process of collection, treatment and handling of your personal information, or consider that the information contained in a database should be subject to correction, updating or deletion, please send us a message to the following email account: soportetic@centralaerospace.com.

 

VALIDITY

​

Central Aerospace reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as good industry practice. In such cases, Central Aerospace will announce on this page the changes introduced reasonably in advance of their implementation.

 

This policy was modified and published on Central Aerospace websites on July 30, 2016 and is effective as of the date of publication. It was last updated on May 20, 2024.

​

​