In compliance with the provisions of the Political Constitution of Colombia Articles 15 and 20, which enshrine the fundamental right to habeas data; Statutory Law 1581 of 2012, Regulatory Decree 1377 of 2013, Decree 886 of 2014, Single Regulatory Decree 1074 of 2015 and other regulations that modify, repeal or replace them. BIS CONTACT CENTER – BIS S.A.S., adopts this Data Processing Policy, which will be informed to all owners of the data collected or that in the future will be obtained in the exercise of personal, commercial and work activities.

 

In this way, BIS CONTACT CENTER – BIS S.A.S., states that it guarantees the Constitutional Right of all people to know, update, rectify, delete and revoke the authorization regarding the information that has been collected about them in the company’s databases and has been compiled for the purposes provided for in the Law and the respective authorizations.  which have been processed in accordance with the provisions of the national personal data protection regime.

 

In addition, it guarantees the rights to privacy, intimacy, and good name, in the processing of data in general and consequently all its actions will be governed by the principles of legality, purpose, freedom, veracity or quality, transparency, access and restricted circulation, security and confidentiality.

 

This Policy describes the information we process to support BIS CONTACT CENTER – BIS S.A.S., as well as other products we offer and functions we perform. 

1. IDENTIFICATION OF THE RESPONSIBLE PARTY

• NAME OF THE COMPANY:  BIS CONTACT CENTER – BIS S.A.S., a company identified with NIT. No. 901379017-0, its main purpose is to design, develop and implement integrated outsourcing services strategies (OUTSOURCING) for the improvement of the educational processes of the human capital of the business, organizational and institutional sectors of both public and private sector entities at the national and international level. from areas such as education, health, industry, infrastructure, technology, environment, agribusiness, mining-energy, and multilateral and regional entities. On the other hand, it offers outsourcing services such as Contact Center, Call Center, Data Center and internet connectivity to companies in the public or private sector as a strategy for their competitive development. Likewise, it will carry out activities of leasing commercial or industrial facilities, development of Coworking activities and the sale of prepared meals in cafeterias.

The company may carry out, in general, all operations, of whatever nature they may be, related to the aforementioned purpose, as well as similar, related or complementary activities or that facilitate or develop the company’s trade or industry and may carry out any other lawful economic activity both in Colombia and abroad.

The value proposition of BIS CONTACT CENTER – BIS S.A.S., is the provision of services aimed at excellence and the recognition of our clients, making us a transversal support to their mission processes. 

In addition, our value proposition revolves around the provision of services aimed at excellence and the recognition of our clients.

We support our operation with state-of-the-art technological tools, highly qualified human resources and innovation.

• ADDRESS: Cra. 1 # 12 – 118, Barrio Bocagrande, Plaza Bocagrande Shopping Center. 
• WEBSITE: 
• EMAIL: mcarmona@biscc.com.co
• TELEPHONE: 605 6411320.

 

2. SCOPE

This Personal Data Treatment and Protection Policy will apply to all areas of the company BIS CONTACT CENTER – BIS S.A.S., with respect to personal data or any other type of information that is deposited in the databases and/or files that include data, based on the parameters established for collection.  storage, use, circulation, modification, updating, deletion, processing, exchange, transfer and/or transmission of personal data of the Data Subjects.

In view of the above, to provide due protection to the interests and needs of the owners of the Personal Information processed by BIS CONTACT CENTER – BIS S.A.S.

 

3. DEFINITIONS

 

For the purposes of this policy and in accordance with current regulations on the protection of personal data, the following definitions will be taken into account: 

 

Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data. 

Privacy Notice: Verbal or written communication generated by the responsible party, addressed to the owner for the processing of their personal data, through which they are informed about the existence of the information processing policies that will be applicable to them, the way to access them and the purposes of the treatment that is intended to be given to the personal data. 

Database: Organized set of personal data that is subject to Processing. 

Personal data: Any information linked to or that can be associated with one or more specific or determinable natural persons. 

Semi-private data: Semi-private data is data that is not intimate, reserved, or public in nature and whose knowledge and disclosure may be of interest not only to its owner but also to a certain sector or group of people, or to society in general, such as financial and credit data. 

Private data: It is the data that, due to its intimate or reserved nature, is only relevant to the owner. 

Sensitive data: Those data that affect the privacy of the Owner or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social or human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties,  as well as data relating to health, sex orientation and biometric data. 

Processing: Refers to any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion. 

Data Processor: Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of personal data on behalf of the Data Controller. 

Data Controller: Natural or legal person, public or private, who by itself or in association with others, decides on the data database and/or the Processing of these. 

Owner: Natural person whose personal data is subject to Processing. 

Information: Refers to an organized set of data contained in any document that the data controllers and/or processors generate, obtain, acquire, transform or control. 

Personal Information: Any data linked to or that can be associated with one or more specific or determinable natural persons.

Public information: It is all information that the controller and/or data processor generates, obtains, acquires, or controls in its capacity as such. 

Classified public information: It is information that, being in the possession of a responsible subject in his or her capacity as such, belongs to the own, private or semi-private sphere of a natural or legal person, so that access to it may be denied or excepted, provided that it is a matter of the legitimate and necessary circumstances and the particular or private rights enshrined in the law. 

Reserved public information: It is information that, being in the possession of a responsible subject in its capacity as such, is exempt from access to the public due to damage to public interests. 

Archival Document: It is the record of information produced or received by a public or private entity due to its activities or functions. 

Open data: All primary or raw data, which are in standard and interoperable formats that facilitate access and reuse, which are in the custody of public or private entities that fulfill public functions and are made available to any citizen, freely and without restrictions.  so that third parties can reuse them and create services derived from them.

Information Legend or Privacy Notice: Verbal or written communication generated by the responsible party, addressed to the Owner, for the Processing of their Personal Data, through which they inform the Owner of the purposes of the Processing that is intended to be given to the personal data, mainly sensitive data, and who will be in charge of carrying it out.

 

4. PRINCIPLES

In order to guarantee the protection of personal data, BIS CONTACT CENTER – BIS S.A.S., will apply in a harmonious and comprehensive manner the following principles, in light of Colombian legislation of which the treatment, transfer and transmission of personal data must be carried out. 

Principle of legality: The processing of personal data is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.

Principle of freedom: The collection, use and processing of personal data may only be exercised with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent. 

Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable and understandable. The processing of partial, incomplete, fragmented or misleading data is prohibited. 

Principle of transparency: In the collection, use and processing of personal data, the right of the owner to obtain from the controller or the processor, at any time and without restrictions, information about the existence of data concerning him/her must be guaranteed. 

Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the owners or third parties authorized by law. 

Principle of security: Personal data and information subject to public processing will be subject to protection and must be handled with the technical, human and administrative measures and resources that are necessary to provide security to the records, as well as with the adoption of technological protection tools, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. 

Principle of confidentiality: All persons involved in the collection, use and processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks included in the processing has ended.

Principle of facilitation: Data controllers must facilitate the exercise of the right of access to information, excluding demands or requirements that may obstruct or impede it. 

Principle of non-discrimination. According to which the data controller must deliver information to all persons who request it, under equal conditions, without making arbitrary distinctions. 

Principle of free of charge: According to which, access to information is free and no additional values may be charged to the cost of reproducing the information. 

Principle of celerity: This principle seeks agility in the administrative procedure and management.

Principle of restricted access and circulation: The collection, use and processing of data may only be carried out by persons authorised by the owner and/or by the persons provided for in the Law and other regulations that develop it.

 

These may be exercised by:

1. The owner, who must prove his identity in a sufficient way by the different means made available by BIS CONTACT CENTER – BIS S.A.S.
2. The successors of the holder, who must prove such status. 
3. Representative and/or representative of the holder, after accreditation of the representation or power of attorney. 
4. Other in favor or for which the holder has stipulated.

 

5. DUTIES OF BIS CONTACT CENTER – BIS S.A.S. AS DATA CONTROLLER AND PROCESSOR

 

BIS CONTACT CENTER – BIS S.A.S., recognizes the ownership of the data held by people and consequently they can exclusively decide on them. Therefore, BIS CONTACT CENTER – BIS S.A.S., will use the data for the fulfillment of the purposes expressly authorized by the owner or by the regulations in force. 

 

In the processing and protection of personal data, BIS CONTACT CENTER – BIS S.A.S., will have the following duties, without prejudice to others provided for in the provisions that regulate or come to regulate this matter: 

1. 1. Guarantee to the holder, at all times, the full and effective exercise of the right of habeas data.
   2. Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Owner.
   3. Duly inform the Owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted.
   4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
   5. Ensure that the information provided is truthful, complete, accurate, up-to-date, verifiable and understandable.

• Update the information of all the news with respect to the data that has previously been provided to it and adopt the other measures necessary to ensure that the information provided to it is kept up to date.

• Rectify information when it is incorrect and communicate what is pertinent.

• Provide, as the case may be, only data whose processing is previously authorised in accordance with the provisions of the law.

• Demand respect for the security and privacy conditions of the Owner’s information.

• To process the queries and claims formulated in the terms indicated in Statutory Law 1581 of 2012.

• Adopt an internal manual of policies and procedures to ensure adequate compliance with the law and, in particular, for the attention of queries and complaints.

1. Inform, at the request of the owner, about the use given to their data.
2. Comply with the requirements and instructions given by the Superintendence of Industry and Commerce on the particular subject.
3. Ensure the appropriate use of the personal data of children and adolescents, in those cases in which the processing of their data is authorized.
4. Refrain from circulating information that is being disputed by the owner and whose blocking has been ordered by the Superintendence of Industry and Commerce.
5. Use the owner’s personal data only for those purposes for which he/she is duly authorized and respecting in all cases the regulations in force 

on the protection of personal data. 

 

6. RIGHTS OF DATA SUBJECTS 

 

Owners of personal data have the following rights, as well as those granted by law:

1. Know, update and rectify your personal data before the data controller or Data Processors. This right may be exercised, among others, in the face of partial, inaccurate, incomplete, fragmented, misleading data, or data whose processing is expressly prohibited or has not been authorized.
2. Request proof of the authorization granted to the data controller, except when expressly exempted as a requirement for the processing.
3. Carry out the timely updating, rectification or deletion of the data in the terms of Law 1581 of 2012 and other concordant and current regulations.
4. To process the queries and claims made by the Holders in the terms indicated in this policy.
5. To be informed by the Data Controller or the Data Processor, upon request, regarding the use made of their personal data.
6. To file complaints with the Superintendence of Industry and Commerce for violations of the provisions of the law and other regulations that modify, add or complement it.
7. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
8. Revoke the authorization and/or request the deletion of the data when the constitutional and legal principles, rights and guarantees are not respected in the processing. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the processing the responsible or Processor has engaged in conduct contrary to the law and the Constitution.
9. To have free access to your personal data that has been processed.

 

7. SPECIAL CATEGORIES OF DATA 

SENSITIVE DATA

 Sensitive data is understood to be data that affects the privacy of the Owner or whose improper use may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social or human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as data relating to the health, sex orientation and biometric data. 

 

PROCESSING OF SENSITIVE DATA 

The Processing of sensitive data is prohibited, except when:

1. a) The Owner has given its explicit authorization to such Processing, except in cases where the granting of such authorization is not required by law. 
2. b) The Processing is necessary to safeguard the vital interest of the Owner and the Owner is physically or legally incapacitated. In these events, the legal representatives must grant their authorization. 
3. c) The Processing refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process. 
4. d) The Processing has a historical, statistical or scientific purpose. In this event, measures must be adopted to suppress the identity of the Holders.

SPECIAL AUTHORIZATION OF SENSITIVE PERSONAL DATA 

BIS CONTACT CENTER – BIS S.A.S., will inform all its owners through the various means of obtaining authorization, that by virtue of Law 1581 of 2012 and regulatory standards, they are not obliged to grant authorization for the processing of sensitive data. In the case of processing of health-related data, the necessary measures will be implemented to protect confidentiality of the information. The biometric sensitive data processed is intended for the identification of people, security, compliance with legal obligations and the adequate provision of products.

RIGHTS OF CHILDREN AND ADOLESCENTS

In the processing of personal data by BIS CONTACT CENTER – BIS S.A.S., respect for the prevailing rights of children and adolescents will be ensured, therefore, the processing of personal data of children and adolescents is prohibited, except for those data that are of a public nature, authorized by current legal regulations and when such processing complies with the following parameters and requirements: 

1. That responds to and respects the best interests of children and adolescents.
2. That their fundamental rights are respected.

Once the above requirements have been met, the legal representative of the child or adolescent shall grant authorization to BIS CONTACT CENTER – BIS S.A.S., after the minor has exercised his or her right to be heard, an opinion that shall be assessed taking into account the maturity, autonomy and capacity to understand the matter.

8. WHAT KIND OF INFORMATION DO WE COLLECT?

We process the information of users and/or customers, in order to provide the Products and Services of BIS CONTACT CENTER – BIS S.A.S., The type of information we collect depends on the way in which the user and/or customer uses our Products or has a relationship with us.  

 

9. 9. PROCESSING OF PERSONAL DATA

PURPOSE

All members of the company, when carrying out the activities of their position, will assume the responsibilities and obligations that they have in the proper handling of personal information, from its collection, storage, use, circulation and until its final disposal.

The personal data of our customers, suppliers, staff and their families, which are stored on the servers will be used to:

• Compliance with the purposes expressly authorized by the owner or by the regulations in force.
• To control requests related to the services provided by BIS CONTACT CENTER – BIS S.A.S.
• To forward the responses to the queries and petition rights to the petitioners.
• To prepare studies, statistics, surveys, trend analysis, related to the services provided by BIS CONTACT CENTER – BIS S.A.S.
• Evaluate the quality of the services provided.
• To have the updated and real information of our personnel and third parties who may have relations with the company, in order to identify them and comply with the contractual and legal obligations of both parties, such as sending notifications, and contact information in general, especially in case of emergencies.
• Ensure the health of employees as an active part of their improvement process; in this sense, a strictly confidential record may be kept on the information that is known about the health status of people in order to carry out the follow-up recommended by the Occupational Health and Safety area and other professionals involved, and of which, access will be restricted or limited to certain personnel that the company has designated as Data Processor.
• In case of biometric data captured through video surveillance or recording systems

Their processing will be for the purpose of identification, security and the prevention of internal and external fraud. 

• Manage the financial operations of BIS CONTACT CENTER – BIS S.A.S., including payments, issuance of income and withholding certificates for both individuals and entities, and overseeing payment relationships.

• Manage the company’s accounting process.
• Issue the requested contractual certifications.
• Contact Center and Telemarketing Services. 
• Provide information to customers and providers of new services offered or any changes that are of mutual interest.
• Send invoices and manage collections.
• Inform about changes in our portfolio of services and updates.
• Comply with laws such as, among others, labor law, social security, pensions, professional risks, family compensation funds (Comprehensive Social Security System) and taxes.
• Comply with the instructions of the competent judicial and administrative authorities.
• Carry out the pertinent procedures for the development of the pre-contractual, contractual and post-contractual stage with BIS CONTACT CENTER – BIS S.A.S.
• To manage procedures (requests, complaints, claims), to carry out satisfaction surveys regarding the goods and services of BIS CONTACT CENTER – BIS S.A.S., or related companies, as well as to the commercial allies of BIS CONTACT CENTER – BIS S.A.S.
• Transfer or transmit personal data to companies affiliated with BIS CONTACT CENTER – BIS S.A.S., in their capacity as processors or to third parties authorized by virtue of a contract.

INFORMATION STORAGE 

The storage of digital and physical information is carried out in media or environments that have adequate controls for data protection. This involves physical and computer security, technological and environmental controls in restricted areas, in own facilities and/or computer centers or document centers managed by third parties.

DESTRUCTION 

The destruction of physical and electronic media is carried out through mechanisms that do not allow their reconstruction. It is carried out only in cases in which it does not constitute a disregard of any legal norm, always leaving the respective traceability of the action. Destruction includes information held by third parties as well as in own facilities.

10. WHAT YOU AND OTHERS DO AND PROVIDE

Information and content you provide to us: We collect the content, communications, and other data you provide when you use our products, share your information system, or databases; general information about the current or legal person or potential customer, including that contained in the Certificates of Existence and Legal Representation issued by the Chambers of Commerce or the entity acting in their place; information about legal representatives principals and alternates, if the current or potential client is a legal entity; commercial references; bank references. For example, when users and/or customers contact BIS CONTACT CENTER – BIS S.A.S., they share content and information, which is managed by BIS CONTACT CENTER – BIS S.A.S., in order to meet the needs of users and/or customers. 

Data with special protections: You may provide information to our database relating to your political ideologies, racial or ethnic origin, philosophical or religious beliefs, trade union membership, sex orientation, biometric data, your interests or aspects related to your health. The processing of personal data of a sensitive nature is subject to special protections under the law, unless there is express, prior and informed authorization from the owner, among other exceptions enshrined in Law 1581 of 2012.

In the above case, BIS CONTACT CENTER – BIS S.A.S., will inform the owner that as they are sensitive data, they are not obliged to authorize their processing, and, in addition, the owner will be informed which of the data will be subject to sensitive processing and the purpose of this. 

Your Use: We collect information about how you use our Products, such as the media conversations you have with our staff in the course of personal, work, and business activities; the types of content you view or interact with; the features you use; the actions you take; the time; frequency, and duration of your activities. 

Information about transactions carried out with us and in our Products: when we enter into business or employment relationships with our customers, suppliers and/or employees, we collect financial information, such as, for example, account numbers, names of account holders, financial institution to which the accounts belong, bank certifications, and among other related information. 

In addition, if you use our products to make financial transactions (for example, when you make a payment), we collect information about that purchase or transaction. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping, and contact details.

11. AUTHORIZATION AND CONSENT OF THE OWNER 

BIS CONTACT CENTER – BIS S.A.S., requires the free, prior, express and informed consent of the owner of the personal data for the treatment, storage, circulation, deletion and use of these, therefore, we implement the means required to obtain the authorization of the owners which may be subject to subsequent consultation.

Except in the cases expressly authorized by law, namely: 

1. Information required by a public or administrative entity in the exercise of its legal functions or by court order. 
2. Data of a public nature. 
3. Cases of medical or health emergency. 
4. Processing of information authorized by law for historical, statistical or scientific purposes. 
5. Data related to the Civil Registry of Persons. 

Whoever accesses personal data without prior authorization must in any case comply with the provisions contained in Law 1581 of 2012 and other concordant and current regulations.

PERSONS TO WHOM THE INFORMATION MAY BE PROVIDED 

Information that meets the conditions established in the Law may be provided to the following persons: 

1. a) To the Holders, their successors or their legal representatives. 
2. b) To public or administrative entities in the exercise of their legal functions or by court order.
3. c) To third parties authorized by the Owner or by the Law.
4. PROCEDURE FOR REQUESTING PERSONAL DATA FROM USERS 

BIS CONTACT CENTER – BIS S.A.S., will inform users in advance of the personal data that is required and the reason for requesting the information. The data to request from users may include all or some of the following: full name, date of birth, age, sex, address, telephone number, email, treating physician, medical history when applicable, health data. The data to be requested from business customers and suppliers may include some of the following: name or company name, address, telephone, email, name of the business contact, name of the legal representative, information relevant to contractual terms, billing information. In written or digital form through the formats and texts that are established. 

13. INTERNATIONAL TRANSFER AND TRANSMISSION

International data transfer consists of the delivery of data by the Data Controller or the Data Processor to a recipient located abroad; who is also the Data Controller; BIS CONTACT CENTER – BIS S.A.S., in its capacity as Data Controller and/or Data Processor, must verify, in the event of proceeding with a transfer, that the data are transferred to a recipient whose jurisdiction has, after seeking the standard in a reasonable manner or by general knowledge, data protection regulations and that the data effectively has a security guarantee.

International data transmission, on the other hand, occurs when the purpose of the communication of the data is to allow the processing entrusted to the Data Processor on behalf of the Data Controller; for these purposes, it will not be necessary to have the authorization of the owner of the data as long as there is a Transmission Contract between the responsible party and the person in charge; the latter being obliged to comply with the data protection policy that the controller implements.

 

14. PASSIVELY OBTAINED INFORMATION

When accessing or using the services contained within the websites of BIS CONTACT CENTER – BIS S.A.S., it may passively collect information through information management technologies, such as “Cookies”, through which information about the hardware and software of the equipment is collected.  IP address, browser type, operating system, domain name, access time, and the addresses of the referring websites; through the use of these tools, no Personal Data of users is directly collected. However, the user of the BIS CONTACT CENTER – BIS S.A.S. websites have the possibility of configuring the operation of the “Cookies”, according to the options of their internet browser.

 

15. SPECIFIC POLICIES FOR THE PROCESSING OF PERSONAL DATA

Data Processing includes the collection, storage, administration, use, transfer, transmission and destruction, in the manner permitted by law and is carried out for the following specific purpose for each case: 

1. Processing of personal work data: BIS CONTACT CENTER – BIS S.A.S., collects the personal data of its Workers, which are classified by the company as reserve and will only be disclosed by it, with the express authorization of the owner or when a competent authority requests it. 

The purposes for which the personal data of the company’s employees are used will be:

 

• Comply with the obligations imposed by Colombian labor law on employers, or the orders issued by the competent Colombian authorities, such as payroll payments, payment and reports to the General Social Security System, attention to queries, petitions, requests, actions and claims.

• Comply with the obligations imposed on the company as an employer, in relation to Occupational Health and Safety standards, and the so-called Occupational Health and Safety Management System (OHS-MS).

• Manage the functions carried out by workers.

• Consult memos, employer notices, and warnings.

• Develop and implement the disciplinary process.

• Contact family members in cases of emergency.

• The others are specifically established in the authorizations that are granted by the workers.

• Invitation to participate in training sessions, integration activities, training activities, information of interest. 

 

BIS CONTACT CENTER – BIS S.A.S., STORES THE PERSONAL DATA OF ITS EMPLOYEES, INCLUDING THOSE OBTAINED IN THE COURSE OF THE SELECTION PROCESS, AND KEEPS THEM IN A FOLDER IDENTIFIED WITH THE NAME OF EACH OF THEM.

 

This folder will only have access to and will be processed by the Administrative and Legal Area, in order to manage the contractual relationship between BIS CONTACT CENTER – BIS S.A.S., and the employee.

 

• Processing of personal data of Suppliers and Contractors: BIS CONTACT CENTER – BIS S.A.S., collects the personal data of its Suppliers and Contractors and stores them in a database which, although it is mostly made up of public data, is classified by the company as reserve, and which, in the case of private data,  it will only disclose them by the company with the express authorization of the owner or when a Competent Authority requests it. 

 

The purposes for which the personal data of the BIS CONTACT CENTER – BIS S.A.S. Suppliers are used will be:

 

• Sending invitations to contract and carrying out procedures for the pre-contractual, contractual and post-contractual stages.

• Sending invitations to events scheduled by the company or its affiliates.

• Establish constant communication with the contractor and/or supplier, through the use of multiple communication channels. 

• The others specifically established in the authorizations that are granted by the suppliers themselves and those that are established internally by the company.

 

BIS CONTACT CENTER – BIS S.A.S. WILL ONLY COLLECT FROM ITS SUPPLIERS AND CONTRACTORS THE DATA THAT IS NECESSARY, PERTINENT AND NOT EXCESSIVE FOR THE PURPOSE OF SELECTION, EVALUATION AND EXECUTION OF THE CONTRACT TO WHICH IT IS APPLICABLE.

 

The collection of personal data of employees of suppliers and contractors by BIS CONTACT CENTER – BIS S.A.S., will in any case have the purpose of verifying the suitability and competence of the employees.

 

BIS CONTACT CENTER – BIS S.A.S., will store the information of suppliers and contractors for the duration of the contract entered between them and after it, as long as the supplier and/or contractor does not request the deletion of the data provided or that a competent authority orders it. 

• Processing of Clients’ personal data: BIS CONTACT CENTER – BIS S.A.S., collects the personal data of its Clients and stores them in a database which is classified by the company as reserve, and will only be disclosed with the express authorization of the owner or when a Competent Authority requests it. 

 

Personal data of BIS CONTACT CENTER – BIS S.A.S. customers will be used for the following purposes:

 

• Carrying out procedures for the pre-contractual, contractual and post-contractual stages.

• Sending invitations to events scheduled by the company. 

• Corroborate any requirement that may arise in the development of the contract entered.

• Comply with the purpose of the contract entered, including activities of shipment of goods, compliance and processing of guarantees, among others.

• Verify cases in which there is non-compliance by any of the parties.

• Loyalty in general of each customer.

• Carry out customer loyalty activities and marketing operations.

• The others specifically established in the authorizations granted by customers.

 

BIS CONTACT CENTER – BIS S.A.S., PROCESSES SENSITIVE DATA OF ITS CUSTOMERS, SUCH AS VOICE, FOR THE SOLE PURPOSE THAT THE RECORDINGS OF THE CONVERSATIONS HELD WITH THE COMPANY’S COMMERCIAL AGENTS CAN BE USED AS PROOF OF THE PURCHASE CONTRACT AND THE RESPECTIVE AUTHORIZATION OF THE PROCESSING OF PERSONAL DATA. For the purposes of this processing, the respective authorization is collected, which in any case will be express and optional, clearly indicating the sensitive data subject to processing and the purpose of the same.

 

Likewise, it will have adequate security systems for the handling of sensitive data and its reservation, with the understanding that such sensitive data will only be used by BIS CONTACT CENTER – BIS S.A.S., for the aforementioned purposes.

 

In any case, the contract or authorization entered into between BIS CONTACT CENTER – BIS S.A.S., and the client, contains a confidentiality clause. 

 

BIS CONTACT CENTER – BIS S.A.S., will store customer information for as long as the contract entered into between them is in force and after it, as long as the customer does not request the deletion of the data provided or that a competent authority orders it. 

16. PRIVACY NOTICE 

The Privacy Notice is the physical document, electronic or in any other format, made available to the owner to inform them about the processing of their personal data. Through this document, the owner is informed of the information related to the existence of the company’s information processing policies that will be applicable to him/her, the way to access them and the characteristics of the treatment that is intended to be given to the personal data. The privacy notice must contain, at least, the following information: 

1. The identity, address and contact details of the data controller. 
2. The type of processing to which the data will be subjected and the purpose of the same. 
3. The rights of the owner. 
4. The general mechanisms provided by the controller so that the owner is aware of the information processing policy and the substantial changes that occur in it. In all cases, you must inform the owner how to access or consult the information processing policy. 
5. The optional nature of the response to questions on sensitive data. 

 

17. PROCEDURE FOR DEALING WITH QUERIES, COMPLAINTS, REQUESTS, RECTIFICATION, UPDATING AND DELETION OF DATA
18. Petitions, Complaints or Claims:

The Owner, his successors, his representative and/or attorney-in-fact, or whoever is determined by stipulation in favor of another; who consider that the information contained in a database should be subject to correction, rectification, updating or deletion, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with BIS CONTACT CENTER – BIS S.A.S., which will be processed under the following rules: 

• The Owner’s claim will be made by means of a request addressed to BIS CONTACT CENTER – BIS S.A.S., at the mcarmona@biscc.com.co email, with the identification of the Owner, the description of the facts that give rise to the claim, the object of the request, the address, and accompanying the documents that you want to assert.

1. If the claim is incomplete, the interested party will be required within five (5) days of receipt of the claim to correct the defects. If two (2) months have elapsed from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
2. In the event that the person receiving the complaint is not competent to resolve it, he or she shall notify the appropriate party within a maximum period of two (2) business days and shall inform the interested party of the situation.
3. Once the complete claim is received, a legend will be included in the database that says, “claim in process” and the reason for it, within a term of no more than two (2) business days. This legend must be maintained until the claim is decided.
4. The maximum term for dealing with the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
5. BIS CONTACT CENTER – BIS S.A.S., will store the information of suppliers and contractors for the duration of the contract entered between them and subsequent to it, as long as the supplier and/or contractor does not request the deletion of the data provided or that a competent authority orders it. 
6. BIS CONTACT CENTER – BIS S.A.S., will store customer information for as long as the contract entered between them is in force and after it, as long as the customer does not request the deletion of the data provided or that a competent authority orders it. 

2. Consultation: 

The Owners or their successors may consult the personal information of the Owner that is stored in any database of BIS CONTACT CENTER – BIS S.A.S. They must provide all the information contained in the individual record or that is linked to the identification of the Owner.

1. The query will be made by the means provided, through a request addressed to BIS CONTACT CENTER – BIS S.A.S., to the email mcarmona@biscc.com.co, as long as proof of this can be maintained.
2. The query will be answered within a maximum term of ten (10) business days from the date of receipt of the same. When it is not possible to respond to the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be answered, which in no case may exceed five (5) working days following the expiration of the first term.

18. INFORMATION SECURITY AND SECURITY MEASURES 

In development of the security principle established in current regulations, BIS CONTACT CENTER – BIS S.A.S., will adopt effective internal policies and mechanisms, to guarantee that the technical, human and administrative measures that are necessary to provide security to the records preventing their adulteration, loss, consultation, use or unauthorized or fraudulent access.

19. SECURITY OF THE FACILITIES THROUGH VIDEO SURVEILLANCE SYSTEMS

BIS CONTACT CENTER – BIS S.A.S., has a video surveillance system and security cameras inside its facilities and at the access sites, as part of its security programs. The images, photographs, videos captured and/or filmed, recordings and images captured have a limited recording record, which at the end of this time will be deleted. In no way will these images, recordings and/or recordings be used or shared with third parties, for commercial purposes or activities other than those of preserving the security and surveillance of the facilities and will only deliver the videos or recordings at the request of the competent authority in the exercise of its legal functions and undertakes to carefully review the information that will be delivered,  in such a way that the dignity, privacy or good name of any of the people who may appear in such images or videos is not violated. BIS CONTACT CENTER – BIS S.A.S., will inform users through the publication of audio or video notices and/or announcements, about the implementation of video surveillance systems, which will contain at least the content of a privacy notice.

20. PUBLICATION AND VALIDITY

This Personal Data Treatment and Protection Policy will enter into force once said document has been approved and published. Likewise, this document is in force from April 9, 2025 and until such time as it is expressly revoked or modified.

MARÍA DEL PILAR CARMONA

LEGAL REPRESENTATIVE

TO CONTACT CENTER – TO S.A.S.

PRIVACY NOTICE

The owner of the information voluntarily, consciously and expressly authorizes BIS CONTACT CENTER – BIS S.A.S., for the treatment, collection, storage, use, circulation, transfer, transmission or deletion of the personal data that has been provided to the company, and which will be carried out in accordance with the Data Protection Policy of BIS CONTACT CENTER – BIS S.A.S. which the owner agrees to know and understand.  and that it has been prepared based on Article 15 of the Constitution, Law 1581 of 2012, Law 1266 of 2008, Decree 1727 of 2009, Decree 1377 of 2013, Decree 074 of 2015 and other related regulations, being those reserved and protected by our Personal Data System, enjoying special security those personal data of a sensitive nature; Likewise, the owner authorizes that his/her personal information may be transmitted to third parties, legal or natural persons of the private and public sector within and outside the national territory, who will in turn be Responsible or Responsible for the personal information that has been transferred to them.

The data controller of the Database is BIS CONTACT CENTER CENTER – BIS S.A.S., a company with registered office at Cra. 1 # 12 – 118, Plaza Bocagrande Shopping Center, Cartagena, Colombia, with NIT. 901379017-0, e-mail mcarmona@biscc.com.co and telephone 605 6411320.

The rights as the owner of the personal data, the purpose of the processing, the obligations as the person responsible and in charge of the information, as well as the procedure for dealing with requests or observations, are contained in the Personal Data Protection Policy of BIS CONTACT CENTER – BIS S.A.S., which the owner of the information,  You declare to know and accept, this document being an integral part of this Privacy Notice.

The Personal Data Protection Policy of BIS CONTACT CENTER – BIS S.A.S. is available on the company’s website.

COOKIES POLICY

1. OBJECTIVE

To establish the guidelines for the proper administration of the process of implementing Cookies in the web services of BIS CONTACT CENTER – BIS S.A.S.

2. SCOPE

It applies to all users who use the web services offered by BIS CONTACT CENTER – BIS S.A.S.

3. COOKIE POLICY

BIS CONTACT CENTER – BIS S.A.S., and our affiliated companies need to implement Cookies to offer their web services and, additionally, provide a quality service to all users who use them. They are necessary to analyze trends, manage and track users’ movements during their visit to the website, and gather demographic information.

4. DEFINITION AND TYPE OF COOKIES

Cookies are files that collect information through a website about the browsing habits of a user or their computer and could eventually form a database according to the legal definition of Law 1581 of 2012 by collecting personal data according to the following characteristics: (i) they refer to exclusive aspects and typical of a natural person,  ii) they allow the person to be identified, to a greater or lesser extent, thanks to the overall vision that is achieved with it and with other data; iii) its ownership resides exclusively in the owner of the same, a situation that is not altered by its obtaining by a third party in a lawful or illicit manner, and iv) its treatment is subject to special rules (principles) in relation to its collection, administration and disclosure; In this case, the responsible party must abide by the data protection regulations in force in Colombia, especially the application of the guiding principles for the management of data of legality, purpose, freedom, veracity or quality, transparency, access and restricted circulation, security and confidentiality enshrined in Article 4 of Law 1581 of 2012.

Cookies allow this page, among other things, to store and retrieve information about your browsing habits on our website and depending on the information it contains and the way you use the equipment, they can be used to recognize the user and facilitate their navigation on the website.

1. Functional Cookies: These cookies are used to record a user’s choice and settings that allow our website to function properly or that maintain your preferences over time and may be stored on your device. For example, BIS CONTACT CENTER – BIS S.A.S., saves preferences, such as language, browser and media player settings, which allows the browser to remember these settings each time you return to the site.
2. Analytics Cookies: To provide our products and improve your experience on our website, BIS CONTACT CENTER – BIS S.A.S., uses Cookies and other identifiers to collect usage and performance data. For example, we use Cookies to count the number of unique visitors to a website or service, visitors to our blog, and to develop other statistics about the operations of our products. This includes Cookies from BIS CONTACT CENTER – BIS S.A.S., and third-party analytics providers. We use the information to compile reports and help us improve the website. 
3. Advertising Cookies: BIS CONTACT CENTER – BIS S.A.S., uses Cookies to collect your data about your online activity and identify your interests so that we can offer you the most relevant advertising for you. You may opt out of receiving interest-based advertising from BIS CONTACT CENTER – BIS S.A.S., as described in the section, how to control Cookies.
4. Service Cookies: BIS CONTACT CENTER – BIS S.A.S., uses performance Cookies to balance the load in order to ensure that the web services remain active and operational.
5. Social Media Cookies: Our website includes snippets of code provided by social media companies that can detect if you are already logged into a given social media account so that you can easily share BIS CONTACT CENTER – BIS S.A.S. content with other social media users through this account. These code snippets read the Cookies previously set by the social media company’s web content while you are logged in and browsing such content on those social media sites.
6. Third-party cookies: This website may use third-party services that collect information for statistical purposes, the use of the site by the user and for the provision of other services related to the activity of the site and other internet services.
7. CURRENT REGULATIONS

In Colombia there are no regulatory bodies that have defined Cookies or their regulation. However, within our good corporate practices and in accordance with the application of the duties enshrined in the Colombian data protection regulations (which include Law 1581 of 2012, Decree 1377 of 2013, among others) we have developed this policy, in accordance with the principles of purpose, freedom, transparency and veracity of the data.

6. ACCEPTANCE OF THE USE OF COOKIES

If the User has stated through the accept and continue button, which is in the drop-down notification on the website, that they agree with the processing of Cookies and in that sense, remain on it and/or do not disable the use of Cookies in their browser, we understand that they have consented to their use. However, at any time, you can revoke it and disable the Cookies, deleting those stored on your computer, through the settings and settings of your browser.

7. DISABLING AND DELETING COOKIES

Most web browsers automatically accept cookies but provide controls that allow you to block or delete them.

The user, on their first access to the website, can configure and accept or reject Cookies on this website. Subsequently, the user may, at any time, change or withdraw their consent through this Cookies Policy or configure it in their browser.

Please note that, if you decide not to use some Cookies, this website may not function properly, present failures or prevent the operation of some of its features, affecting the user experience.

8. REVISIONS TO OUR COOKIE POLICIES

We may amend this Cookie Policy when we make updates, changes or revisions, which will take effect when we post the updated Cookie Policy on our website. If we make material changes, we will notify you by email or at our option, by means of a notice on this site, prior to the change becoming effective.