top of page

Privacy Policy

Processing of personal data

1. OBJECTIVE.
The purpose of this policy is to communicate the rules and conditions for the treatment of personal information carried out by OCTOPUS FORCE SAS, complying with the Personal Data Protection Regime in Colombia, especially articles 15 and 20 of the National Constitution, the Law 1581 of 2012, Regulatory Decrees, External Circular 002 of 2015 issued by the Superintendency of Industry and Commerce and other concordant regulations.


2. REACH.
The Personal Data Processing Policy is applicable to users, clients, contractors, employees, former employees, ex-contractors, applicants for vacancies, suppliers, consumer shareholders of OCTOPUS FORCE SAS, and in general any holder of information that, due to our activities, we need your personal information to maintain current relationships and it will be mandatory and strict compliance for OCTOPUS FORCE SAS

​

3. DEFINITIONS.

  • Authorization:Prior, express and informed consent of the Holder to carry out the Treatment. This can be written, verbal or through unequivocal conduct that allows a reasonable conclusion that the Owner accepted the Processing of their data.

  • Database:Organized set of Personal Data that is subject to Treatment, electronic or not, whatever the modality of its formation, storage, organization and access.

  • Consultation:Request of the Owner of the Personal Data, of the persons authorized by it, or those authorized by law, to know the information that rests on it in the Company's Databases.

  • Notice of Privacy:Verbal or written communication generated by the person in charge, addressed to the Owner for the Treatment of their personal data, through which they are informed about the existence of the Treatment policies that will be applicable to them, the way to access them and the purposes of the Treatment that is intended to be given to personal data.

  • Personal Data:Any information linked or that can be associated with one or several natural, determined or determinable persons.

  • Private Personal Data:Data that due to its intimate or reserved nature is only relevant to the Owner.

  • Public Personal Data:Data classified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private, private or sensitive.

  • Sensitive data:Those that affect the privacy of the owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.

  • Processor:Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the data controller.

  • Responsible for the treatment:Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the treatment of the data.

  • Headline:Natural person whose personal data is processed.

  • Transfer:The transfer of data takes place when the person in charge and/or in charge of the Processing of personal data sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is located inside or outside the country.

  • Transmission:Treatment of personal data that implies the communication of the same inside or outside the territory of the Republic of Colombia when its purpose is to carry out a Treatment by the Manager on behalf of the person in charge.

  • Treatment:Any operation or set of operations on personal data, such as the collection, storage, use, circulation, transfer, transmission or deletion of these.

​

4. RESPONSIBLE.
Responsible for the treatment: OCTOPUS FORCE SAS
NIT: 900.772.854-1
Telephone: 317-3835559
Address: Calle 2 #12-47 Cali
Email:info@octopusforce.com

​

5. TREATMENTS AND PURPOSES.
TYPES OF PERSONAL DATA THAT WE PROCESS:
OCTOPUS FORCE SAS may collect information and personal data from Users, Clients, Contractors, Suppliers, Employees and any holder whose information is required, which may vary due to requirements of local authorities, technological facilities, nature of the product and/or service to be provided, among others, for such purposes, we may collect personal information, which may be stored in a physical or digital file and/or processed on servers located in computer centers, whether owned or contracted with third parties and which are of the following nature:

  • General and specific identification data.

  • Location data related to business activity.

  • Financial and credit data.

  • Data related to the educational level and/or academic history of the person.

  • Data related to the person's employment history.

​

TREATMENT TO WHICH THE PERSONAL DATA IS SUBJECTED:
The personal data in the possession of OCTOPUS FORCE SAS are subject to the following treatment:

  • Harvest: The personal information in our possession is obtained through different activities related to our business activity and the obligations we have. The information is requested directly from the owner, who will always grant his authorization. The instruments that we use to collect information have all the requirements established in the regulations regarding the protection of personal data, and obey the principles of freedom and purpose, therefore, in each of them, the Authorization of consent for the processing of personal data.

  • Storage: On some occasions, personal information is stored directly on the computers of those responsible for the processes, or in physical files, for these cases, information access controls are established, with physical, technical and administrative security measures, guaranteeing the principle of restricted access and circulation. As well as on external servers run by third parties, which may be inside or outside the country.

  • Use: The use of the information stored in our database has different objectives in accordance with the purposes established below.

  • Circulation:OCTOPUS FORCE SAS does not share the data it collects with third parties, and it circulates internally in a restricted manner, according to the uses and purposes for which it is required.

  • Suppression:The deletion of personal information is carried out once the cycle for which the data was requested has been completed, or in cases in which the owner of the information requests the deletion of the information, as long as the law authorizes it.

​

PURPOSE OF PERSONAL INFORMATION:

OCTOPUS FORCE SAS in the development of its corporate purpose constantly collects personal data, with the following uses and purposes:

  • Carry out the pertinent steps for the development of the company's corporate purpose in what has to do with compliance with the purpose of the contract entered into with the Holder of the information.

  • Make invitations to events and offer new products and services.

  • Provide contact information to the commercial force and/or distribution network, telemarketing, market research and any third party with which OCTOPUS FORCE SAS has a contractual relationship for the development of activities and for their execution.

  • Contact the Owner through telephone means to carry out surveys, studies and/or confirmation of personal data necessary for the execution of a contractual relationship.

  • Contact the Holder through electronic means to send news related to loyalty campaigns or service improvement.

  • Contact the Holder via email to send statements, account statements or invoices in relation to the obligations derived from the legal or contractual relationship between the parties.

  • Comply with the obligations contracted by OCTOPUS FORCE SAS with the Owner of the Information, in relation to the payment of fees, salaries, social benefits and/or other remuneration established according to the type of contract signed with the owner.

  • Transmit personal data outside the country to third parties with which OCTOPUS FORCE SAS has signed a data processing contract and it is necessary to deliver it to them for the fulfillment of the contractual object.

  • Provide the services offered by OCTOPUS FORCE SAS and accepted in the signed contract.

  • Provide the information to third parties with which OCTOPUS FORCE SAS has a contractual relationship and that it is necessary to deliver it to fulfill the contracted object.

  • Carry out satisfaction surveys regarding the goods and services offered by OCTOPUS FORCE SAS

  • Send information to the owners, related to the corporate purpose of the organization.

  • Share information with financial entities to open bank accounts and other financial products.

  • Validate or share the labor and/or commercial references that the Holder has contributed or is currently executing.

  • Provide personal information that may be of a commercial nature, for the execution of the contractual relationships acquired by the Company with third parties such as the agreements or contracts that the latter signs.

  • Update personal data

  • Carry out procedures for linking to the social security system and compensation funds, as applicable.

  • Perform biometric data processing for the implementation and use of entry, exit and security systems that require biometric authentication.

  • Carry out security studies and share said information with entities that provide these services, carry out home visits, entrance and exit medical examinations, periodic examinations, internal movement, referrals and others.

  • Analyze, evaluate and consult the information provided by the Holder in lists for the control of money laundering and financing of national or foreign terrorism.

  • Advance analyze, and carry out evaluation and selection of personnel for applicants for vacancies.

  • Issue labor and/or commercial references when the Holder requires it.

  • Carry out analysis, evaluation and selection of suppliers and/or contractors together with their subsequent acceptance or decline of a possible commercial relationship.

  • Request proposals and quotes.

  • Sharing business agreements to acquire goods or services

  • Analyze, evaluate and consult the information provided by the Holder in lists for the control of money laundering and financing of national or foreign terrorism; binding and non-binding, this consultation is extended to shareholders as natural persons.

  • Perform statistical analysis, referencing, consultation in public databases, verification and audits.

  • Collect information on commercial relationships with other entities, consult financial data in the credit centers that manage financial information databases and the data required to manage the contractual or commercial relationship with the Holder.

  • Certify the commercial relations generated between the parties.

  • Making phone calls, sending emails, verification visits, sending communications and checking references.

  • Send information about our products, and invite them to participate to provide their services or to purchase products.

  • Carry out analysis on the quality of service received from suppliers and/or contractors.

  • Comply with the legal requirements in fiscal, customs and commercial matters with administrative, judicial and police entities.

  • Carry out administrative procedures (accounting, financial, updating personal data).

  • Use your data in communication campaigns, dissemination and promotion of products, activities or services.

  • Carry out through any means directly or through third parties, programming and provision of technical service, sale, purchase, billing, portfolio management, monitoring of product performance, collection, business intelligence, marketing, promotion or advertising activities , improvement of the service, monitoring of collection, verification, consultation and control, authorization of means of payment as well as any other related to our current and future products and services, for the fulfillment of contractual obligations and the corporate purpose of the company.

  • Consult information centers for commercial purposes.

  • Provide personal information of a commercial nature, for the execution of contractual relationships acquired by the Company with third parties.

  • Manage procedures (requests, complaints and claims).

  • Keep records and control of the payroll and contractors of OCTOPUS FORCE SAS

  • Keep the record and control of customers and suppliers for the respective payments.

  • Prepare reports from different areas on accounting, inventory, payroll, sales, financial and similar aspects.

  • Keep records and control of information, aimed at the execution of all administrative procedures related to daily management and typical of the ordinary business of the Organization.

  • Keep track of people who register on the website and social networks.

  • Keep track of potential customers who communicate through the forms provided on the different platforms.

  • Celebrate, subscribe or maintain contractual relations with the Holders.

  • Carry out the treatment of information required in labor, contractual and corporate matters of the Company.

  • Carry out legal procedures of the company, related to the Holders of the Information.

  • Solve Customer Queries according to the contact information provided.

​

AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA:

OCTOPUS FORCE SAS requests in a free, prior, express and duly informed manner, the authorization by the owners of the data and for this it has provided suitable mechanisms guaranteeing in each case, the verification of the granting of said authorization. It may be recorded in any medium, be it a document 

physical, electronic or in any format that guarantees its subsequent consultation, through technical tools, complying with the requirements established by law.

 

PROTECTION MEASURES:

OCTOPUS FORCE SAS has adopted the necessary technical, legal, human and administrative measures to ensure the security of personal data, protecting confidentiality, integrity, use, unauthorized and/or fraudulent access. Likewise, security protocols of mandatory compliance have been implemented internally for all personnel with access to personal data and information systems.

The internal security policies under which the owner's information is kept to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access, are the following:

  • Personal Information Treatment Policies

  • Confidentiality clauses in the signed contracts.

  • Authorizations for data processing in the formats and spaces where personal information is captured

​

SENSITIVE DATA:

On the occasion of the processing of data of contractors, employees, ex-contractors, former employees and applicants for vacancies or contracts, sensitive personal data may be processed, which will be administered under the conditions indicated in this Policy and under the express authorization of each of the holders of in accordance with Law 1581 of 2012 and its regulatory decrees.

 

DATA PROCESSING OF CHILDREN AND ADOLESCENTS:

In the Processing of personal data, the Company will ensure respect for the prevailing rights of minors (boys, girls, and adolescents). For this reason, what is indicated in article 7 of Law 1581 of 2012 and the other concordant provisions on the matter will be complied with.

 

POLICY CHANGES:

OCTOPUS FORCE SAS reserves the right to review and update this Data Protection Policy at any time, so any changes made will be published on its site. When substantial modifications are made to this Policy, this fact will be communicated to the holders of the information by sending a notice to the email they have registered, before or at the latest at the time of implementation, informing them that they can consult the new Policy at the official page. Said notice will indicate the date on which the new Policy begins to apply. When the change refers to the purposes of the treatment, a new authorization will be requested from the owners to apply them.

​

VERACITY OF THE INFORMATION:

The owners of the data that have a contractual or commercial relationship with OCTOPUS FORCE SAS, have the duty to provide truthful personal information, the company presumes the veracity of the information provided by the Holders and will not assume the obligation to verify their identity, nor the veracity, validity, sufficiency and authenticity of the data that each one of them provides. Therefore, they will not assume responsibility for damages and/or losses of any nature that could originate from the lack of veracity, validity, sufficiency or authenticity of the information and personal data, including damages and losses that may be due to homonymy or impersonation. of identity.

​

6. RIGHTS THAT ASSIST YOU AS THE HOLDER OF THE DATA.

The Fundamental Right to Habeas Data or Protection of Personal Data, empowers the owner of the data to request access, updating, rectification and deletion of their personal data that is in the possession of a third party, in turn, can revoke the authorization that has been granted for the treatment. In this sense, the law recognizes the following rights to the owner:

​

  • Update:You can request the update of your personal data if it is divided, incomplete, among others.

  • Rectification and/or correction:You can request the rectification of your personal data in case they are wrong, partial or if they are misleading.

  • Deletion: You can request the deletion of your personal data from our databases for advertising purposes. The information will continue to be kept for the purposes determined by law.

  • Revocation: You can request the revocation of the authorization for the processing of your personal data, from our databases that have advertising purposes.

 

Procedure so that the holders of the information can exercise their rights:

  • Consultation: Through the consultation mechanism, the owner of the data may request access to their personal information that rests in our databases. The query will be answered within a maximum term of ten (10) business days from the date of receipt thereof. If it is not possible to respond to the query within the referenced term, you will be informed of the reasons for the delay and a maximum response of five (5) business days following the expiration of the first term.

  • claim: Through the complaint mechanism, the owner of the data may claim any disagreement that they have about the use that is being given to their data.

​

7. PROCEDURE TO EXERCISE RIGHTS AS DATA PROTECTION.

In accordance with the regulations on protection of personal data, to make their rights effective, the owner must follow the following procedure:

For the filing and attention of your request, we ask you to provide the following information:

  • Full name and surname.

  • Contact information (Physical and/or electronic address and contact telephone numbers).

  • Means to receive a response to your request.

  • Reason(s)/fact(s) giving rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of the authorization granted, revoke it, delete, access the information) and the corresponding evidence according to the case.

  • Signature (if applicable) and identification number.

​

The claim will be addressed within a maximum term of (15) fifteen business days, counted from the day following the date of receipt. If it is not possible to attend to the claim within said term, you will be informed of the reasons for the delay and a response will be given, maximum in (8) eight business days following the expiration of the first term.

​

In the event that the claim is incomplete, it will be required, within five (5) days following receipt of the claim, to correct the failures. After two (2) months from the date of the request, without submitting the required information, it will be understood that the claim has been withdrawn.

 

In the event that it is not competent to resolve the claim, it will notify the corresponding person within a maximum term of two (2) business days and inform the owner of the situation.

 

CHANNELS ENABLED FOR THE EXERCISE OF HABEAS DATA RIGHTS

OCTOPUS FORCE SAS has enabled the following channel for holders to exercise their Habeas Data right:

Email:info@octopusforce.com

​

The Legal area of OCTOPUS FORCE SAS is the area responsible for effective compliance with the Policy, as well as for queries and claims related to the protection of personal data of the holders.

​

8. FINAL PROVISIONS.

PERMANENT MEASURES

In the processing of personal data, OCTOPUS FORCE SAS will permanently verify in its processes, protocols, procedures and policies that the right to habeas data of the holders is guaranteed.

​

POLICY BINDING

Contractors, employees, clients, suppliers and any owner that has a contractual or commercial relationship with OCTOPUS FORCE SAS must abide by this policy, and the internal manuals for its effective compliance.

​

COMPLIANCE WITH THE PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

OCTOPUS FORCE SAS guarantees the principles of legality, purpose, freedom, veracity or quality, transparency, access and restricted circulation, security and confidentiality on the data that rests in the databases that are in our possession.

​

9. TERM.

This policy came into effect on the twenty-fourth (24) day of March, done thousand twenty-one (2021).

​

bottom of page