Data Processing Policies

 

Alianza Explora SAS commercial establishment (hereinafter Alkirenting.com), identified with the NIT. 900.987.559-5, with its main address at Calle 36 # 26 - 48 Int 110 Office 301, Bucaramanga, Colombia, recognizes the importance of security, privacy and confidentiality of personal data of its customers, users, employees, suppliers, shareholders, partners and in general all its stakeholders with respect to which it processes personal information, so in compliance with the constitutional and legal provisions, adopted this Política para el tratamiento de datos personales de Alkirenting.com

1. Applicable regulations

The following is a list of the main regulations in force in Colombia regarding the protection of personal data, to whose compliance Alkirenting.com is fully committed and which have been taken into account for the development of this Política y el Sistema Integral de Gestión de Datos Personales de Alkirenting.com.

Article 15 of the Political Constitution of Colombia.
Statutory Law 1266 of 2008.
Law 1273 of 2009.
Statutory Law 1581 of 2012.
Decree 1377 of 2013.
Decree 886 of 2014.
Decree 1074 of 2015.
Title V of the Sole Circular of the Superintendence of Industry and Commerce.

Translated with www.DeepL.com/Translator (free version)

2. Context and scope

According to Article 15 of the Political Constitution of Colombia, all persons have the right to know, update and rectify the information held about them in data centers. For its part, Law 1581 of 2012, established the general regime of Personal Data Protection in Colombia, developing the constitutional principles under which everyone has the right to know, update and rectify the personal information held in databases or files (manual or automated), and to receive truthful and verifiable information. In Alkirenting.com as responsible for information, we have a special regulation on the Data Protection of our customers, and we define processes and policies that seek to ensure confidence, security and quality in the use of information. Alkirenting.com receives, registers, keeps, modifies, reports, consults, delivers, shares and eliminates information with the authorization of the owner of the same. The data allow us to offer and provide information on products and services to consult, report and update before the operators of information and risk; update the status of contractual relations, comply with the agreed obligations, prevent the risk of money laundering, terrorist financing, among others. Alkirenting.com obtains the authorization of the owner of the data through different means, such as written, verbal or virtual authorization for the purposes described in this policy.

3. Addressees

The present policy is directed to our clients, users, collaborators, suppliers, allies and in general our stakeholders about whom Alkirenting.com processes personal information.

4. Definitions

The following definitions shall be taken into account for the purposes of this policy:

Authorization: is the prior, express and informed consent of the owner of the information to carry out the processing of personal data.
Privacy Notice: is the verbal or written communication that aims to inform the owner of the data about the data protection policy of Alkirenting.com.
Database: organized set of personal data subject to processing.
Causahabiente: is the person who has succeeded another, because of his death (can also be understood as heirs or legatees).
Personal Data: any information linked or that may be associated to one or several determined or determinable natural persons.
Public Data: data that the law or the Constitution determines as such, as well as all those that are not semi-private or private.
Private Data: data that, due to its intimate or reserved nature, is only relevant to the owner of the information.
Semi-private data: data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of persons.
Sensitive Data: data that affects the privacy of the owner or whose improper use may lead to discrimination.
Data Processor: natural or legal person, public or private, who by himself or in association with others, carries out the processing of personal data on behalf of the data controller.
Data Controller: natural or legal person, public or private, which by itself or in association with others, performs the processing of personal data.
Data subject: natural person whose personal data is the object of processing. For Alkirenting.com will be holders of information customers, users, partners, suppliers, partners, shareholders, visitors, our stakeholders and any other natural person whose data are processed by Alkirenting.com, either directly or indirectly.
Data Transfer: occurs when the person responsible and/or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.
Data Transmission: processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia when the purpose of the processing is carried out by the processor on behalf of the data controller.
Processing: any operation or set of operations on personal data, such as collection, storage, use, circulation or suppression.

5. Guiding principles for the processing of personal data

Alkirenting.com is committed to the holders of the information to treat their personal data in accordance with the following principles:

Principle of legality of data processing

Alkirenting.com is aware that the treatment referred to in Law 1581 of 2012 is a regulated activity that must be subject to the provisions therein and other provisions that develop it.

Principle of finality

Alkirenting.com will process the data for a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the owner..

Principle of freedom

Alkirenting.com will process data only with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate.

Principle of truthfulness or quality

The information to be processed must be truthful, complete, updated, verifiable and understandable. Alkirenting.com prohibits the processing of fractioned or misleading data.

Principle of transparency

Alkirenting.com knows that the owners of the information have the right to obtain at any time and without restriction, information about the existence of data concerning him/her.

Principle of restricted access and circulation

The treatment is subject to the limits derived from the nature of the personal data, the provisions of Law 1581 of 2012 and the Constitution. In this sense, the treatment may only be done by persons authorized by the owner and/or by the persons provided by law. With the exception of public information, Alkirenting.com will not make personal data available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to holders or authorized third parties in accordance with law 1581 of 2012.

Safety principle

Alkirenting.com will handle the information subject to treatment referred to in Law 1581 of 2012, with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

Principle of confidentiality

All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only provide or communicate personal data when this corresponds to the development of the activities authorized in Law 1581 of 2012 and under the terms of the same.

6. Authorizations

Alkirenting.com will request authorization so that the owner of the information grants prior, express and informed consent to the treatment to which their personal data are subject. The authorization may also be obtained from unequivocal conduct of the owner of the data, which allow us to reasonably conclude that he/she gave his/her consent for the processing of his/her information. Such conducts must clearly externalize the will to authorize the processing. The consent of the owner may be obtained by any means that may be subject to subsequent consultation, such as written, verbal, virtual communication or by unequivocal conduct. By virtue of its nature and corporate purpose, Alkirenting.com receives, collects, records, preserves, stores, modifies, reports, consults, delivers, transmits, transfers, shares and deletes personal information, for which it obtains the prior authorization of the owner.

The authorization granted by the owners of the information to Alkirenting.com allows, among other things, the realization of the following purposes:

• Offer and provide information on products and services.
  Consult, report and update your data before the information and risk operators.
  Update the current contractual relationships and comply with the agreed obligations, among others (see section 7 Purposes).

Alkirenting.com will keep proof of such authorizations in an appropriate manner, ensuring and respecting the principles of privacy and confidentiality of information. Learn here the authorization for the treatment of personal information signed by our customers.

Likewise, in Alkirenting.com when dealing with information related to the following types of data, the following special considerations will be taken into account:

Sensitive Data

For the treatment of sensitive data, Alkirenting.com will inform the owner of the data as follows:

For the treatment of this type of information the holder is not obliged to give his authorization or consent.
It will be informed explicitly and in advance what kind of sensitive data will be requested.
The treatment and purpose of the sensitive data will be communicated.
The authorization of sensitive data shall be prior, express and clear.

Data on children and adolescents.

Alkirenting.com will ensure that the processing of this type of data is carried out in accordance with the rights of children and adolescents. In this sense, their special nature will be protected and will ensure respect for their fundamental rights, in accordance with the provisions of articles 5, 6 and 7 of Law 1581 of 2012, and articles 6 and 12 of Decree 1377 of 2013, and other rules that modify or add to them. For purposes of complying with the above, Alkirenting.com shall act in accordance with the following:

• Authorization will be requested from the legal representative of the child or adolescent after the minor has exercised his or her right to be heard, an opinion that will be assessed taking into account the maturity, autonomy and capacity to understand the matter, for the purpose of processing his or her personal data.
  The optional nature of answering questions about the data of children or adolescents will be informed.
  It will be explicitly and previously informed which are the data to be processed and the purpose of this.

Alkirenting.com informs all its stakeholders that, in accordance with Article 10 of Law 1581 of 2012, the authorization of the holder will not be necessary when dealing with:

• Data of a public nature.
  Cases of medical or health emergency.
  Processing of information authorized by law for historical, statistical or scientific purposes.
  Data related to the Civil Registry of Persons.

7. Purposes

The following are the main purposes for which Alkirenting.com processes personal information:

Customers and/or users

• To know their financial, commercial and credit behavior and the fulfillment of their legal obligations.
  Carry out all the necessary steps to confirm and update customer information.
  Validate and verify the customer's identity for the offering and administration of products and services, as well as to share information with various market players.
  Establish a contractual relationship, as well as maintain and terminate a contractual relationship.
  Offer and provide products or services through any means or channel according to the customer's profile and technological advances.
  Receive information from Alkirenting.com regarding current and future commercial campaigns, promotion of products and services both own and third parties, and other communications necessary to keep the customer communicated and informed through: phone call, text message, email, Facebook, Twitter, Instagram or any social network integration or instant messaging, among others.
  Receive messages related to collection management and portfolio recovery, either directly or through a third party hired for such function.
  Perform an adequate provision and administration of financial services, including collection management.
  Provide commercial, legal, product, security, service or any other type of information.
  To know the location and contact information of the client for purposes of notifications for security purposes and to offer benefits and commercial offers.
  Conduct commercial, statistical, risk, market, interbank and financial analysis and research, including contacting the client for these purposes.
  Prevent money laundering, financing of terrorism, as well as detect fraud, corruption, and other illegal activities.
  Perform, validate, authorize or verify transactions, including, when required, the consultation and reproduction of sensitive data such as fingerprint, image or voice, among others.
  Conduct satisfaction surveys concerning the services provided by Alkirenting.com.
  Consult fines and sanctions before the different administrative and judicial authorities or public databases whose function is the administration of data of this nature.

Suppliers and allies

• The information requested to the supplier or partner may include information of the natural or legal person as appropriate. Likewise, it is possible that information may be requested from employees of the supplier or partner who are dedicated to fulfill some function or relationship with Alkirenting.com that by the work performed require access to the facilities, applications and / or systems or others of the organization.
  Perform the process of linking the supplier or partner with the Organization, generating the development of internal procedures, which are relationship, accounting, financial, commercial, logistical, among others.
  Manage and verify commercial and reputational background and risks of money laundering and terrorist financing, as well as to detect and/or prevent fraud, corruption and other illegal activities by the supplier or its employees in relation to the operation of Alkirenting.com.
  Manage and strengthen contractual relationships with the supplier or partner, allowing greater control over the obligations assumed by the parties.
  Review and evaluate the results of the supplier or partner, in order to strengthen the contracting processes within Alkirenting.com.
  Offer and provide products or services through any media or channel according to the profile of the supplier or partner, and in accordance with technological advances.
  Carry out commercial, statistical, risk, market, interbank and financial analysis and research based on the results of the supplier or partner.

Aspirantes y colaboradores

The information that Alkirenting.com collects from applicants or candidates for positions within the organization is treated in order to perform the evaluation of income and the process of linking the applicant. The treatment of the personal information of our collaborators has as purpose the management of the existing labor relations with them, as well as the development of the different activities established by the organization. Among which we highlight the following:

• To comply with the obligations and rights derived from its activity as an employer, and the activities of its main and related corporate purpose, which may be performed directly or with the support of third parties with whom your information will be shared for purposes related to the purpose of the contract.
  Share your personal data with the authorities (judicial or administrative) national or foreign when the request is based on legal, procedural, and / or tax reasons.
  Access and authorization of the benefits established by the employer, according to the requirements defined in each case.
  Manage and strengthen contractual relationships with the supplier or partner, allowing greater control over the obligations assumed by the parties.

In the case of former employees, Alkirenting.com will store, even after the end of the employment contract, the information necessary to comply with the obligations that may arise under the employment relationship that existed under Colombian law, or under the services that by virtue of the relationship may be provided, as well as provide labor certifications that are requested by the former employee or by third parties against whom the former employee carries out a selection process.

Shareholders

Shareholders' personal information and data, including personal information, contact information, as well as information and documentation provided through virtual channels, telephone channel, email and information updates will be collected, consulted, updated, modified and processed directly by Alkirenting.com and/or by third parties designated by it, for the following purposes:

• To comply with the obligations and rights derived from its capacity as Issuer and Depositor, respectively.
  To carry out the activities of integral administration of the shareholders' registry book.
  Provide information related to procedures, complaints and requests from shareholders.
  Provide access to information to judicial or administrative authorities that request such data in the exercise of their functions.
  To manage the risk of Money Laundering and Financing of Terrorism and corruption.
  Compliance with the necessary activities and purposes of the issuer-shareholder relationship.

Acceso a edificios, vigilancia y seguridad de las instalaciones

•  To have information on each of the employees, Outsourcing personnel working for Alkirenting.com and visitors entering the General Management buildings or other facilities of the organization.
  Control and identify access to the administrative offices of General Management.
  Maintain security and access control to buildings, branches and other facilities.

Alkirenting.com informs all owners that the data collected directly at the security points of the administrative headquarters, buildings, branches and other facilities, which are provided in documents of security personnel, and the data obtained from video recordings that are made inside or outside the facilities of Alkirenting.com are used for security purposes of persons, property and facilities.

8. Duration of data processing

Personal data will be subject to treatment by Alkirenting.com during the contractual term in which the holder of the information has the product, service, contract or relationship, plus the term established by law.

9. Rights of the holder

The owners of the information that is processed by Alkirenting.com may:

• Know, update, rectify, delete or revoke their personal data and be informed of the treatment that Alkirenting.com performs on personal data.
  Submit requests and claims related to the current regulations on Personal Data Protection.
  Request revocation of the authorization and/or deletion of personal data in the case of determining that Alkirenting.com presents a conduct contrary to current regulations. The request for deletion or revocation shall not proceed when the owners have a legal or contractual duty to remain in the database of Alkirenting.com.

In accordance with art. 20 of Decree 1377 of 2013, the exercise of the aforementioned rights may be exercised by the following persons:

• By the owner, who must prove his identity sufficiently by the different means made available to him by the responsible party.
  By their successors in title, who must prove such capacity.
  By the holder's representative and/or attorney-in-fact, upon accreditation of the representation or power of attorney.
  By stipulation in favor of another or for another.
  The rights of children or adolescents shall be exercised by the persons empowered to represent them.

10. Duties of Alkirenting.com

Alkirenting.com as responsible for the personal data stored in its databases, undertakes to:

• Guarantee the holder the full and effective exercise of his/her rights.
  Request and keep a copy of the authorization granted by the holder or proof thereof.
  Inform the holder about the purposes of the collection, the uses of their personal data and their rights based on the authorization granted.
  Keep the information in secure conditions to prevent its adulteration, loss, consultation, use or unauthorized access.
  Guarantee that the information provided to third parties or persons in charge of the treatment is truthful, complete, accurate, updated, verifiable and understandable.
  Update the information held by any third party or processor, regarding all developments in relation to the data provided and take the necessary measures to ensure that the information is up to date.
  Rectify the information when it becomes aware that it is incorrect.
  Ensure that third parties and / or responsible for the processing of personal information for which Alkirenting.com is responsible, have effective measures and policies to ensure the proper treatment of such information.

Likewise, it will require them to commit to accept and apply the provisions of this Personal Data Processing Policy and other guidelines established by Alkirenting.com or certify that their internal policies include at least the provisions set forth herein.

If it is not possible to issue the certification, Alkirenting.com must corroborate that the internal policies of the third parties and/or persons in charge include security and/or privacy criteria equivalent or superior to those provided herein. In this sense, the third parties and/or persons in charge must adopt the security and privacy measures and conditions for the personal data, which are shared with them, at least at the same level of protection adopted by Alkirenting.com.

• To process queries and claims made in accordance with the provisions of this Policy and the law.
  Inform the data protection authority when security breaches occur and there are risks in the administration of the information of the owners.

11. Attention to queries, complaints and claims

The owners of the information when they need to make a query, complaint or claim may make use of:

Consultas

The owners, their assignees or any other person who may have a legitimate interest, may request to be informed about the personal data of the owner that are stored in any database of Alkirenting.com According to the above, Alkirenting.com will guarantee the right of consultation, giving to know the personal information linked to the owner. The consultations that deal with issues of access to information, proof of the authorization granted by the holder, uses and purposes of personal information, or any other query related to the personal information provided by the holder, must be submitted through the channels enabled by Alkirenting.com The query will be answered within a maximum period of ten (10) working days from the date of receipt of the same. When it is not possible to attend the consultation within the term provided, the interested party will be informed, indicating the reasons for the delay and the date on which the consultation will be attended, which shall not exceed five (5) business days following the expiration of the first term, in accordance with the provisions of Article 14 of Law 1581 of 2012.

Claims

Correction, updating, suppression and revocation of claims.

The owners, their assignees or any other person with a legitimate interest, who consider that the information contained in any of the databases of Alkirenting.com should be subject to correction, updating or deletion or who notice a possible breach of the duties established in Law 1581 of 2012 and its regulatory decrees, may file a claim following the requirements of Article 15 of the same law.

Requirements for filing a claim

• Identification of the owner or the person filing the claim, indicating his name and identification number.
• Describe the reason for the claim in a clear and express manner, where the facts that originated the claim are established, presenting the documents that the claimant intends to assert.
• Prove the legitimate interest of the person filing the claim and attach, if necessary, the corresponding supports.
• Indicate the telephone number, physical or electronic address to which the response to the request must be notified and sent.

In any case, if the claim is incomplete, the interested party will be required within five (5) days of receipt thereof to correct the faults. If after two (2) months from the date of the requirement, without the applicant submitting the required information, Alkirenting.com will understand that the claim has been abandoned. When Alkirenting.com is not the competent entity to resolve the claim submitted, it will be transferred to the appropriate party within a maximum period of two (2) working days, and the interested party will be informed of this situation. In the event that the claim is received complete, will be included in the database a legend that says "in process" and the reason for it, within a period not exceeding two (2) business days. This legend will remain until the claim is resolved and will be adjusted according to internal procedures. However, the maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to deal with it within such term, the interested party will be informed of the reasons for the delay and the date on which the claim will be resolved, which in no case may exceed eight (8) business days following the expiration of the first term. The owners, their assignees or any other person with a legitimate interest, may file a complaint with the Superintendence of Industry and Commerce, but only once they have exhausted the process of consultation or complaint to Alkirenting.com as responsible and / or any manager, in accordance with the provisions of Article 16 of Law 1581 of 2012.

Deletion of information

• In case of requesting the deletion of all or part of your personal information, you must take into account that Alkirenting.com will analyze the request made. However, the deletion of the information will not proceed in case the holder has any legal or contractual duty to remain in the database managed by Alkirenting.com.
• In case of requesting the revocation of the authorization of your personal data, Alkirenting.com will analyze the request made and will inform the holder if this revocation proceeds. However, the revocation of the authorization will not proceed in case the holder has any legal or contractual duty to remain in the database managed by Alkirenting.com The queries and complaints submitted will be processed in accordance with internal processes and procedures.

Channels of attention for queries, complaints and claims Alkirenting.com has enabled for the holders of personal data the following channels of attention for the exercise of their rights to know, update, rectify and / or delete their personal information.

Physical branches

• The holders of the information can approach any of the offices of Alkirenting.com, Agencias Localiza Rentacar and Bodegas de Usados Renting Colombia, to submit their request within the terms established by law.

Telephone branch office

• To make a complaint about the handling of personal data, the owners of the information can communicate in the following way: National Level(+57- 350 3100757)

E-mail box

• jgarciab@rentingcolombia.com
  gerencia@alkirenting.com
  Likewise, we have channels such as social networks and specialized commercial force. You can also approach any of our branches and submit your application within the terms established by law.

Transferencia y transmisión de datos personales

• Eventually Alkirenting.com, as responsible for the personal information stored in its databases and in the development of the purposes described in this document, may make national or international transfer or transmission of data.

Alkirenting.com  is committed to verify the level of protection and security standards of the country receiving the personal information, make the declaration of conformity (when applicable) and sign a transfer contract or other legal instrument to ensure the protection of personal data transferred. By virtue of this exchange relationship, Alkirenting.com, has adopted several guidelines for the relationship with third parties, in order to protect the information subject of this activity. In order to protect the information, Alkirenting.com will verify if the Superintendence of Industry and Commerce has included the respective country in the list of countries that offer an adequate level of data protection or will review the regulations in force in the country receiving the information, to determine if it has the appropriate conditions to ensure adequate levels of security for the information subject to transmission or transfer.

12. Relationship with third parties and/or persons in charge

In the development of this Policy and internal provisions for the proper handling of personal data, Alkirenting.com will ensure that third parties with whom it is linked or with whom it establishes business relationships, labor or alliances, adapt their conduct to the regime of protection of personal data in Colombia.

In attention to the above, Alkirenting.com, without prejudice to all documentation, models and means provided for the request for authorization for treatment, privacy notices, records and contractual and / or legal coverage, may request third parties and / or managers suitable and relevant information to verify and observe compliance with the provisions contained in this policy and the regime of protection of personal data in Colombia.

In this sense, Alkirenting.com may request third parties and/or persons in charge to prove, before, during or after the relationship that binds them, compliance with the requirements of the personal data protection regime. In such a way that a review and supervision may be requested on an eventual or periodic basis, of compliance with legal and/or contractual requirements, through evidence or support of the management carried out, visits to the facilities of the third party, among other activities that may be coordinated to validate compliance.

13. Cookies

Alkirenting.com in order to improve its service on the website and digital applications, uses its own and third party cookies to optimize the experience of our customers and users, monitor statistical information, present content and advertising related to user preferences when browsing our website, platforms and / or technological and / or digital applications.

The information collected through cookies is encrypted and will not be used to identify and / or disclose user information. Likewise, no user data is collected, such as: number of debit or credit cards, or other financial or credit information. For more information about the use of cookies on the website and digital applications, you can consult the policies on cookies has established or will establish Alkirenting.com.

14. Policy and supplementary guidelines and amendments to this policy

By virtue of this policy, Alkirenting.com may develop policies on specific aspects (for example, cookies policy), as well as guidelines, directives and circulars aimed at its implementation, provided that they are consistent with the regulatory framework and this policy.

This policy may be modified at any time in order to adapt it to new practices that are developed or to legislative or jurisprudential developments in the field. Any update will be made available to the holders of personal information on the site in any other medium deemed relevant, indicating the effective date of the corresponding modification or update, as the case may be.

15. Validity

This Personal Data Processing Policy is effective as of the date of its approval (June 25, 2020).