FRACTALIS PRIVACY AND PERSONAL DATA POLICY
Responsible for the treatment
Fractalis, identified with NIT 1010200555 and address at Carrera 52A #5b 68, Barrio Nueva Tequendama, Cali, telephone 321 455 3834, website https://fractalis-astra.com and email support.fractalis@gmail.com, is responsible for the Processing of Personal Data according to the provisions of Law 1581 of 2012 and Decree 1074 of 2015.
This privacy policy applies to clients and any person whose Personal Data is processed by Fractalis, including workers, suppliers, visitors and third parties.
Fractalis collects, manages and protects personal data under appropriate security measures to prevent loss, misuse or unauthorized use, and alterations. These data are used for the established purposes and those informed at the time of collection, complying with current regulations.
Definitions
The terms used with an initial capital letter that are not expressly defined in this Policy will have the definition assigned to said terms in Law 1581 of 2012 and its regulatory decrees or the rules that modify, complement or replace them:
|
Term |
Definition |
|
Authorization |
It is the prior, express and informed consent of the Owner for Fractalis to carry out Treatment on their Personal Data. |
|
Database |
Refers to the organized set of Personal Data subject to Processing. |
|
Personal Data |
It is any information of any type, linked or that can be associated with one or several specific or determinable natural persons. |
|
Public Data |
These are Personal Data that, according to the law or the Political Constitution, are not semi-private, private or sensitive. They include information such as marital status, profession or trade, status as a merchant or public servant, and other data accessible without restriction. These data may be contained in public records, official documents, gazettes, official bulletins and enforceable judicial rulings not subject to confidentiality. |
|
Sensitive Data |
These are Personal Data whose processing could affect the privacy of the Owner or lead to discrimination. They include information such as union affiliations, racial or ethnic origin, political orientation, religious, moral or philosophical convictions, membership in unions or social, human rights or political organizations, data relating to health, sexual life and biometric data. |
|
In charge |
It is the natural or legal person, public or private, who, by themselves or in association with others, carries out the Treatment on behalf of Fractalis. |
|
Law |
It refers to Law 1581 of 2012, Decree 1074 of 2015, Sentence C-748 of 2011, the jurisprudence of the Constitutional Court related to personal data that establishes precedents, and any current government regulation that regulates the legal precepts applicable to the treatment. of personal data by Fractalis. These regulations may be modified periodically, and any changes will apply to the treatment carried out by Fractalis. |
|
Policy |
It is the document that establishes the information processing policy, providing guidance and guidelines on the protection of personal data. It includes the complete identification of the person responsible (name, company name, address, address, email and telephone), the forms of data processing, the purposes for which they are used, the rights of the data owners, the procedures for exercise these rights through queries and complaints, and the person or agency responsible for addressing the queries of the owners. |
|
Responsible |
It is the person who legally and materially decides on the Database that for the purposes of this Policy is Fractalis. |
|
Headline |
It is the natural person to whom the Personal Data refers, which is found in a Database, who is entitled to the rights of habeas data. Among them, clients, potential clients, workers, candidates, former employees, visitors, suppliers, among others. |
|
Transfer |
It is the Processing that involves sending Personal Data to a recipient, who is Responsible and is located outside or inside the country. In the Transfer, the recipient will act as a responsible party and will not be subject to the terms and conditions of this Policy. |
|
Transmission |
It is the Treatment that involves the communication of Personal Data within or outside the territory of the Republic of Colombia when its purpose is to carry out Treatment on behalf of the person responsible. In the Transmission, the recipient will act as Processor and will be subject to the Policy or the terms established in the Transmission contract. |
|
Treatment |
It includes all systematic operations and procedures, electronic or not, that allow the collection, conservation, ordering, storage, modification, relationship, use, circulation, evaluation, blocking, destruction and, in general, the processing of personal data. |
Origin of information
Fractalis collects and processes Personal Data that comes from various sources, such as its web portal https://fractalis-astra.com , the email support.fractalis@gmail.com, the telephone number 321 455 3834, as well as social networks such as Facebook, Instagram and TikTok, commercial negotiations, contracts, public directories, formats and/or forms authorized by clients, potential clients, potential employees, workers, former employees, suppliers and other data holders.
This information includes identification data, contact data, payment data for clients and potential clients; identification, contact, image, voice, financial information, sensitive data such as medical information and biometric data, and professional information for workers, potential workers and former workers; contact data, identification, demographic data, licenses, vehicle information, and biometric data such as fingerprint for suppliers; as well as contact information, identification data, personal image, voice, among others, for visitors. Sensitive Data will be treated with the greatest diligence and appropriate security, limiting access only to authorized personnel to preserve their privacy.
Fractalis uses Personal Data for various purposes, subject to the specific conditions established in each authorization:
For clients and potential clients, this includes confirmation, updating and verification of information and identity; establishment and management of contractual relationships; contact for commercial purposes, marketing and management of the contractual relationship; conducting satisfaction and quality surveys; verification and management of compliance with legal and contractual obligations, including the prevention of fraud and money laundering.
For workers, potential workers and former workers, they are used to comply with legal and contractual obligations; proper execution of the employment contract; compliance with internal Fractalis policies; information and communications systems administration; generation of backup copies; and validations necessary for employment.
For suppliers, they are used for compliance with legal and contractual obligations; correct execution of the contract; compliance with internal policies; verification of compliance with obligations; and identity verification.
For visitors, they are used to maintain the security of the facilities; carry out internal administrative processes; and comply with legal and contractual obligations. It is the responsibility of the owners to guarantee the veracity of the data provided. Fractalis implements technical and administrative security measures to protect Personal Data under its responsibility, although owners must be aware that these measures are continually reviewed and improved.
Authorization
All Treatment will be preceded by obtaining the Authorization of the Owners, whenever the Law requires it. To do this, Fractalis, its employees and authorized third parties will collect Personal Data and sign an Authorization form, keeping a copy of this document for future reference.
Rights of the owners:
Fractalis will guarantee the Owners the following rights, which may be exercised following the procedures and forms established in this Policy:
|
Right |
Description |
|
Update |
Update the Personal Data that resides in the Fractalis Databases to maintain its integrity and veracity. |
|
Knowledge, Use and Access |
Know and access your Personal Data and be informed by Fractalis or the Processors, upon request, regarding the use that has been given to your Personal Data. Access may be requested free of charge from Fractalis or the Processors, at least once a month. |
|
Proof |
Request proof of the Authorization granted to Fractalis, unless the Law indicates that said Authorization is not necessary, in accordance with the provisions of Article 10 of Law 1581 of 2012 . |
|
Complaint |
Submit complaints to the Superintendence of Industry and Commerce for violations of the Law when the application and/or claim process before Fractalis has been exhausted beforehand. |
|
Rectification |
Modify the Personal Data managed by Fractalis when they are partial, inaccurate, incomplete, fragmented or misleading. |
|
Suppression |
Request the deletion of your Personal Data from the Fractalis Databases, as long as there is no legal duty or contractual obligation that requires Fractalis to maintain the Personal Data in its Database. In this case, Fractalis will in any case delete the Personal Data once the legal or contractual obligation has been exhausted. |
|
Revocation |
Request the revocation of the Authorization, as long as there is no legal duty or contractual obligation requiring Fractalis to maintain the Processing of Personal Data. |
|
Claim |
Submit complaints to Fractalis or the Processor to correct, update or delete Personal Data. |
|
Application |
Submit requests to Fractalis or the Processor to inform you about the Personal Data that its database has and what use it is being given. |
|
Sensitive Data |
Do not necessarily submit Sensitive Data to be Processed by Fractalis. This is to the extent that no activity may be conditioned on the Owner providing Sensitive Personal Data since providing this type of information will always be optional. |
The Holders may exercise their rights enshrined in the Law and carry out the procedures established in this Policy by presenting an identification document.
Minors may exercise their rights personally or through their parents or adults who have parental authority, who must prove it through the relevant documentation. Those authorized must present the respective accreditation that authorizes them to exercise the rights of the Owners.
Fractalis has a specific area for the protection of Personal Data, called the queries, complaints and claims area. This unit is supported by dedicated staff who manage queries and complaints in accordance with the Law and this Policy. Its functions include addressing and receiving queries, claims and other requests from the owners, processing and responding to those that are appropriate according to the Law and this Policy. This includes requests such as updating, knowledge, deletion and revocation of authorization of Personal Data, in addition to providing information about the processing and purposes of said data. The contact details of the Legal Department, responsible for issues related to personal data, are:
Data Protection Officer:
Customer service area, attention to complaints and claims.
Email address :
support.fractalis @gmail.com
Phone:
321 455 3834
Address:
Carrera 52A #5b 68, Nueva Tequendama neighborhood, Cali
8.1. Attention to queries:
Fractalis has procedures so that the Owner, his successors, representatives and/or attorneys, those legitimized by stipulation in favor of another or by law, or the representatives of minor Owners, can make INQUIRIES about the Personal Data stored in the Bases. of Fractalis Data, the Treatment to which they are subject and the purposes they seek to satisfy. Queries can be sent to the email support.fractalis@gmail.com. Fractalis will keep a record of the queries and their responses.
As data controller, Fractalis will respond to queries within a maximum period of ten (10) business days from the date of receipt. If Fractalis considers that the applicant does not have the right to make the consultation, it will inform the applicant accordingly. If for any reason the request cannot be attended to within the initial deadline, the applicant will be contacted to explain the reasons and establish a new deadline, which in no case will exceed five (5) business days following the expiration of the first deadline. Fractalis will use the same or a similar medium as that used for the initial inquiry to respond.
In all cases, the final response to requests will not exceed fifteen (15) business days from the date of receipt of the initial request by Fractalis.
8.2. Claims
Fractalis has mechanisms so that the Owner, his successors, representatives and/or attorneys-in-fact, those legitimized by stipulation in favor of another or by law, or the representatives of minor Owners, can make Claims to rectify, update or delete their Data. Personal. Complaints can be sent to email support.fractalis@gmail.com. Fractalis will retain evidence of the complaint and your response.
The claim must be submitted electronically to the aforementioned email address and include the following elements:
- Name and identification document of the Owner.
- Description of the facts that motivate the claim and the specific request (update, correction, deletion or fulfillment of duties).
- Address and contact information of the claimant.
- Supporting documentation, if applicable.
If the claim or documentation is incomplete, Fractalis will require the claimant to correct the deficiencies within five (5) business days of receipt of the claim. If these conditions are not met within two (2) months from the date of the initial claim, the claimant will be deemed to have withdrawn.
Fractalis will include a legend in the Database where the Owner Data subject to the claim resides, indicating "claim in process" and its reason, within a maximum period of two (2) business days from receipt of the complete claim. This legend will remain until the claim is decided.
The maximum period to resolve the claim will be fifteen (15) business days from the day following its receipt. If it is not possible to resolve it within this period, the interested party will be informed of the reasons for the delay and the estimated response date, which may not exceed eight (8) business days following the expiration of the first deadline.
It is important to note that the person responsible for this process may change, but the contact information specified in this Policy will remain constant, so it will not be necessary to update the Policy due to changes in the responsible personnel.
Modifications:
Fractalis reserves the right to modify or update this policy at any time. Whenever the Policy is substantially modified, the Owners will be notified. The Personal Data that is stored, used or transmitted will remain in our Database, based on the criteria of temporality and necessity, for as long as it is necessary for the purposes mentioned in this Policy, for which they were collected.
Shopify:
The Fractalis website is hosted on Shopify Inc. They provide the online e-commerce platform that allows us to sell our products and services to you.
Personal Data is stored through Shopify's data storage, databases, and the general Shopify application. Personal Data is stored on a secure server behind a firewall.
Payment:
If the customer chooses a direct payment gateway to complete their purchase, then Shopify stores their credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only to the extent necessary to complete the purchase transaction. After the purchase is completed, the purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as outlined by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard,.
For a clearer overview, Owners can read the Shopify Terms of Service here
Validity:
This Policy applies as of June 15, 2021 and the period of the databases will have a validity equal to the period in which the purpose or purposes are maintained, or the period of validity indicated by a legal, contractual or jurisprudential cause of specific way.
- What do we do with your information?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you provide to us, such as your name, address and email address.
When you browse our store, we also automatically receive your computer's Internet Protocol (IP) address to provide us with information that helps us understand your browser and operating system.
Email Marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
Text Marketing (if applicable): With your permission, we may send you text messages about our store, new products, and other updates. Updates include payment reminders.
Webhooks will be used to activate the purchase reminder messaging system.
