Policy and General Procedure Regarding Protection of Personal Data
February 2018. V 03

1. General Provisions

  • Article 1: Object
  • Article 2: Definitions
  • Article 3: Guiding principles
  • Article 4: Rights of the data owner
  • Article 5: Duties of the data trafficker

2. Collection, storage, use and security of Personal Data

  • Article 6: Type of Personal Data we collect
  • Article 7: Storage of Data
  • Article 8: Use of Personal Data
  • Article 9: Information security 

3. Authorization, proof and revocation of the use of Personal Data

  • Article 10: Authorization of Personal Data
  • Article 11: Proof of authorization
  • Article 12: Revocation of authorization

4. Procedure for access, consultation, claims, rectification, updating and deletion of Personal Data

  • Article 13: Guarantees of the Right of Access
  • Article 14: Procedure to consult information
  • Article 15: Procedure for handling complaints
  • Article 16: Rectification and update of Personal Data
  • Article 17: Suppression of Personal Data

5. Privacy Notice

6. Final Provisions

  • Article 18: Validity and Changes

1. General Provisions 

Article 1: Object

SUTEX S.A.S. with NIT 860.052.989-1 domiciled in Colombia in the city of Cota-Cundinamarca, due to the philosophy of its Shareholders, it has always been and should always be a Company that complies with current laws and regulations, which is why the responsibilities which has in front of the Company, Customers, Suppliers, Collaborators and Shareholders, is committed to lead permanently a serious and transparent policy, which guarantees the protection of rights such as Habeas Data, privacy, good name, the image, for that purpose all actions will be governed by principles of good faith, legality, computer self-determination, freedom and transparency.

In this sense, in compliance with Statutory Law 1581 of 2012, which establishes the General Regime of Data Protection and Regulatory Decree 1377 of 2013, SUTEX S.A.S. develop this document.

Article 2: Definitions

In accordance with current legislation on the subject, the following definitions are established, which will be applied and implemented, accepting interpretation criteria that guarantee a systematic and comprehensive application, and in line with technological advances, technological neutrality; and the other principles and postulates that govern the fundamental rights that surround, orbit and surround the right of habeas data and protection of personal data.

  • Authorization: Prior, express and informed consent of the owner to carry out the processing of personal data.
  • Database: Organized set of personal data that is subject to Treatment.
  • Personal data: Any information linked to or associated with one or several natural persons determined or determinable.
  • Responsible for the treatment: Natural or legal person, public or private, that by itself or in association with others, perform the processing of personal data on behalf of the controller.
  • Owner: Natural or legal person whose personal data is subject to treatment.
  • Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or suppression.

Article 3: Guiding Principles

SUTEX S.A.S. apply the following specific principles that are established below, which constitute the rules to follow in the collection, handling, use, processing, storage and exchange of personal data:

Principle of legality: In the use, capture, collection and processing of personal data, will be applied to the current and applicable provisions governing the processing of personal data and other related fundamental rights. 

Principle of freedom: The use, capture, collection and processing of personal data can only be carried out with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal, statutory, or judicial mandate that relieves consent.

Principle of purpose: The use, capture, collection and processing of personal data to which it has access and are collected and collected by SUTEX SAS, will be subordinated and serve a legitimate purpose, which should be informed to the respective owner of the data personal.

Principle of truth or quality: The information subject to use, capture, collection and processing of personal data must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

Principle of transparency: In the use, capture, collection and processing of personal data must guarantee the right of the Holder to obtain from SUTEX SAS, at any time and without restrictions, information about the existence of any type of information or personal data that is of interest or ownership.

Principle of access and restricted circulation: Personal data, except public information, may not be available on the Internet or other means of dissemination or mass communication, unless the access is technically controllable to provide restricted knowledge only to the Owners or authorized third parties. For these purposes the obligation of SUTEX S.A.S., will be medium.

Principle of security: The personal data and information used, captured, collected and subject to treatment by SUTEX SAS, will be subject to protection to the extent that technical resources and minimum standards so permit, through the adoption of measures technological protection, protocols, and all kinds of administrative measures that are necessary to provide security to electronic records and repositories, preventing their adulteration, modification, loss, consultation, and in general against any use or unauthorized access.

Principle of confidentiality: Each and every one of the people who administer, manage, update or have access to information of any kind found in databases or databases, undertake to keep and keep strictly confidential and not disclose it to third parties , all personal, commercial, accounting, technical, commercial or any other information provided in the execution and exercise of their functions. All persons who currently work or are linked to the future for this purpose, in the administration and management of databases, must sign an additional document or other to their employment contract or service provision to ensure such commitment. This obligation persists and is maintained even after the end of its relationship with any of the tasks included in the Treatment.

    Article 4: Rights of the data owner

    The holder of personal data will have the following rights:

    Know, update and rectify your personal data in front of SUTEX S.A.S. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized.

    Request proof of the authorization granted to SUTEX S.A.S except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of law 1581 of 2012 and other complementary and concordant rules.

    Submit to the Superintendence of Industry and Commerce complaints for infractions of the provisions of law 1581 of 2012 and the other rules that modify, add or complement.

    Access free of charge to your personal data that have been subject to processing.

    Article 5: Duties of the data trafficker

    SUTEX S.A.S. takes reasonably relevant measures to protect the information under treatment, through the use of security technologies and procedures that limit, as far as possible, access to its databases. However, no system is impregnable or free of errors, so that the security of information can not be fully guaranteed. Next, the duties as information traffickers are related:

    Guarantee the Holder, at all times, the full and effective exercise of the right of habeas data.

    Request and keep, under the conditions established in the laws in force, a copy of the respective authorization granted by the Holder.

    Properly inform the Holder about the purpose of the collection and the rights that assist him by the authorization granted.

    2. Collection, storage, use and security of Personal Data

    Article 6: Type of Personal Data that we collect

    Depending on the service provided to you, the Personal Data collected may include, without limitation, the following:

    • General identification and contact information
    • Name, address, e-mail and telephone details, sex, marital status, family environment, date of birth, passwords, educational level, physical attributes, activity records (such as traffic history), photos, work history, skills and experience
    • Identification numbers issued by government agencies or agencies
    • Number of Citizenship Certificate, Social Security Entities, Passport Number, Tax Identification Number, Military Passport Number, Driver's License Number or other identification number that is considered public or available to the public through mechanisms of physical or electronic consultation.
    • Financial, banking and accounting details
    • General balances, financial statements, budgets, etc.
    • Information about workers, remuneration schemes, work days, and in general everything developed with the company's labor matters.

    In certain cases, we may receive sensitive information about union membership, religious beliefs, political opinions, family medical history or genetic information (for example, if you request insurance through a business partner that is a commercial, religious or political organization). In addition, we can obtain information on criminal records or history of civil litigation during the process of prevention, detection and investigation of fraud.

    In any case, the personal data that the owner authorizes to be treated by SUTEX S.A.S. they are all those who, because of their relationship, have been provided by him.

    This information will be used, with privacy, in accordance with this policy, which contemplates the extent of the use of personal data by SUTEX S.A.S.

    Article 7: Storage of Personal Data

    SUTEX S.A.S. Keep the information for as long as is reasonable and necessary, according to the purposes that justified the collection of it. Once the information is not necessary for the purposes described, the personal data collected will be deleted.

    In labor matters, the information provided in the resumes or during the selection process, will be conserved so that the contractual relationship is not generated, with the purpose of considering these people for future calls.

    Article 8: Use of Personal Data

    We use this Personal Data to:

    Achieve an efficient communication related to our products, offers, promotions, studies and competitions as part of our commercial activity.

    Send you emails, text messages and make phone calls, for advertising purposes, so you can learn about our promotions, products, collections launches, new fashion trends.

    Send you important information about changes in our policies, other terms and conditions, changes to the site and other information of an administrative or commercial nature.

    In accordance with our legal and corporate obligations, prevent, detect and investigate crimes, including fraud and money laundering, and analyze and manage other commercial risks.

    Carry out technical-actuarial studies, statistics, research and market analysis, including satisfaction surveys.

    Manage our infrastructure and our business operations; and comply with internal policies and procedures, including those related to audits, finances, accounting, billing, collection, Information Technology systems, data hosting, websites, business continuity; and management of records, documents and printing.

    Comply with applicable laws and regulatory obligations (including laws other than their country of residence), such as those related to the fight against money laundering and terrorism; comply with legal processes, and respond to requests from public and governmental authorities (including those other than their country of residence).

    Establish and defend the rights to which there is a place

    Regarding the disclosure of information to third parties, SUTEX S.A.S. may share the information with third parties, as long as it is necessary to carry out a legitimate business activity, related to serving their clients and improving their services and also by virtue of compliance with legal requirements or as permitted by law, to protect your property and rights.

    Article 9: Information security

    SUTEX S.A.S. will adopt the corresponding technical, physical, legal and organizational measures that are related to the privacy and data security laws. If you believe that your interaction with us is no longer secure (for example, if you believe that the security of Personal Data that you may share with us may be compromised), please notify us immediately. (See Chapters 4: Access, consultation, claims, rectification, updating and deletion of Personal Data and Chapter 5: Privacy Notice)

    The person responsible for processing the personal data of the owner is SUTEX S.A.S., following the technical, human and administrative measures necessary to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access. Likewise, SUTEX S.A.S. is obliged to guarantee the reservation of information to personnel that is not duly authorized by the owner.

    If SUTEX S.A.S. provide Personal Data to a service provider, it will be selected carefully and must use the appropriate measures to protect the confidentiality and security of Personal Data.

    3. Authorization, proof and revocation of the use of Personal Data

    Article 10: Authorization of Personal Data 

    The owner authorizes in a free, prior, clear, express, voluntary and informed manner SUTEX S.A.S. to perform operations on your personal data such as collection, storage, use, circulation or deletion, for the purposes related to the object of the subscribed contract, including audits, audits, statistical processes or review by external legal advisors, under the criteria established in Law 1581 of 2012, Regulatory Decree 1377 of 2013 and other regulations that regulate the subject and the policy on the use of personal data that is in force in the organization.

    The previous authorization includes the possibility of sharing, transmitting, delivering, supplying, transferring or disclosing personal information, personal information, to third parties, natural or legal persons. For this SUTEX S.A.S. will inform the owner beforehand.

    Article 11: Proof of authorization

    SUTEX S.A.S. it will use the mechanisms it currently has and will implement and adopt the necessary actions to maintain records or technical or technological mechanisms suitable for when and how it obtained authorization from the holders of personal data for the treatment thereof. To comply with the above, physical files or electronic repositories made directly or through third parties hired for that purpose may be established.

    Article 12: Revocation of authorization

    The holders of personal data may revoke the consent to the processing of their personal data at any time, provided it is not prevented by a legal or contractual provision. For this, we invite you to consult in chapter 4, the procedures that SUTEX S.A.S. established for that purpose.

    In all cases, it must be borne in mind that there are two ways in which revocation of consent can occur. The first one can be about the totality of the consented purposes, that is, that SUTEX S.A.S. must stop dealing with the owner's data completely; the second, can occur on certain types of treatment, such as for advertising or market research purposes. With the second modality, that is, the partial revocation of consent, they are kept safe for other purposes of the treatment that the person in charge, in accordance with the authorization granted, can carry out and with whom the owner agrees.

    4. Procedure for access, consultation, claims, rectification, updating and deletion of Personal Data

    Article 13: Guarantees of the Right of Access

    SUTEX S.A.S. guarantee the right of access when, after proof of the identity of the owner, legitimacy, or personality of its representative, making available to him, at no cost or expense, in detail and detailed, the respective personal data through all types of medium, including the electronic means that allow direct access of the Holder to them.

    This access must be offered without any limit and must allow the owner the possibility of knowing and updating them online.

    Article 14: Procedure to consult information

    The Holders may consult the personal information that reposes in any database of SUTEX S.A.S.

    The legal area of ​​SUTEX S.A.S. will be responsible for answering your questions. The appropriate channel for the holder to make them is through the email

    The consultation will be attended within a maximum term of ten (10) working days counted from the date of receipt of the same. When it is not possible to attend the consultation within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

    Article 15: Procedure for handling complaints

    The Holder that considers that the information contained in the database of SUTEX SAS, should be subject to correction, updating or deletion, or when the alleged breach of any of the duties contained in law 1581 of 2012 is noticed, may present a claim before SUTEX SAS through the email, which will be processed by the legal area under the following rules:

    The claim will be formulated by means of a request addressed to SUTEX SAS, indicating the name and identification of the Holder, the contact details, the clear and precise description of the personal data with respect to which the Holder seeks to exercise any of their rights, the description of the facts that give rise to the claim and / or the documents that you want to assert as evidence. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it shall be understood that the claim has been abandoned.

    The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to meet the claim within said term, SUTEX SAS will inform the interested party of the reasons for the delay and the date on which his claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first term

    Article 16: Rectification and updating of Personal Data

    SUTEX S.A.S. has the obligation to rectify and update at the request of the owner, the information of the latter that is incomplete or inaccurate, in accordance with the procedure and the terms indicated above. In this regard, the following will be taken into account:

    • In the requests for rectification and updating of personal data, the owner must indicate the corrections to be made and provide the documentation that supports their request. 
    • SUTEX S.A.S., has full freedom to enable mechanisms that facilitate the exercise of this right, as long as they benefit the owner. Consequently, electronic or other means may be enabled that you consider pertinent. SUTEX S.A.S. You can establish forms, systems and other simplified methods, which must be informed in the privacy notice and that will be made available to those interested in inserting media.

    Article 17: Deletion of data

    The owner has the right, always, to request SUTEX S.A.S., the deletion (deletion) of your personal data when:

    Consider that they are not being treated in accordance with the principles, duties and obligations set forth in the current regulations.

    They have ceased to be necessary or pertinent for the purpose for which they were collected.

    The period necessary to fulfill the purposes for which they were collected has been exceeded.

    Regarding the right of deletion or cancellation of data, it is pertinent to bear in mind that this is not absolute and SUTEX S.A.S. You can deny the exercise of it when:

    The Holder has a legal or contractual duty to remain in the database.

    The elimination of data hinders judicial or administrative actions linked to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.

    The data are necessary to protect the legally protected interests of the Holder, to carry out an action based on the public interest, or to comply with an obligation legally acquired by the Holder.

    In accordance with the law, if you wish to have your data deleted from our database, you must expressly state it to the e-mail, otherwise, you will be deemed to authorize us to store, update and update them. constantly used by Company personnel. Likewise, we remind you that you have the right to request at any time its correction, update or deletion, in the terms established by Law 1581 of 2012.

    5. Privacy Notice

    SUTEX S.A.S. wants to have an excellent relationship with all its customers, suppliers, collaborators, shareholders and with society in general, and to proceed in this way and complying with Law 1581 "By which general provisions are issued for the protection of personal data" and the Regulatory Decree 1377 of 2013, you, as the owner of your data, can consult this document of Treatment of Personal Data, and the Privacy Notice of SUTEX SAS through access to our website

    It is important for us that you continue to be an active part of SUTEX S.A.S.

    6. Final Provisions

    Article 18: Validity and Changes

    SUTEX S.A.S. reserves the right to modify this policy without prior notice. The changes made will not affect the obligations or security required by current regulations. The changes made may be announced to users through the website and / or via email, however, you should check our website frequently to see recent changes.

    This document may be supplemented, expanded, modified, according to the National Constitution, the Law and other complementary and concordant norms in accordance with Colombian regulations.