Privacy and Personal Data Protection Policy
Travel Security Strategies Latam
The Company Travel Security Strategies Latam, with registered offices in 888 Biscayne BLVD Suite 505, and identified with [–] number [–] (here in after, the “Company”), fulfilling its obligations under Colombian Legislation, specifically Law 1581 of 2012, Decree 1377 of 2013, and any other law that complements, modifies or adds to Colombian Personal Data Protection Regime, and as Controller for the Processing of Personal Data, the Company discloses this Privacy and Personal Data Protection Policy (here in after, the “Policy”), that regulates the collection, recording, processing, transfer, transmission, protection, and suppression of any information received directly from the data subjects or from third parties, through the different means disposed during the developing of its activities.
For the purposes of this Policy, the words here under defined shall have the meaning assigned in this chapter, written or not with capital letters, singular or plural.
- Consent: Previous, explicit and informed permission or authorization given by the Data Subject for the Controller and/or Processor to process their personal data.
- Database: Organized set of Personal Data that is processed, which may be recorded or processed in computerized servers or physical papers, owned by the Controller or Processor or by a third party, located in national territory or in any other country.
- Personal Data: Any information related to or that may be associated with one or more identified or identifiable natural person.
- Sensitive Data: Personal Data that affects the Data Subject’s intimacy, or whose improper use might result in discrimination, such as Data that reveals racial or ethnic origins, political orientation, religious or philosophic convictions, participation in trade unions, social organizations, human rights organizations or organizations that promote political parties’ interests or that protect and promote political opposition parties’ rights, as well as Data related to health, sexual activity and biometrical data, among others.
- Data Processor: The natural or legal person, public authority, agency or body, public or private in nature, that processes personal data on behalf of the Controller.
- Data Controller: The natural or legal person, public authority, agency or body, public or private in nature, that determines the purposes and means of the processing of the Personal Data. For this Policy, the Controller shall be the Company.
- Data Subject: Natural person whose Personal Data is processed.
- Processing: Any operation or set of operations which are performed upon Personal Data, such as collection, recording, organization, usage, circulation or suppression.
Consent for the Processing of Personal Data
Since the Policy is available for any person who wishes to consult it, the Personal Data Processing done by the Company will count with the previous, free, explicit and informed Data Subject’s Consent, and will be previously authorized when the Data Subject when he or she so expresses, verbally and/or through any physical or electronic document or in any other format, or through any unequivocal conduct such as the mere fact of providing his or her Personal Data, on their own behalf or through a third part, be it (i) directly to the Company or (ii) to third parties that have the authorization to transfer or transmit them to other people.
If the Data Subject wishes that their Personal Data is suppressed from the Company’s Databases, he or she shall express this request during the thirty (30) business days following the submission of their Personal Data or the date in which they become aware of this Policy, by email to [email protected]
The website www.tsslatam.com hereinafter, the “Website”) collects Personal Data through cookies. Using the Website implies the acceptance of this Policy by the Data Subjects who use it. In case Data Subjects do not agree with the terms if this Policy, they should abstain from using the Website. The Data Subject that uses the Webpages acknowledges and accepts that the Company may use a follow-up system through Cookies. The cookies used by the Website are files sent to a navigator through a web server to register the user’s activities in the Website and allow him or her a more fluent and personalized navigation. In any case, the user may change his or her computer settings to prevent, block or erase cookies, under the user’s sole responsibility.
Personal Data Processing
The Company, as Controller, dully authorized as mentioned in the above chapter, and any Processor appointed by the Company, may process the provided Personal Data, which includes the collection, recording, processing, use, update, circulation, administration, assignment, transfer, transmission, protection and suppression of the Personal Data.
Similarly, the Company may, among others, (i) appoint one or more Personal Data Processors; (ii) transfer and/or transmit Personal Data to companies that are part of its corporate group, which are parent companies, subsidiaries or affiliates, as well as any third party, within or outside national territory, be it natural or legal persons, even when the country in which they are established does not have legislation that sets a Personal Data Protection standard lower than the ones currently used in national territory; (iii) provide said Personal Data to agents, subcontractors, and any third party for the consecution of the purposes set forth in the next chapter, and (iv) reveal Personal Data when any public entity dully entitled through administrative or judicial warrant.
Purposes of the Processing of Personal Data
The Company will process Personal Data with the following specific purposes:
- Fulfill its contractual obligations acquired with clients, providers, employees, and any other person with whom it establishes a legal relationship.
- Do basic administrative management activities.
- Provide services and products required, and fulfill any other obligation acquired with the Data Subjects.
- Evaluate the quality of its services.
- Develop marketing and promotional activities.
- Inform about new services related to already contracted or acquired services.
- Develop necessary activities for the management of complaints, requests and claims presented by clients, users and/or third parties, and direct them to the areas in charge of providing the pertinent responses.
- Respond to legal requirements made by judicial and administrative entities.
- Support internal and external auditing processes.
- Control and prevent fraud, money laundering and terrorism financing.
- Develop employee selection, evaluation, and hiring processes.
- Register employees, former employees and/or third parties’ information.
- Manage social security system affiliations and payments.
- Among others
Data Subjects’ Rights
Data Subjects are entitled to the following rights: know, update, and request correction or suppression of their Personal Data; request proof of consent; know what use the Company has given to their Personal Data; revoke at any moment the consent for including their Personal Data in the Company’s Databases, and request without cost information of previously authorized Personal Data.
To exercise these rights, Data Subjects may address a communication in the terms provided by Law 1581 of 2012 and Decree 1377 of 2013 to the email address [email protected] to physical address 888 Biscayne Blvd Suite 505 in Miami, Florida.
Security Measures for the Protection of Personal Data
The Company will adopt the security techniques necessary to provide security to registries, avoiding altering, loss, or unauthorized or fraudulent consultation, use or access. These measures will satisfy current minimum legal requirements, and their effectiveness will be periodically evaluated. However, the Company will not be liable if there is a violation of its security systems due to force majeure or other unforeseen circumstances.