Personal Data Protection Policy

In Khemik we are committed to the protection and promotion of workers' health, ensuring their physical integrity through risk control, continuous process improvement and environmental protection.

We assume responsibility at all levels of management, promoting a healthy and safe work environment, complying with applicable legal requirements, linking interested parties in the Occupational Health and Safety Management System and allocating human, physical resources and financial necessary for health and safety management.

We develop programs that foster a preventive and self-care culture. We intervene proactively working conditions that can cause accidents or occupational diseases, absenteeism and eventual emergencies.

All employees, contractors and temporary employees have a responsibility to comply with safety standards and procedures, in order to perform a safe and productive work. We also promptly notify all those conditions that may generate consequences and contingencies for employees and the organization.

GENERAL

KHEMIK guarantees the protection of the rights to privacy, privacy, good name and image of all our customers, suppliers, employees, former employees, contractors and other holders of personal data that rest in our databases.

DEFINITIONS

  1. Authorization : Prior, express and informed consent of the owner of the information to carry out the processing of your personal data.
  2. Privacy notice : Verbal or written communication generated by the Responsible addressed to the Holder for the processing of their personal data, by means of which they are informed about the existence of the Information Processing policies that will be applicable, how to access them and the purposes of the Treatment that is intended to give personal data.
  3. Database : Organized set of personal data that is subject to Processing.
  4. d) Personal data: Any information linked or that may be associated with one or more specific or determinable natural persons.
  5. Private data : It is the data that due to its intimate or reserved nature is only relevant for the owner.
  6. Sensitive data : Sensitive data means those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights or that promotes interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
  7. Person in Charge of the Treatment : Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of personal data on behalf of the Person Responsible for the Treatment.
  8. Responsible for the Processing : Natural or legal person, public or private, that by itself or in association with others, decides on the basis of the data and / or the Treatment of the data.
  9. Owner : Natural person whose personal data is subject to Treatment.
  10. Treatment : Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion thereof.

GENERAL PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

The principles set out below constitute the general parameters that will be respected by KHEMIK in the processes of collection, use and processing of personal data.

​​
  1. Principle of Legality : The processing of personal data shall conform to the provisions of the Constitution, the law and these regulations.
  2. Principle of purpose : The processing of personal data collected by KHEMIK must obey a legitimate purpose of which the owners of such information must be informed.
  3. Principle of freedom : The treatment can only be carried out with the prior, express and informed consent of the holder. Personal data may not be obtained or disclosed without prior authorization or in the absence of a legal or judicial mandate, which relieves consent.
  4. Principle of truthfulness or quality : The information subject to treatment must be truthful, complete, accurate, updated and understandable. The processing of partial, incomplete, fractional or error-inducing data is prohibited.
  5. Principle of transparency : In the treatment, the right of the holder to obtain information about the data that concerns him or her at any time and without restrictions must be guaranteed.
  6. Principle of access and restricted circulation : Personal data, except public information, may not be available on the Internet, or other means of communication or mass disclosure, unless access is technically controllable to provide restricted knowledge only to holders or authorized third parties.
  7. Security principle : The information subject to treatment by KHEMIK must be protected through the use of technical, human and administrative measures, which are necessary to grant security to the records, avoiding their adulteration, loss, consultation or unauthorized or fraudulent use.
  8. Principle of confidentiality : All persons involved in the processing of personal data, are obliged to guarantee the reservation of information, even after having terminated their relationship with any of the activities that it includes that treatment.

OBJECTIVE

Define procedures for the collection, handling and processing of personal data carried out by KHEMIK SAS, in order to guarantee and protect the fundamental right of habeas data of its business associates within the framework established by law. < / p>

SCOPE OF APPLICATION

This manual will be applicable to personal and commercial data registered in the different databases managed by KHEMIK, for labor, financial and commercial purposes, among other activities related to the corporate purpose of the organization.

The information that KHEMIK collects may include, in whole or in part according to the needs for which the information is collected, among others the following data:

  • Names and surnames
  • Type and identification number
  • Nationality and country of residence
  • Date of birth and gender
  • Marital status and / or relationship in relation to minors or disabled persons requesting our services
  • Fixed and cellular contact phones (personal and / or work)
  • Postal and electronic addresses (personal and / or work)
  • Profession or trade
  • Company in which he works, worked and position
  • Labor, commercial and personal references
  • Affiliations to EPS, ARL, Pensions, AFP, Life Insurance

This data may be stored and / or processed on servers located at the KHEMIK headquarters, which is authorized by our business associates by accepting this Privacy Policy.

The simple voluntary contribution made by the business associate of your personal or business data constitutes acceptance of these terms and conditions and consequently tacitly authorizes us to process your personal data.

In some formats, the business associate is required to voluntarily provide personal or business data, including his or her name or business name, address, email, telephone number, contact information, schooling, work or business history, NIT or Cedula and other data from which your identity can be deduced. KHEMIK may conduct judicial studies, conduct home visits, and occupational medical examinations and all this information voluntarily provided by the business associate.

VERACITY OF INFORMATION

Our owners of the information must provide truthful information about their personal or commercial data in order to make possible the provision of services by KHEMIK, and under whose condition they agree to deliver the required information.

KHEMIK assumes the veracity of the information provided and therefore, assumes no responsibility for damages and / or damages of any nature that may arise from the lack of veracity, validity, sufficiency or authenticity of the information, including damages. that may be due to homonymy or identity theft.

DATABASE

The policies and procedures contained in this manual apply to the databases managed by KHEMIK and which will be registered in accordance with the provisions of the law.

Sensitive Data: The processing of sensitive data will be carried out in accordance with the law and the owner will be informed explicitly and prior to the sensitive data subject to treatment to obtain their consent.

APPLICABLE LEGISLATION

This manual was prepared taking into account the provisions contained in articles 15 and 20 of the Political Constitution, as stipulated in Law 1581 of 2012 "By which general provisions for the protection of personal data are issued", the Decree number 1377 of 2013 “By which Law 1581 of 2012 is partially regulated” and what is ordered in Decree 886 of 2014.

INFORMATION ON CHILDREN AND YOUNGER ADOLESCENTS

KHEMIK will ensure the proper use of personal data of children and adolescents under age, ensuring that their best interests are respected in the processing of their data, and their fundamental rights and, as far as possible, having consider your opinion, as holders of your personal data.

PURPOSES OF THE PROCESSING OF PERSONAL DATA.

The information and personal data collected through KHEMIK are used to carry out financial transactions of payments, collections or refunds, attend legal procedures, make reports, meet requirements of the different national or international control and surveillance administrative authorities, police authorities or judicial authorities, banking entities, insurance companies, for internal and commercial administrative purposes, including market research, audits, accounting reports, statistical analysis, billing, for the execution of labor contracts and service provision, affiliation to the System General of Social Security and complementary activities, identification of fraud and prevention of money laundering and other criminal activities and other purposes indicated in this document, due to the corporate purpose of the company.

By accepting this Privacy and Treatment Policy, our business associates, in their capacity as owners of the data collected, authorize KHEMIK to process them, partially or totally, including the collection, storage, recording, use, circulation, processing, suppression, for the execution of activities related to the services and products purchased.

AUTHORIZATION

The collection, storage, use, circulation or deletion of personal data by KHEMIK requires the free, prior, express and informed consent of the holder thereof. KHEMIK S.A.S, in its capacity as responsible for the processing of personal data, has had the necessary mechanisms to obtain the authorization of the holders guaranteeing in any case that it is possible to verify the granting of said authorization.

RIGHTS OF INFORMATION HOLDERS.

In accordance with the provisions of article 8 of Law 1581 of 2012, the holder of personal data has the following rights:

     
  1. Know, update and rectify your personal data against KHEMIK, as the person responsible for the processing.
  2.  
  3. Request proof of authorization granted to KHEMIK as the Treatment Manager.
  4.  
  5. Be informed by KHEMIK upon request, regarding the use you have given to your personal data.
  6.  
  7. Submit complaints to the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012, once the consultation or claim process has been exhausted before the Treatment Manager.
  8.  
  9. Revoke the authorization and / or request the deletion of the data when the Constitutional and legal principles, rights and guarantees are not respected in the Treatment.
  10.  
  11. Access free of charge to your personal data that have been subject to Treatment.

DUTIES OF THE COMPANY IN RELATION TO THE PROCESSING OF PERSONAL DATA

KHEMIK will keep in mind, at all times, that personal data is the property of the people they refer to and that only they can decide on it. In this sense, they will use them only for those purposes for which they are duly authorized, and in all cases respecting Law 1581 of 2012 on the protection of personal data.

In accordance with the provisions of article 17 of Law 1581 of 2012, KHEMIK undertakes to permanently comply with the following duties:

     
  1. Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data.
  2.  
  3. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  4.  
  5. Timely, update, rectify or delete the data.
  6.  
  7. Process inquiries and complaints made by the Holders.
  8.  
  9. Refrain from circulating information that is being controversial by the Holder and whose blockade has been ordered by the Superintendence of Industry and Commerce.
  10.  
  11. Allow access to information only to people who can access it.
  12.  
  13. Inform the Superintendence of Industry and Commerce when there are violations of security codes and there are risks in the administration of the information of the Holders.
  14.  
  15. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

ACCESS, CONSULTATION AND CLAIM PROCEDURES

RIGHT OF ACCESS :

The power of disposition or decision that the holder has on the information that concerns him, necessarily implies the right to access and know if his personal information is being processed, so as the scope, conditions and generalities of said treatment.

Likewise, the holder has the right to request their rectification in case they are inaccurate or incomplete and to cancel them when they are not being used according to legal, contractual or legal purposes and terms or according to the purposes and terms contemplated in this Privacy Policy. < / p>

Our business associates, can exercise their rights to know, update, rectify and delete your personal data by sending your request to the email: or to the address: Carrera 50 # 79Sur 101 Bodega 58, of the city of the Star, of Compliance with this Privacy Policy.

You must include the following information in the application:

     
  1. Names and surnames.
  2.  
  3. Type of document.
  4.  
  5. Document number.
  6.  
  7. Telephone.
  8.  
  9. Email.
  10.  
  11. Country.

QUESTION ANSWER

In any case, regardless of the mechanism implemented for the attention of requests for consultation, they will be attended within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the query within said term, the interested party will be informed before the expiration of the 10 business days, expressing the reasons for the delay and indicating the date on which his query will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

CLAIMS

In accordance with the provisions of article 14 of Law 1581 of 2012, the Holder who considers that the information contained in a database must be subject to correction, update or deletion, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, may file a claim with the Responsible for Treatment, which will be processed under the following rules:

     
  1. The claim may be submitted by the Holder in the email s.aristizabal @ khemik, as if the claim received does not have complete information that allows it to be processed, a period of 5 days must be given for sending the information that is required.
  2.  
  3. Once the complete claim is received, the corresponding management will be carried out for the resolution of the claim by the owner of the information.
  4.  
  5. The maximum term to handle the claim will be fifteen (15) business days from the day following the date of receipt.

RECTIFICATION AND UPDATE OF DATA

KHEMIK has the obligation to rectify and update, the holder's request, the information of the holder, which turns out to be incomplete or inaccurate, in accordance with the procedure and the terms indicated above. In this regard, the following will be taken into account: In the requests for rectification and updating of personal data, the owner must indicate the corrections to be made and provide the documentation that supports his request.

KHEMIK has full freedom to enable mechanisms that facilitate the exercise of this right, provided they benefit the holder. As a result, electronic or other means that it deems appropriate may be enabled.

KHEMIK may establish forms, systems and other simplified methods, which must be informed in the privacy notice and will be made available to those interested in the website.

DATA SUPPRESSION

The owner has the right, at all times, to request KHEMIK to delete (delete) their personal data when:

     
  1. Consider that they are not being treated in accordance with the principles, duties and obligations set forth in Law 1581 of 2012.
  2.  
  3. They are no longer necessary or relevant for the purpose for which they were obtained.
  4.  
  5. The period necessary for the fulfillment of the purposes for which they were obtained has been exceeded.

AUTHORIZATION REVOCATION

The holders of personal data may revoke the consent to the processing of their personal data at any time, as long as it is not prevented by a legal provision. To do this, they should contact KHEMIK by email: or by phone (4) 3021138

SECURITY MEASURES

In development of the security principle established in Law 1581 of 2012, KHEMIK, has adopted the necessary technical, human and administrative measures to grant security to the records avoiding their adulteration, loss, consultation, use or unauthorized access or fraudulent.

Notwithstanding the foregoing, the owner of the information assumes the risks that arise from delivering this information in a medium such as the Internet, which is subject to various variables - third party attacks, technical or technological failures, among others. KHEMIK will make its best technological effort to guarantee the security of the personal information of all its customers and / or users, using reasonable and current security methods to prevent unauthorized access, to maintain the accuracy of the data and ensure the correct use of the information.

IMPLEMENTATION OF SECURITY MEASURES

KHEMIK will maintain mandatory security protocols for personnel with access to personal data and information systems.

The procedure should consider at least the following aspects:

     
  1. Functions and obligations of staff.
  2.  
  3. Structure of personal databases and description of the information systems that treat them.
  4.  
  5. Procedure for notification, management and response to incidents.
  6.  
  7. Procedures for backing up and recovering data.
  8.  
  9. Periodic checks to be carried out to verify compliance with the provisions of the security procedure that is implemented.
  10.  
  11. The procedure should be kept updated at all times and should be reviewed whenever there are relevant changes in the information system or its organization.
  12.  
  13. The content of the procedure must be adapted at all times to the provisions in force regarding the security of personal data.

PRIVACY POLICY MODIFICATIONS

KHEMIK reserves the right to make changes or updates to this Privacy Policy at any time, for the attention of legislative developments, internal policies or new requirements for the provision or offer of its services or products.

DATA TRANSFER TO THIRD COUNTRIES

The transfer of personal data of any kind to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it meets the standards set by the Superintendence of Industry and Commerce on the subject, which in no case may be lower than those required by this law to its recipients.