PERSONAL DATA PROCESSING POLICY
COMPLIANCE FRAMEWORK
In compliance with Article 15 of the Political Constitution of Colombia, Statutory Law 1581 of 2012, Law 1712 of 2014, Decrees 2952 of 2010, 1377 of 2013, 886 of 2014, circulars, regulations and other rules that complement, modify, or replace them, regarding the protection of personal information; Workobot S.A.S. updates its policy for the processing of personal data.
DATA PROCESSING POLICIES
DATA CONTROLLER
Corporate Name: WORKOBOT SAS
Address: Bogotá D.C. – Republic of Colombia
Tax ID (NIT): 901.045.627-1
Physical Address: CALLE 100 13 44 AP 502
Email: administracion@workobot.com
Phone: 3112268641
Hereinafter and for the purposes of this Data Processing Policy, the terms “Controller” and/or “Workobot” shall be used interchangeably to refer to the legal entity identified above.
DEFINITIONS
| Term | Definition |
|---|---|
| Shareholder | A natural or legal person holding legal title to the shares that comprise the company’s share capital. |
| Privacy Notice | Verbal or written communication from the controller to the data subject informing them of the applicable data processing policies, how to access them, and the purposes of processing. |
| Database | An organized set of personal data that is subject to processing. |
| Client | Natural or legal person to whom WORKOBOT provides services under its corporate purpose. |
| Personal Data | Any information linked or that may be associated with one or more identified or identifiable natural persons. |
| Private Data | Information of an intimate or reserved nature relevant only to the data subject. |
| Public Data | Information not classified as private, semi-private, or sensitive, such as marital status, profession, or status as a merchant or public servant. |
| Semi-Private Data | Information not of intimate or reserved nature nor public, with potential interest to a specific group, such as financial or credit data. |
| Sensitive Data | Data affecting the privacy of the holder or potentially causing discrimination (e.g., racial origin, health data, sexual orientation, political views, etc.). |
| Employee | A natural person providing services to WORKOBOT under an employment contract. |
| Data Processor | Natural or legal person, public or private, that processes personal data on behalf of the controller. |
| Security Incident | Breach of security codes, loss, theft, and/or unauthorized third-party access to database information. |
| Supplier | Natural or legal person who supplies goods or services to Workobot independently. |
| Data Subject | The natural person whose personal data is processed. |
| Data Transfer | When the controller/processor located in Colombia sends data to another controller inside or outside the country. |
| Data Transmission | Communication of personal data inside or outside Colombia for processing by a data processor on behalf of the controller. |
| Personal Data Admin | Employee or contractor in charge of managing personal databases. |
| Security Recordings | Collection of personal data through surveillance systems, including images and video/audio recordings. |
PURPOSE OF THE PERSONAL DATA PROCESSING POLICY
WORKOBOT defines criteria for collecting, storing, using, circulating, and deleting data, aligned with the purposes described below, and in compliance with data protection regulations.
PRINCIPLES FOR DATABASE PROCESSING
| Principle | Description |
|---|---|
| Legality | Processing will comply with applicable laws in Colombia. |
| Purpose | Data will only be used for purposes informed and authorized by the data subject. |
| Prior Authorization | Information will only be collected with the express and informed consent of the data subject. |
| Quality and Accuracy | Data will be truthful, complete, accurate, current, verifiable, and understandable. |
| Transparency | Full and detailed access to information will be guaranteed to data subjects. |
| Restricted Circulation | Only authorized persons under confidentiality agreements will process data. |
| Security | Reasonable security measures will be applied to protect databases from unauthorized access. |
| Confidentiality | All handlers must sign confidentiality agreements which remain binding indefinitely, regardless of employment status. |
PERSONAL INFORMATION COLLECTED
Personal information refers to identifying data such as name, address, phone number, email address, and any other data required to deliver requested services or respond to inquiries. WORKOBOT will only use such information in accordance with this Privacy Policy.
RIGHTS OF DATA SUBJECTS
WORKOBOT guarantees the following rights to personal data holders:
-
Right to Access and Update: Know, update, and correct personal data.
-
Right to Evidence: Request proof of authorization given to the company.
-
Right to Deletion: Request deletion of data when no legal or contractual obligation prevents it.
-
Free Access: Receive free access to data and documents regarding authorizations.
-
Information Use Disclosure: Be informed about how their data has been used.
-
Revocation: Revoke consent when constitutional or legal guarantees are not respected.
-
Complaints: File complaints before the Superintendence of Industry and Commerce (SIC).
-
Right to Abstain: Refuse to answer questions about sensitive data.
These rights may be exercised by presenting an official ID or equivalent documents, and in the case of minors, through legal guardians.
PROCESSING AND PURPOSE
Data processing will include the collection, storage, updating, use, circulation, or deletion of information, either physically or automatically, for the following purposes:
-
Customer Service (PQR Management)
-
Employee and Administrative Management
-
Client Loyalty Programs
-
Document Entry/Exit Registration
-
Consulting, Auditing, and Related Services
-
Billing and Accounting
-
Supplier Management
-
Legal and Judicial Procedures
-
Marketing and Commercial Prospecting (e.g., opinion surveys, segmentation, direct marketing)
-
Human Resources: payroll, training, job promotion and selection
-
Security: building access control
-
Data Update Campaigns
-
Verification of Legal, Technical, or Financial Requirements
-
Internal Communications
SCOPE
This policy applies to all information collected, stored, used, and/or transferred by WORKOBOT as data controller, and classified according to the data subjects in its databases, ensuring data protection and the fulfillment of the company’s corporate purpose.
DATA RETENTION PERIOD
Data will be retained for up to 10 years after the termination of the relationship with the data subject unless:
-
Employee Data: Retained indefinitely for social security obligations.
-
Recruitment Data: Retained for 5 years.
-
Request for Deletion: Processed unless retention is required for legal defense or obligations.
DATA PROCESSORS
Authorized personnel responsible for customer service and administration may handle data. Contact information:
-
Phone: +57(1) 3112268641
-
City: Bogotá D.C., Colombia
-
Email: administracion@workobot.com
REQUESTS, COMPLAINTS, AND CLAIMS (PQR)
Data subjects may submit requests, complaints, or claims by email. These must include:
-
Identification of the requester
-
Description of the facts
-
Clear and specific request
-
Full contact information
The PQR must be written in Spanish. If the PQR is unclear, WORKOBOT may request clarifications within 5 days. If there is no response within 2 months, the request will be closed. The company must respond within 15 business days of receiving the request or clarification.
PROCESSING OF SENSITIVE DATA
Sensitive data will only be processed with prior consent unless legally exempt. Sensitive data includes racial or ethnic origin, political opinions, religious or philosophical beliefs, union memberships, health, sex life, and biometric data. Only authorized personnel may access this data, and strict security measures will apply.
SECURITY MEASURES
WORKOBOT has implemented reasonable technological, administrative, and human measures to prevent loss, unauthorized access, or misuse of personal data. All staff are required to maintain confidentiality.
CHILDREN AND ADOLESCENT DATA
Data of minors under 18 will only be processed with express consent from their parents or legal guardians. The data processing will always prioritize the best interest of the child and ensure the respect of their fundamental rights.
TRANSFER OF DATA TO THIRD COUNTRIES
Data may not be transferred to countries without adequate protection levels unless:
-
The data subject has given express authorization.
-
It involves banking or stock transfers.
-
It is based on international treaties.
-
It is necessary for contract performance or legal requirements.
EFFECTIVE DATE AND RETENTION PERIOD
This policy remains effective indefinitely. Data will be deleted after 10 years unless:
-
Required by law.
-
Necessary for social security.
-
Related to COVID-19 biosecurity protocols (retained up to 6 months).
-
Related to security footage (retained as long as necessary).
INFORMATION SECURITY
In accordance with the principle of security, WORKOBOT has implemented appropriate measures to ensure the integrity and confidentiality of personal data, and restricts access to authorized individuals only.
JUAN SEBASTIAN MALDONADO VILLA
Legal Representative
WORKOBOT S.A.S.
