About Us

RCCSP y Warranty

Your Contribution to the Environment
Store

Your list is empty, add products to the list to send a request

Regresar a Catálogo

POLÍTICA DE TRATAMIENTO DE DATOS

I. Purpose

NEXSA, identified with Tax ID 900 162 320 – 1, domiciled in the city of Bogotá D.C., Colombia, hereinafter referred to as "NEXSA" for the purposes of this Data Processing Policy, aims to inform the Personal Data Holders that we are guaranteeing the constitutional right and all other applicable legal and general provisions for the protection of the data collected in the databases or files obtained by NEXSA for the purposes set forth herein.

II. Scope of Application

In cases where the Personal Data Holder provides prior express authorization for the processing of their information, this Policy will apply to the Personal Data registered with NEXSA that is subject to special processing.

III. Scope

The provisions of this policy are intended to inform the Personal Data Holders of their rights and the manner in which NEXSA carries out the special processing of information applied to NEXSA's database.

IV. Background

In accordance with the provisions of Law 1581 of October 17, 2012, the National Congress enacted General Provisions for the management and protection of Personal Data, including the rights regime of the data subjects and the obligations of the data controllers and processors, establishing a general framework for Personal Data Protection in Colombia. Subsequently, on June 27, 2013, the National Government issued Decree 1377 of 2013, which regulates the aforementioned law with the purpose of facilitating its implementation in aspects related to the data subject’s authorization, the Data Processing Policies of controllers and processors, the exercise of the rights of data subjects, Personal Data Transfers, and Demonstrated Accountability in Personal Data Processing.

V. Principles

In order to guarantee the right to personal data protection in the course of its commercial activities, NEXSA will obtain, process, collect, transmit, and carry out various operations on the information of Personal Data Holders. Likewise, it is the duty of the delegated personnel and/or those responsible at NEXSA to comply with the provisions of the law, as well as the principles and rules described in this policy.

✓ Express Authorization:

Upon prior express authorization regarding the handling of personal data, NEXSA is automatically authorized to manage the information. For any Personal Data Holder with whom NEXSA has had any type of relationship, a notification will be made using the necessary means in order to obtain retroactive authorization in accordance with the provisions of Decree 1377 and other applicable regulations.

✓ Purpose of the Database

Any activity involving the handling of Personal Data must comply with the purposes stated in this Policy or have the express authorization of the Personal Data Holder, or be governed by the relevant documents that regulate a special Personal Data Processing Policy.

✓ Data Quality:

The Personal Data Holder must provide timely, accurate, clear, truthful, and verifiable information. If the Personal Data Holder provides incorrect, incomplete, or non-existent information, NEXSA is authorized to refrain from establishing a commercial relationship. ✓ Provision of Information to the Data Subject:

When the Personal Data Holder requests it, NEXSA must provide information regarding the existence of Personal Data related to the requester. This information will be provided by the department delegated by NEXSA for personal data protection.

✓ Security:

NEXSA will designate authorized personnel for the handling of Personal Data. Personnel without such authorization shall not be allowed to manage the information or carry out any personal data processing activities.

✓ Duration:

The information collected by NEXSA from the Personal Data Holder shall be processed only for the reasonable time necessary to fulfill the intended purpose.

✓ Confidentiality:

It is NEXSA's duty to guarantee the confidentiality of Personal Data Processing to prevent such information from being used, altered, accessed, or compromised by unauthorized persons.

✓ Confidentiality and Subsequent Processing:

Even after the termination of a contractual relationship or any link between the Personal Data Holder and NEXSA, the data must be treated confidentially by the personnel designated by NEXSA, in accordance with this policy and the law, including data that is not public.

✓ Personal Data Holder:

Natural or Legal Person.

✓ Individuality:

As a Data Processor, NEXSA shall keep separate the databases for which it acts as Data Controller.

✓ Necessity:

Personal Data may only be processed for the duration and to the extent that the purpose of its processing justifies it.

VI. Purpose of the Database

El manejo de la información tratada por NEXSA pertenece a los Titulares de Datos Personales como lo son sus clientes, empleados, proveedores. A su vez al suministrar informacional personal a NEXSA, usted se encuentra manifestando la aprobación del tratamiento de datos conforme al presente documento. Los menores de edad que pretendan establecer una relación comercial o laboral con NEXSA deberán ser representados legalmente por sus padres o acudientes quienes en su representación manifestaran la aceptación de estas políticas y el tratamiento de datos personales de menores de edad. A su vez NEXSA y las personas encargadas o los Titulares de Datos Personales o que en virtud de la ley o un contrato se regirán por estas políticas, lo cual se mantendrá bajo las siguientes finalidades:

✓ Carry out the administrative procedures managed by NEXSA for the inclusion or updating of our database as a Personal Data Holder.
✓ Obtain information about your commercial behavior
✓ Execution and fulfillment of the contracts entered into.
✓ Maintain control and prevention of fraud and money laundering.
✓ Management of accounting and financial information.
✓ Management of Tax Information.
✓ Prevention and control of money laundering and terrorism financing.
✓ Conduct job postings and selection processes.
✓ Inform employees about labor announcements, NEXSA updates, and internal activities.
✓ Carry out the execution and fulfillment of the agreements entered into between NEXSA and any Personal Data Holder.
✓ Establish contact for commercial purposes with our clients and suppliers.
✓ Promote our services and website.
✓ Communicate the Personal Data Holder's information for administrative, operational, and commercial purposes in accordance with this policy and the applicable legal regulations.
✓ Send notices or communications to NEXSA shareholders.
✓ In order to comply with legal and regulatory provisions through the collection of personal information for its processing, NEXSA commits to fulfilling all other responsibilities arising from this action.
✓ When requested by any government entity.
✓ As a result of the commercialization of our brand.

• Sensitive Information:

is considered to be data received from occupational health medical processes, sexual orientation, information obtained from minors, and organizations of any kind or sexual orientation. Such information will receive special protection from NEXSA in accordance with the parameters established in Decree 1377 of 2013 and Law 1581 of 2012. The processing of personal data of minors will be done with prior authorization from their legal representatives for the purpose of initiating contractual, employment, or commercial relationships. Through this process, NEXSA seeks to ensure the care and respect of the fundamental rights of minors and adolescents.

VII. Personal Data Processing

Según lo establecido en la Ley 1581 de 2012 y de conformidad con las autorizaciones impartidas por los titulares de Datos Personales, NEXSA realizará operaciones o conjunto de operaciones que incluyen la recolección de datos, su almacenamiento, uso circulación y/o supresión. Este Tratamiento de datos se realizará exclusivamente para las finalidades autorizadas y previstas en las presentes Políticas de Nexsa. De la misma forma se realizará Tratamiento de Datos Personales cuando exista una obligación legal o contractual para ello. Toda información recopilada por NEXSA en su base de datos se encuentra en un software, que tiene acceso restringido y no tiene acceso público ni de personas no autorizadas. Nuestra base de datos no será vendida o sometida a cualquier tipo de mercadeo.

VIII. Rights of the Personal Data Holders

In the processing of Personal Data by NEXSA, the rights of the Personal Data Holders shall be respected at all times. These rights include:

✓ To know, update, and correct their data with NEXSA or with those responsible for data processing. This right may be exercised, among others, with respect to partial, inaccurate, incomplete, fragmented data, data that may lead to error, or data whose processing is expressly prohibited or has not been authorized.

✓ To be informed by NEXSA, or the Data Processor, upon request, about the use that has been made of their data.

✓ To file complaints with the Competent Authority for violations of the law and any other regulations that amend, add to, or complement it.

✓ To revoke the authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees. Revocation and/or deletion will proceed when the Competent Authority has determined that NEXSA or the Data Processors have engaged in conduct contrary to the law and the Constitution. Revocation will be applicable as long as there is no legal or contractual obligation to retain the personal data.

✓ To access, free of charge, the Personal Data that has been subject to processing.

✓ To file complaints with the Superintendence of Industry and Commerce for violations of the law.

✓ To submit requests to NEXSA regarding the processing of their personal data.

✓ To have their personal information suspended from NEXSA's database or to request its revocation when the Superintendence of Industry and Commerce determines, through a final administrative act, that NEXSA or the designated personnel have engaged in conduct contrary to this policy or the law during the data processing.

✓ As established in Article 21 of Decree 1377 of 2013, to be granted free access to their Personal Data that has been processed by NEXSA.

✓ To be informed of any changes to the terms of this Policy in a timely and effective manner prior to the implementation of such changes or, if applicable, prior to the introduction of a new data processing policy.

✓ To be informed about the department or person designated by NEXSA to handle all relevant procedures related to complaints, inquiries, claims, or any other matters concerning their personal information.

For Personal Data Holders to exercise the right to carry out the procedure established in this policy regarding their Personal Data in our database, they must submit a written request for their information and present their original national ID card or any other valid identification document. Minors must be represented by their legal guardian or by those who prove such status with the relevant documentation.

IX. Department Responsible for Handling Requests, Inquiries, and Complaints.

The department responsible for receiving requests from Personal Data Holders and responding to those based on these policies or the law, such as requests to update data or to access Personal Data, as well as petitions, inquiries, and complaints made by Personal Data Holders under NEXSA’s processing, to exercise their rights to know, update, correct, delete data, or revoke authorization, should be directed to: Sandra Vargas. NEXSA contact details:

Address: Calle 98 No. 10 – 32, Office 501
Phone: +57 1 8058580 - 8058581
Email: protecciondedatos@nexsa.net

X. Obligations of Nexsa

✓ To guarantee the Personal Data Holder, at all times, the full and effective exercise of their rights.
✓ To request and keep a copy of the authorization granted by the Data Holder.
✓ To properly inform the Personal Data Holder about the purpose of the data collection and the rights they have by virtue of the authorization granted.
✓ Store the information under the necessary security conditions to prevent unauthorized or fraudulent alteration, loss, consultation, use, or access.
✓ Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.
✓ Update the information by promptly informing the Data Processor of any changes regarding the data previously provided, and take all necessary measures to ensure that the information remains up-to-date.
✓ Correct the information when it is inaccurate and notify the Data Processor accordingly.
✓ Provide the Data Processor, as applicable, only with data whose Processing has been previously authorized in accordance with the provisions of this policy.
✓ Require the Data Collection System Representative, at all times, to respect the security and privacy conditions of the Personal Data Subject's information.
✓ Process inquiries, claims, and requests in accordance with the terms established by law or this policy.
✓ Implement an internal manual of policies and procedures to ensure proper compliance with Law 1581 of 2012, particularly for handling inquiries, claims, and requests.
✓ Inform the Data Processor when certain information is being disputed by the Personal Data Subject, once the request has been submitted and the corresponding process has not yet been completed.
✓ Inform the Personal Data Subject, upon request, about how their data has been used.
✓ Notify the data protection authority when security breaches occur and there are risks in the management of the Data Subjects' information.
✓ Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

XI. Procedures for Exercising the Rights of Data Subjects.

Depending on their relationship with NEXSA, data subjects may exercise their rights to update, rectify, and delete information. Requests can be submitted physically through the secretary’s office or via email. protecciondedatos@nexsa.net In turn, NEXSA will keep a record of the request and its response according to the individual file of each person identified in our database.
NEXSA will have ten (10) business days to process and respond to the request made by the Personal Data Subject, counted from the date the request is received. If NEXSA cannot respond within the established timeframe, it must notify the requester of the reasons for the delay using the same method initially used to submit the request and will have an additional five (5) business days to provide a response.

XII. Claims.

When Personal Data processed by NEXSA needs to be corrected, updated, deleted, or in cases of an alleged breach by NEXSA of the applicable law, mechanisms are in place to allow the Personal Data Subject or their legal representatives, proxies, or successors to file claims in accordance with Law 1581 and Decree 1377, as follows:

I. It may be done via email: protecciondedatos@nexsa.net It may be done via email or through a written document submitted in person at Calle 98 No. 10 – 32, Office 501.

II. The email or document must include the name and identification of the Data Subject, a description of the facts giving rise to the request for "update, correction, deletion, or compliance with obligations."

III. The email or document must provide a physical address for notification and any documentation the requester intends to submit in support of their claim.

IV. To process the claim, NEXSA initially has five (5) business days to verify the identity of the requester or the documents that prove their status as a representative, proxy, or successor.

V. If the claim or documentation is inaccurate or incomplete, NEXSA must notify the requester only once within the five (5) business days following the receipt of the claim. If the requester does not provide the required documentation or verify their true identity within one (1) month from the date of the initial notification, it will be understood that the claim has been withdrawn.

VI. Once the request is received and the identity or complete documents are verified, the information will be processed and included in NEXSA's Database.

VII. Where the Personal Data Subject's documentation is stored, a folder labeled "claim in process" will be attached, including the purpose of the request, the initial terms, and the date the request was resolved.

VIII. NEXSA will have a period of fifteen (15) business days, counted from the date the information is confirmed, to resolve the request.

XIII. Duration of the Databases

The validity of this policy has been in effect since September 1, 2016. The personal data stored, used, or transmitted will remain in our Database for as long as necessary, in accordance with the time required for the purposes mentioned in this policy.
Any fundamental changes to this policy will be promptly notified to the data subjects in a clear and effective manner prior to the new implementation.

______________________


Nexsa S.A.S.

Scroll to Top

Report your delivery

If you have electronic devices that you no longer use, at Nexsa SAS we facilitate their proper disposal. You just need to bring them to our facilities.

"Contribute to environmental care by bringing us your unused electronic devices. Together, we can make a difference!"


Data Processing Policy

I. Purpose

NEXSA, identified with Tax ID 900 162 320 – 1, domiciled in the city of Bogotá D.C., Colombia, hereinafter referred to as "NEXSA" for the purposes of this Data Processing Policy, aims to inform the Personal Data Holders that we are guaranteeing the constitutional right and all other applicable legal and general provisions for the protection of the data collected in the databases or files obtained by NEXSA for the purposes set forth herein.

II. Scope of Application

In cases where the Personal Data Holder provides prior express authorization for the processing of their information, this Policy will apply to the Personal Data registered with NEXSA that is subject to special processing.

III. Scope

The provisions of this policy are intended to inform the Personal Data Holders of their rights and the manner in which NEXSA carries out the special processing of information applied to NEXSA's database.

IV. Background

In accordance with the provisions of Law 1581 of October 17, 2012, the National Congress enacted General Provisions for the management and protection of Personal Data, including the rights regime of the data subjects and the obligations of the data controllers and processors, establishing a general framework for Personal Data Protection in Colombia. Subsequently, on June 27, 2013, the National Government issued Decree 1377 of 2013, which regulates the aforementioned law with the purpose of facilitating its implementation in aspects related to the data subject’s authorization, the Data Processing Policies of controllers and processors, the exercise of the rights of data subjects, Personal Data Transfers, and Demonstrated Accountability in Personal Data Processing.

V. Principles

In order to guarantee the right to personal data protection in the course of its commercial activities, NEXSA will obtain, process, collect, transmit, and carry out various operations on the information of Personal Data Holders. Likewise, it is the duty of the delegated personnel and/or those responsible at NEXSA to comply with the provisions of the law, as well as the principles and rules described in this policy.

✓ Express Authorization:

Upon prior express authorization regarding the handling of personal data, NEXSA is automatically authorized to manage the information. For any Personal Data Holder with whom NEXSA has had any type of relationship, a notification will be made using the necessary means in order to obtain retroactive authorization in accordance with the provisions of Decree 1377 and other applicable regulations.

✓ Purpose of the Database

Any activity involving the handling of Personal Data must comply with the purposes stated in this Policy or have the express authorization of the Personal Data Holder, or be governed by the relevant documents that regulate a special Personal Data Processing Policy.

✓ Data Quality:

The Personal Data Holder must provide timely, accurate, clear, truthful, and verifiable information. If the Personal Data Holder provides incorrect, incomplete, or non-existent information, NEXSA is authorized to refrain from establishing a commercial relationship. ✓ Provision of Information to the Data Subject:

When the Personal Data Holder requests it, NEXSA must provide information regarding the existence of Personal Data related to the requester. This information will be provided by the department delegated by NEXSA for personal data protection.

✓ Security:

NEXSA will designate authorized personnel for the handling of Personal Data. Personnel without such authorization shall not be allowed to manage the information or carry out any personal data processing activities.

✓ Duration:

The information collected by NEXSA from the Personal Data Holder shall be processed only for the reasonable time necessary to fulfill the intended purpose.

✓ Confidentiality:

It is NEXSA's duty to guarantee the confidentiality of Personal Data Processing to prevent such information from being used, altered, accessed, or compromised by unauthorized persons.

✓ Confidentiality and Subsequent Processing:

Even after the termination of a contractual relationship or any link between the Personal Data Holder and NEXSA, the data must be treated confidentially by the personnel designated by NEXSA, in accordance with this policy and the law, including data that is not public.

✓ Personal Data Holder:

Natural or Legal Person.

✓ Individuality:

As a Data Processor, NEXSA shall keep separate the databases for which it acts as Data Controller.

✓ Necessity:

Personal Data may only be processed for the duration and to the extent that the purpose of its processing justifies it.

VI. Purpose of the Database

The information processed by NEXSA belongs to the Personal Data Holders, such as its clients, employees, and suppliers. By providing personal information to NEXSA, you are expressing your consent to the processing of your data in accordance with this document. Minors who intend to establish a commercial or employment relationship with NEXSA must be legally represented by their parents or legal guardians, who, on their behalf, shall express acceptance of these policies and the processing of the minor’s personal data. Likewise, NEXSA, the designated personnel, the Personal Data Holders, and any parties governed by law or contract shall be subject to these policies, which will be applied under the following purposes:

✓ Carry out the administrative procedures managed by NEXSA for the inclusion or updating of our database as a Personal Data Holder.
✓ Obtain information about your commercial behavior
✓ Execution and fulfillment of the contracts entered into.
✓ Maintain control and prevention of fraud and money laundering.
✓ Management of accounting and financial information.
✓ Management of Tax Information.
✓ Prevention and control of money laundering and terrorism financing.
✓ Conduct job postings and selection processes.
✓ Inform employees about labor announcements, NEXSA updates, and internal activities.
✓ Carry out the execution and fulfillment of the agreements entered into between NEXSA and any Personal Data Holder.
✓ Establish contact for commercial purposes with our clients and suppliers.
✓ Promote our services and website.
✓ Communicate the Personal Data Holder's information for administrative, operational, and commercial purposes in accordance with this policy and the applicable legal regulations.
✓ Send notices or communications to NEXSA shareholders.
✓ In order to comply with legal and regulatory provisions through the collection of personal information for its processing, NEXSA commits to fulfilling all other responsibilities arising from this action.
✓ When requested by any government entity.
✓ As a result of the commercialization of our brand.

• Sensitive Information:

is considered to be data received from occupational health medical processes, sexual orientation, information obtained from minors, and organizations of any kind or sexual orientation. Such information will receive special protection from NEXSA in accordance with the parameters established in Decree 1377 of 2013 and Law 1581 of 2012. The processing of personal data of minors will be done with prior authorization from their legal representatives for the purpose of initiating contractual, employment, or commercial relationships. Through this process, NEXSA seeks to ensure the care and respect of the fundamental rights of minors and adolescents.

VII. Personal Data Processing

In accordance with Law 1581 of 2012 and the authorizations granted by the Personal Data Holders, NEXSA will perform operations or sets of operations that include data collection, storage, use, circulation, and/or deletion. This data processing will be carried out exclusively for the purposes authorized and outlined in these Nexsa Policies. Similarly, Personal Data Processing will be performed when there is a legal or contractual obligation to do so. All information collected by NEXSA in its database is stored in software with restricted access and is not accessible to the public or unauthorized persons. Our database will not be sold or subjected to any type of marketing.

VIII. Rights of the Personal Data Holders

In the processing of Personal Data by NEXSA, the rights of the Personal Data Holders shall be respected at all times. These rights include:

✓ To know, update, and correct their data with NEXSA or with those responsible for data processing. This right may be exercised, among others, with respect to partial, inaccurate, incomplete, fragmented data, data that may lead to error, or data whose processing is expressly prohibited or has not been authorized.

✓ To be informed by NEXSA, or the Data Processor, upon request, about the use that has been made of their data.

✓ To file complaints with the Competent Authority for violations of the law and any other regulations that amend, add to, or complement it.

✓ To revoke the authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees. Revocation and/or deletion will proceed when the Competent Authority has determined that NEXSA or the Data Processors have engaged in conduct contrary to the law and the Constitution. Revocation will be applicable as long as there is no legal or contractual obligation to retain the personal data.

✓ To access, free of charge, the Personal Data that has been subject to processing.

✓ To file complaints with the Superintendence of Industry and Commerce for violations of the law.

✓ To submit requests to NEXSA regarding the processing of their personal data.

✓ To have their personal information suspended from NEXSA's database or to request its revocation when the Superintendence of Industry and Commerce determines, through a final administrative act, that NEXSA or the designated personnel have engaged in conduct contrary to this policy or the law during the data processing.

✓ As established in Article 21 of Decree 1377 of 2013, to be granted free access to their Personal Data that has been processed by NEXSA.

✓ To be informed of any changes to the terms of this Policy in a timely and effective manner prior to the implementation of such changes or, if applicable, prior to the introduction of a new data processing policy.

✓ To be informed about the department or person designated by NEXSA to handle all relevant procedures related to complaints, inquiries, claims, or any other matters concerning their personal information.

For Personal Data Holders to exercise the right to carry out the procedure established in this policy regarding their Personal Data in our database, they must submit a written request for their information and present their original national ID card or any other valid identification document. Minors must be represented by their legal guardian or by those who prove such status with the relevant documentation.

IX. Department Responsible for Handling Requests, Inquiries, and Complaints.

The department responsible for receiving requests from Personal Data Holders and responding to those based on these policies or the law, such as requests to update data or to access Personal Data, as well as petitions, inquiries, and complaints made by Personal Data Holders under NEXSA’s processing, to exercise their rights to know, update, correct, delete data, or revoke authorization, should be directed to: Sandra Vargas. NEXSA contact details:

Address: Calle 98 No. 10 – 32, Office 501
Phone: +57 1 8058580 - 8058581
Email: protecciondedatos@nexsa.net

X. Obligations of Nexsa

✓ To guarantee the Personal Data Holder, at all times, the full and effective exercise of their rights.
✓ To request and keep a copy of the authorization granted by the Data Holder.
✓ To properly inform the Personal Data Holder about the purpose of the data collection and the rights they have by virtue of the authorization granted.
✓ Store the information under the necessary security conditions to prevent unauthorized or fraudulent alteration, loss, consultation, use, or access.
✓ Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.
✓ Update the information by promptly informing the Data Processor of any changes regarding the data previously provided, and take all necessary measures to ensure that the information remains up-to-date.
✓ Correct the information when it is inaccurate and notify the Data Processor accordingly.
✓ Provide the Data Processor, as applicable, only with data whose Processing has been previously authorized in accordance with the provisions of this policy.
✓ Require the Data Collection System Representative, at all times, to respect the security and privacy conditions of the Personal Data Subject's information.
✓ Process inquiries, claims, and requests in accordance with the terms established by law or this policy.
✓ Implement an internal manual of policies and procedures to ensure proper compliance with Law 1581 of 2012, particularly for handling inquiries, claims, and requests.
✓ Inform the Data Processor when certain information is being disputed by the Personal Data Subject, once the request has been submitted and the corresponding process has not yet been completed.
✓ Inform the Personal Data Subject, upon request, about how their data has been used.
✓ Notify the data protection authority when security breaches occur and there are risks in the management of the Data Subjects' information.
✓ Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

XI. Procedures for Exercising the Rights of Data Subjects.

Depending on their relationship with NEXSA, data subjects may exercise their rights to update, rectify, and delete information. Requests can be submitted physically through the secretary’s office or via email. protecciondedatos@nexsa.net In turn, NEXSA will keep a record of the request and its response according to the individual file of each person identified in our database.
NEXSA will have ten (10) business days to process and respond to the request made by the Personal Data Subject, counted from the date the request is received. If NEXSA cannot respond within the established timeframe, it must notify the requester of the reasons for the delay using the same method initially used to submit the request and will have an additional five (5) business days to provide a response.

XII. Claims.

When Personal Data processed by NEXSA needs to be corrected, updated, deleted, or in cases of an alleged breach by NEXSA of the applicable law, mechanisms are in place to allow the Personal Data Subject or their legal representatives, proxies, or successors to file claims in accordance with Law 1581 and Decree 1377, as follows:

I. It may be done via email: protecciondedatos@nexsa.net It may be done via email or through a written document submitted in person at Calle 98 No. 10 – 32, Office 501.

II. The email or document must include the name and identification of the Data Subject, a description of the facts giving rise to the request for "update, correction, deletion, or compliance with obligations."

III. The email or document must provide a physical address for notification and any documentation the requester intends to submit in support of their claim.

IV. To process the claim, NEXSA initially has five (5) business days to verify the identity of the requester or the documents that prove their status as a representative, proxy, or successor.

V. If the claim or documentation is inaccurate or incomplete, NEXSA must notify the requester only once within the five (5) business days following the receipt of the claim. If the requester does not provide the required documentation or verify their true identity within one (1) month from the date of the initial notification, it will be understood that the claim has been withdrawn.

VI. Once the request is received and the identity or complete documents are verified, the information will be processed and included in NEXSA's Database.

VII. Where the Personal Data Subject's documentation is stored, a folder labeled "claim in process" will be attached, including the purpose of the request, the initial terms, and the date the request was resolved.

VIII. NEXSA will have a period of fifteen (15) business days, counted from the date the information is confirmed, to resolve the request.

XIII. Duration of the Databases

The validity of this policy has been in effect since September 1, 2016. The personal data stored, used, or transmitted will remain in our Database for as long as necessary, in accordance with the time required for the purposes mentioned in this policy.
Any fundamental changes to this policy will be promptly notified to the data subjects in a clear and effective manner prior to the new implementation.

______________________

Catalina Espejo
Legal Representative
Nexsa S.A.S.


Contact Us

Leave us your comments, suggestions, and questions. We will get back to you shortly.


Data Processing Policy

I. Purpose

NEXSA, identified with Tax ID 900 162 320 – 1, domiciled in the city of Bogotá D.C., Colombia, hereinafter referred to as "NEXSA" for the purposes of this Data Processing Policy, aims to inform the Personal Data Holders that we are guaranteeing the constitutional right and all other applicable legal and general provisions for the protection of the data collected in the databases or files obtained by NEXSA for the purposes set forth herein.

II. Scope of Application

In cases where the Personal Data Holder provides prior express authorization for the processing of their information, this Policy will apply to the Personal Data registered with NEXSA that is subject to special processing.

III. Scope

The provisions of this policy are intended to inform the Personal Data Holders of their rights and the manner in which NEXSA carries out the special processing of information applied to NEXSA's database.

IV. Background

In accordance with the provisions of Law 1581 of October 17, 2012, the National Congress enacted General Provisions for the management and protection of Personal Data, including the rights regime of the data subjects and the obligations of the data controllers and processors, establishing a general framework for Personal Data Protection in Colombia. Subsequently, on June 27, 2013, the National Government issued Decree 1377 of 2013, which regulates the aforementioned law with the purpose of facilitating its implementation in aspects related to the data subject’s authorization, the Data Processing Policies of controllers and processors, the exercise of the rights of data subjects, Personal Data Transfers, and Demonstrated Accountability in Personal Data Processing.

V. Principles

In order to guarantee the right to personal data protection in the course of its commercial activities, NEXSA will obtain, process, collect, transmit, and carry out various operations on the information of Personal Data Holders. Likewise, it is the duty of the delegated personnel and/or those responsible at NEXSA to comply with the provisions of the law, as well as the principles and rules described in this policy.

✓ Express Authorization:

Upon prior express authorization regarding the handling of personal data, NEXSA is automatically authorized to manage the information. For any Personal Data Holder with whom NEXSA has had any type of relationship, a notification will be made using the necessary means in order to obtain retroactive authorization in accordance with the provisions of Decree 1377 and other applicable regulations.

✓ Purpose of the Database

Any activity involving the handling of Personal Data must comply with the purposes stated in this Policy or have the express authorization of the Personal Data Holder, or be governed by the relevant documents that regulate a special Personal Data Processing Policy.

✓ Data Quality:

The Personal Data Holder must provide timely, accurate, clear, truthful, and verifiable information. If the Personal Data Holder provides incorrect, incomplete, or non-existent information, NEXSA is authorized to refrain from establishing a commercial relationship. ✓ Provision of Information to the Data Subject:

When the Personal Data Holder requests it, NEXSA must provide information regarding the existence of Personal Data related to the requester. This information will be provided by the department delegated by NEXSA for personal data protection.

✓ Security:

NEXSA will designate authorized personnel for the handling of Personal Data. Personnel without such authorization shall not be allowed to manage the information or carry out any personal data processing activities.

✓ Duration:

The information collected by NEXSA from the Personal Data Holder shall be processed only for the reasonable time necessary to fulfill the intended purpose.

✓ Confidentiality:

It is NEXSA's duty to guarantee the confidentiality of Personal Data Processing to prevent such information from being used, altered, accessed, or compromised by unauthorized persons.

✓ Confidentiality and Subsequent Processing:

Even after the termination of a contractual relationship or any link between the Personal Data Holder and NEXSA, the data must be treated confidentially by the personnel designated by NEXSA, in accordance with this policy and the law, including data that is not public.

✓ Personal Data Holder:

Natural or Legal Person.

✓ Individuality:

As a Data Processor, NEXSA shall keep separate the databases for which it acts as Data Controller.

✓ Necessity:

Personal Data may only be processed for the duration and to the extent that the purpose of its processing justifies it.

VI. Purpose of the Database

The information processed by NEXSA belongs to the Personal Data Holders, such as its clients, employees, and suppliers. By providing personal information to NEXSA, you are expressing your consent to the processing of your data in accordance with this document. Minors who intend to establish a commercial or employment relationship with NEXSA must be legally represented by their parents or legal guardians, who, on their behalf, shall express acceptance of these policies and the processing of the minor’s personal data. Likewise, NEXSA, the designated personnel, the Personal Data Holders, and any parties governed by law or contract shall be subject to these policies, which will be applied under the following purposes:

✓ Carry out the administrative procedures managed by NEXSA for the inclusion or updating of our database as a Personal Data Holder.
✓ Obtain information about your commercial behavior
✓ Execution and fulfillment of the contracts entered into.
✓ Maintain control and prevention of fraud and money laundering.
✓ Management of accounting and financial information.
✓ Management of Tax Information.
✓ Prevention and control of money laundering and terrorism financing.
✓ Conduct job postings and selection processes.
✓ Inform employees about labor announcements, NEXSA updates, and internal activities.
✓ Carry out the execution and fulfillment of the agreements entered into between NEXSA and any Personal Data Holder.
✓ Establish contact for commercial purposes with our clients and suppliers.
✓ Promote our services and website.
✓ Communicate the Personal Data Holder's information for administrative, operational, and commercial purposes in accordance with this policy and the applicable legal regulations.
✓ Send notices or communications to NEXSA shareholders.
✓ In order to comply with legal and regulatory provisions through the collection of personal information for its processing, NEXSA commits to fulfilling all other responsibilities arising from this action.
✓ When requested by any government entity.
✓ As a result of the commercialization of our brand.

• Sensitive Information:

is considered to be data received from occupational health medical processes, sexual orientation, information obtained from minors, and organizations of any kind or sexual orientation. Such information will receive special protection from NEXSA in accordance with the parameters established in Decree 1377 of 2013 and Law 1581 of 2012. The processing of personal data of minors will be done with prior authorization from their legal representatives for the purpose of initiating contractual, employment, or commercial relationships. Through this process, NEXSA seeks to ensure the care and respect of the fundamental rights of minors and adolescents.

VII. Personal Data Processing

In accordance with Law 1581 of 2012 and the authorizations granted by the Personal Data Holders, NEXSA will perform operations or sets of operations that include data collection, storage, use, circulation, and/or deletion. This data processing will be carried out exclusively for the purposes authorized and outlined in these Nexsa Policies. Similarly, Personal Data Processing will be performed when there is a legal or contractual obligation to do so. All information collected by NEXSA in its database is stored in software with restricted access and is not accessible to the public or unauthorized persons. Our database will not be sold or subjected to any type of marketing.

VIII. Rights of the Personal Data Holders

In the processing of Personal Data by NEXSA, the rights of the Personal Data Holders shall be respected at all times. These rights include:

✓ To know, update, and correct their data with NEXSA or with those responsible for data processing. This right may be exercised, among others, with respect to partial, inaccurate, incomplete, fragmented data, data that may lead to error, or data whose processing is expressly prohibited or has not been authorized.

✓ To be informed by NEXSA, or the Data Processor, upon request, about the use that has been made of their data.

✓ To file complaints with the Competent Authority for violations of the law and any other regulations that amend, add to, or complement it.

✓ To revoke the authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees. Revocation and/or deletion will proceed when the Competent Authority has determined that NEXSA or the Data Processors have engaged in conduct contrary to the law and the Constitution. Revocation will be applicable as long as there is no legal or contractual obligation to retain the personal data.

✓ To access, free of charge, the Personal Data that has been subject to processing.

✓ To file complaints with the Superintendence of Industry and Commerce for violations of the law.

✓ To submit requests to NEXSA regarding the processing of their personal data.

✓ To have their personal information suspended from NEXSA's database or to request its revocation when the Superintendence of Industry and Commerce determines, through a final administrative act, that NEXSA or the designated personnel have engaged in conduct contrary to this policy or the law during the data processing.

✓ As established in Article 21 of Decree 1377 of 2013, to be granted free access to their Personal Data that has been processed by NEXSA.

✓ To be informed of any changes to the terms of this Policy in a timely and effective manner prior to the implementation of such changes or, if applicable, prior to the introduction of a new data processing policy.

✓ To be informed about the department or person designated by NEXSA to handle all relevant procedures related to complaints, inquiries, claims, or any other matters concerning their personal information.

For Personal Data Holders to exercise the right to carry out the procedure established in this policy regarding their Personal Data in our database, they must submit a written request for their information and present their original national ID card or any other valid identification document. Minors must be represented by their legal guardian or by those who prove such status with the relevant documentation.

IX. Department Responsible for Handling Requests, Inquiries, and Complaints.

The department responsible for receiving requests from Personal Data Holders and responding to those based on these policies or the law, such as requests to update data or to access Personal Data, as well as petitions, inquiries, and complaints made by Personal Data Holders under NEXSA’s processing, to exercise their rights to know, update, correct, delete data, or revoke authorization, should be directed to: Sandra Vargas. NEXSA contact details:

Address: Calle 98 No. 10 – 32, Office 501
Phone: +57 1 8058580 - 8058581
Email: protecciondedatos@nexsa.net

X. Obligations of Nexsa

✓ To guarantee the Personal Data Holder, at all times, the full and effective exercise of their rights.
✓ To request and keep a copy of the authorization granted by the Data Holder.
✓ To properly inform the Personal Data Holder about the purpose of the data collection and the rights they have by virtue of the authorization granted.
✓ Store the information under the necessary security conditions to prevent unauthorized or fraudulent alteration, loss, consultation, use, or access.
✓ Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.
✓ Update the information by promptly informing the Data Processor of any changes regarding the data previously provided, and take all necessary measures to ensure that the information remains up-to-date.
✓ Correct the information when it is inaccurate and notify the Data Processor accordingly.
✓ Provide the Data Processor, as applicable, only with data whose Processing has been previously authorized in accordance with the provisions of this policy.
✓ Require the Data Collection System Representative, at all times, to respect the security and privacy conditions of the Personal Data Subject's information.
✓ Process inquiries, claims, and requests in accordance with the terms established by law or this policy.
✓ Implement an internal manual of policies and procedures to ensure proper compliance with Law 1581 of 2012, particularly for handling inquiries, claims, and requests.
✓ Inform the Data Processor when certain information is being disputed by the Personal Data Subject, once the request has been submitted and the corresponding process has not yet been completed.
✓ Inform the Personal Data Subject, upon request, about how their data has been used.
✓ Notify the data protection authority when security breaches occur and there are risks in the management of the Data Subjects' information.
✓ Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

XI. Procedures for Exercising the Rights of Data Subjects.

Depending on their relationship with NEXSA, data subjects may exercise their rights to update, rectify, and delete information. Requests can be submitted physically through the secretary’s office or via email. protecciondedatos@nexsa.net In turn, NEXSA will keep a record of the request and its response according to the individual file of each person identified in our database.
NEXSA will have ten (10) business days to process and respond to the request made by the Personal Data Subject, counted from the date the request is received. If NEXSA cannot respond within the established timeframe, it must notify the requester of the reasons for the delay using the same method initially used to submit the request and will have an additional five (5) business days to provide a response.

XII. Claims.

When Personal Data processed by NEXSA needs to be corrected, updated, deleted, or in cases of an alleged breach by NEXSA of the applicable law, mechanisms are in place to allow the Personal Data Subject or their legal representatives, proxies, or successors to file claims in accordance with Law 1581 and Decree 1377, as follows:

I. It may be done via email: protecciondedatos@nexsa.net It may be done via email or through a written document submitted in person at Calle 98 No. 10 – 32, Office 501.

II. The email or document must include the name and identification of the Data Subject, a description of the facts giving rise to the request for "update, correction, deletion, or compliance with obligations."

III. The email or document must provide a physical address for notification and any documentation the requester intends to submit in support of their claim.

IV. To process the claim, NEXSA initially has five (5) business days to verify the identity of the requester or the documents that prove their status as a representative, proxy, or successor.

V. If the claim or documentation is inaccurate or incomplete, NEXSA must notify the requester only once within the five (5) business days following the receipt of the claim. If the requester does not provide the required documentation or verify their true identity within one (1) month from the date of the initial notification, it will be understood that the claim has been withdrawn.

VI. Once the request is received and the identity or complete documents are verified, the information will be processed and included in NEXSA's Database.

VII. Where the Personal Data Subject's documentation is stored, a folder labeled "claim in process" will be attached, including the purpose of the request, the initial terms, and the date the request was resolved.

VIII. NEXSA will have a period of fifteen (15) business days, counted from the date the information is confirmed, to resolve the request.

XIII. Duration of the Databases

The validity of this policy has been in effect since September 1, 2016. The personal data stored, used, or transmitted will remain in our Database for as long as necessary, in accordance with the time required for the purposes mentioned in this policy.
Any fundamental changes to this policy will be promptly notified to the data subjects in a clear and effective manner prior to the new implementation.

______________________

Catalina Espejo
Legal Representative
Nexsa S.A.S.


Use of Cookies

By continuing to browse our website, you agree to our... Cookie Policy.

I Accept