PERSONAL DATA PROCESSING POLICY

LASER S.A.S.

 

LASER S.A.S (hereinafter "LASER")., a simplified joint-stock company, identified with the NIT. 800.166.763 with principal address at the address Carrera 7 A # 23 - 65, Santiago de Cali (Valle del Cauca) Colombia, recognizes the importance of the security, privacy and confidentiality of the personal data of its customers, users, collaborators, suppliers, shareholders, allies and in general of all its stakeholders with respect to which it processes information therefore, in compliance with the constitutional and legal provisions, it adopted this POLICY FOR THE PROCESSING OF PERSONAL DATA.

 

1. INTRODUCTION

 

The Political Constitution of Colombia enshrines the right of all persons to know, update and rectify the information that exists about them in databases or files of public or private entities. Likewise, it orders those who have Personal Data of third parties to respect the rights and guarantees provided for in the Constitution when this type of information is processed.

 

Likewise, the Political Constitution of Colombia enshrines the right of any person to information, so that he or she receives truthful and impartial information.

 

LASER is committed to complying with the regulation on the Protection of Personal Data and to respecting the rights of the Data Subjects. For this reason, it adopts this Personal Data Processing Policy,  which is mandatory for all activities involving the Processing of Personal Data and is mandatory for the Company, its Administrators, Collaborators and third parties with whom it is contractually or commercially related.

 

The Company, within the development of its corporate purpose, receives, transmits and processes Personal Data on a daily basis, so it is essential to have this policy and strictly comply with it.

 

1. APPLICABLE REGULATIONS

 

LASER is based on all legal provisions in Colombia and international recommendations for the construction and handling of personal data within its organization. The following are the main regulations in force in the country for the protection of personal data:

 

• Article 15 of the Political Constitution of Colombia

• Statutory Law 1266 of 2008

• Law 1273 of 2009

• Statutory Law 1581 of 2012

• Decree 1377 of 2013

• Decree 886 of 2014

• Decree 1074 of 2015

• Title V of the Single Circular of the Superintendence of Industry and Commerce

 

1. SCOPE

 

LASER, as the data controller, will ensure the security and quality in the processing of information, and compliance with Article 15 of the Political Constitution of Colombia, the current regulations regarding the protection of personal data, and especially the provisions of Law 1581 of 2012, Decree 1377 of 2013 and the other provisions that modify it.  add or complement.

 

Without prejudice to compliance with the duty of documentary confidentiality established in Article 61 et seq. of the Commercial Code that corresponds to LASER, in its capacity as a private company, this Policy describes the guidelines that will be carried out to protect the personal data of the owners of the information and to carry out their proper treatment.

 

The processing carried out by LASER will be based on the authorisation granted by the owner and will take into account the purposes expressly informed.

 

Likewise, LASER, in the development of its activity and management, and in order to provide collaboration to any business group in which it belongs, during the execution of its activities may carry out the processing of personal data jointly with the entities that belong or will become part of its business group, or to whoever represents its rights or holds the status of creditor in the future.  assignee, or any capacity vis-à-vis the owners of the information.

 

The entities that belong or may become part of the Group in accordance with the law, its affiliates and/or subsidiaries, or the entities in which they, directly or indirectly, have a shareholding or are associates, domiciled in Colombia and/or abroad, shall be understood to be part of the business group.

 

1. RECIPIENTS

This policy is aimed at our customers, collaborators, suppliers, partners and in general to all stakeholders on whom LASER processes personal data.

1. DEFINITIONS

The following definitions will be taken into account for this policy:

 

AUTHORIZATION: It means the prior, express and informed consent of the Data Subject to carry out the Processing. This can be i) written; (ii)verbal or; iii) unequivocal conduct that allows a reasonable conclusion that the Owner accepted the Processing of their data.

 

PRIVACY NOTICE: It is the verbal or written communication that aims to inform the owner of the data about LASER's data protection policy.

 

DATABASE: An organized set of laser data, which can be organized physically or digitally and can be stored in physical or analog locations.

 

CONSULTATION: It is the request of the Owner of the Personal Data, of the persons authorized by him, or those authorized by law, to know the information that rests on him in the Company's Databases.

PUBLIC DATA: Data that the law or the Constitution determines as such, as well as all those that are not semi-private or private.

 

PRIVATE DATA: It is that data that, due to its intimate or reserved nature, is only relevant to the owner of the information.

 

SEMI-PRIVATE DATA: It is that data that is not intimate, reserved, or public in nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people.

 

PERSONAL DATA: Any information linked to or that can be associated with one or more specific or determinable natural persons.

 

SENSITIVE DATA: Those data that affect the privacy of the Owner or whose improper use may generate discrimination or persecution.

 

DATA PROCESSOR: Natural or legal person, public or private, who by itself or in association with others, carries out the Processing of personal data on behalf of the Company as Data Controller.

 

PROCESSING POLICY: This document refers to as the personal data processing policy applied by the Company in accordance with the guidelines of the current legislation on the matter.

 

• Any natural or legal person who provides any service to the Company by virtue of a contractual/obligational relationship.

 

COMPLAINT: means the request of the Data Subject or the persons authorized by the Data Subject or by law to correct, update or delete their Personal Data or when they notice that there is an alleged breach of the data protection regime, according to Article 15 of Law 1581 of 2012.

DATA CONTROLLER: Natural or legal person, public or private, who by itself or in association with others, decides on the database and/or the Processing of data, for the purposes of this policy, will act as Controller, in principle, the Company.

 

PROCEDURAL REQUIREMENT: a previous step that must be taken by the Owner before filing a complaint with the Superintendence of Industry and Commerce. This consists of a direct complaint to the Person in Charge or Responsible for your Personal Data.

• Refers to the sending by the Company as Data Controller or a Data Processor, to a third party agent or natural/legal person (recipient), within or outside the national territory for the effective processing of personal data.

 

• refers to the communication of personal data by the Responsible Party to the Processor, located inside or outside the national territory, so that the Processor, on behalf of the Controller, processes personal data.

 

• Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

 

USER: natural or legal person whose personal data are subject to processing. For LASER, the data will be owned by customers, users, collaborators, suppliers, allies, shareholders, visitors, our stakeholders and any other person whose data is processed by LASER, either directly or indirectly.

 

The above list is made for illustrative purposes only, for a better understanding of the above definitions and other terms that are not included, you should refer to Law 1581 of 2021, Decree 1377 of 2013 and other applicable regulations on the matter.

1. GUIDING PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

 

In accordance with current legislation and related to data processing, LASER undertakes to comply with the following principles with the owners of the information:

1. Related to the collection of personal data

 

PRINCIPLE OF FREEDOM: LASER will process the data only with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization or in the absence of a legal or judicial mandate.

PRINCIPLE OF LIMITATION OF COLLECTION: Only Personal Data that is strictly necessary for the fulfillment of the purposes of the Processing must be collected, in such a way that the registration and disclosure of data that are not closely related to the purpose of the Processing is prohibited. Accordingly, every reasonable effort must be made to limit the processing of Personal Data to the minimum necessary. That is, the data must be: (i) adequate, (ii) pertinent and (iii) in accordance with the purposes for which they were intended.

1. Related to the use of personal data

 

PRINCIPLE OF PURPOSE: LASER will process the data for a legitimate purpose, in accordance with the Constitution and the law, which will be informed to the owner.

PRINCIPLE OF TEMPORALITY: Personal Data will be kept only for the reasonable time necessary to comply with the purpose of the Processing and the legal requirements or instructions of the surveillance and control authorities or other competent authorities. The data will be kept when this is necessary for compliance with a legal or contractual obligation. To determine the term of the Processing, the rules applicable to each purpose and the administrative, accounting, fiscal, legal and historical aspects of the information will be considered.

1. Related to the quality of information

 

PRINCIPLE OF VERACITY OR QUALITY: THE INFORMATION THAT IS SUBJECT TO PROCESSING MUST BE TRUTHFUL, COMPLETE, UPDATED, VERIFIABLE AND UNDERSTANDABLE. The processing of fractional or misleading data is prohibited at LASER.

1. Related to the protection, access and circulation of personal data

 

PRINCIPLE OF LEGALITY IN DATA PROCESSING: LASER is aware that the processing referred to in Law 1581 of 2012 is a regulated activity, which must be subject to the provisions of it and the other provisions that develop it.

PRINCIPLE OF TRANSPARENCY: LASER knows that the owners of the information have the right to obtain at any time and without restrictions, information about the existence of the data that concerns them.

PRINCIPLE OF RESTRICTED ACCESS AND CIRCULATION: the processing is subject to the limits derived from the nature of the personal data, in accordance with the provisions of Law 1581 of 2012 and the Constitution. In this sense, the processing may only be carried out by persons authorised by the owner and/or by the persons provided for by law. With the exception of public information, LASER will not make personal data available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the owners or third parties authorized in accordance with Law 1581 of 2012.

SECURITY PRINCIPLE: LASER will handle the information subject to processing referred to in Law 1581 of 2012 with the technical, human and administrative measures that are necessary to provide security to the records, preventing their adulteration, loss, consultation, use or unauthorized or fraudulent access.

PRINCIPLE OF CONFIDENTIALITY: all persons involved in the processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the processing, being able to supply or communicate personal data only when this corresponds to the development of the activities authorized in Law 1581 of 2012 and in the terms of the same.

1. AUTHORIZATIONS

 

LASER will request authorization so that the owner of the information grants his/her prior, express and informed consent to the processing to which his/her personal data is subject.

 

Authorization may also be obtained based on unequivocal conduct by the owner of the data, which allows it to be reasonably concluded that he or she has given his or her consent for the processing of his or her information. Such conduct must clearly express the will to authorize the treatment.

 

The consent of the owner may be obtained by any means that may be subject to subsequent consultation, such as written, verbal, virtual communication or by unequivocal conduct.

 

By virtue of its nature and corporate purpose, LASER receives, collects, records, preserves, stores, modifies, reports, consults, delivers, transmits, transfers, shares and deletes personal information, for which it obtains the prior authorization of the owner.

 

The authorization granted by the owners of the information to LASER allows, among other things, the performance of the following purposes: to offer and provide information on the products, as well as to consult, report and update their data to the information and risk operators; to update current contractual relationships and comply with the agreed obligations, among others such as those established in the purposes of the data regulated in this policy.

 

LASER will keep proof of such authorizations in an appropriate manner, ensuring and respecting the principles of privacy and confidentiality of information.

 

LASER generally handles its AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA form, however, when it comes to information that is related to the following types of data, the following special considerations will be taken:

 

1. Sensitive data

 

For the processing of sensitive data, the data subject will be informed of the following:

 

• The owner may object to the specific processing of this type of information.

 

• The type of sensitive data will be explicitly and previously informed.

 

• The processing and purpose to be given to the sensitive data will be communicated.

 

• The authorisation of sensitive data will be prior, express and clear.

 

• At any time, the owner of the sensitive data may request its removal or updating from LASER's databases, unless there is a legal obligation to maintain it.

 

b. Data on children and adolescents

 

LASER will ensure that the processing of this type of data is carried out in accordance with the rights of children and adolescents. In this sense, their special nature will be protected and their fundamental rights will be respected, in accordance with the provisions of Articles 5, 6 and 7 of Law 1581 of 2012, and Articles 6 and 12 of Decree 1377 of 2013, and other regulations that modify or add to them.

 

For the purposes of complying with the above, LASER will act in accordance with the following:

 

• Authorization will be requested from the legal representative of the child or adolescent after the minor has exercised his or her right to be heard, an opinion that will be assessed taking into account the maturity, autonomy and capacity to understand the matter, for the purposes of processing his or her personal data.

 

• The child's legal representative and the child will be informed that they may object to the specific processing of their information.

 

• The optional nature of answering questions about the data of children or adolescents will be reported.

 

• The data subject to processing and the purpose of the processing will be explicitly and previously informed.

 

c. Processing of data that do not require the owner's authorisation

LASER informs all its stakeholders that, in accordance with Article 10 of Law 1581 of 2012, the authorization of the owner will not be necessary when it comes to: (1) information required by a public or administrative entity in the exercise of its legal functions or by court order, (2) data of a public nature,  (3) cases of medical or health emergency, (4) processing of information authorized by law for historical, statistical or scientific purposes, and (5) data related to the Civil Registry of Persons.

 

1. PURPOSES

 

The following are the main purposes for which LASER processes personal information:

 

to. Customers and/or users

 

• To know their financial, commercial and credit behaviour and compliance with their legal obligations in risk centres and other financial databases.

 

• Carry out all the necessary procedures aimed at confirming and updating the client's information.

 

• Validate and verify the customer's identity for the offer and administration of products and services, as well as to share information with various market actors.

 

• Establish a contractual relationship, as well as maintain and terminate a contractual relationship.

 

• To offer and provide products or services through any means or channel in accordance with the customer's profile and technological advances.

 

• To receive information from LASER and other companies that are part of its group regarding current and future commercial campaigns, promotion of products and services, both its own and those of third parties, and other communications necessary to keep the customer communicated and informed through: telephone call, text message, email, Facebook, Twitter, Instagram or any social network integration or instant messaging,  among others.

 

• Receive messages related to the management of collection and recovery of the portfolio, either directly or through a third party hired for such function.

 

• Provide commercial, legal, product, safety, service, or any other information.

 

• Know the location and contact details of the customer for notification purposes for security purposes and offer of benefits and commercial offers.

 

• To carry out commercial, statistical, risk, market analysis and research, including contacting the client for these purposes.

 

• Prevent money laundering, terrorist financing, as well as detect fraud, corruption, and other illegal activities.

 

• Carry out satisfaction surveys regarding the services provided by LASER and other companies in its group.

 

• Consult fines and penalties before the different administrative and judicial authorities or public databases that have the function of managing data of this nature.

 

• Perform any type of deep data analysis and feed any type of high-tech system that processes large amounts of data, through the use of artificial intelligence for commercial, statistical, business intelligence or similar uses.

 

b. Suppliers and partners

• The information requested from the supplier or partner may include information from the natural or legal person as appropriate. Likewise, it is possible that information may be requested from the employees of the supplier or partner who are dedicated to fulfilling any function or relationship with LASER who, due to the work carried out, require access to the facilities or facilitate the provision of any product or service of LASER or of the companies that are part of its business group.

 

• Carry out the process of linking the supplier or partner with the Organization, generating the development of internal procedures, which are relational, accounting, financial, commercial, logistical, among others.

 

• Manage and verify business, reputational and money laundering and terrorist financing risks, as well as to detect and/or prevent fraud, corruption and other illegal activities, by the supplier or its employees in connection with the operation of LASER.

 

• Manage and strengthen contractual relations with the supplier or partner, allowing greater control over the obligations assumed by the parties.

 

• Review and evaluate the results of the supplier or partner, in order to strengthen the contracting processes within LASER.

 

• Offer and provide products or services through any means or channel in accordance with the profile of the supplier or partner, and in accordance with technological advances.

 

• Carry out commercial, statistical, risk, and market analyses and research based on the results of the supplier or partner.

 

• Perform any type of deep data analysis and feed any type of high-tech system that processes large amounts of data, through the use of artificial intelligence for commercial, statistical, business intelligence or similar uses.

 

c. Applicants and collaborators

The information that LASER collects from applicants or candidates for positions within the organization is processed for the purpose of carrying out the entrance evaluation, the process of linking the applicant, its disciplinary processes, dismissal of the collaborator and other related investigations or actions.

The purpose of the processing of the personal information of our collaborators is to manage the existing employment relations with them, as well as to carry out the different activities established by the organization. Among which we highlight the following:

• Comply with the obligations and rights derived from its activity as an employer, and the activities of its main and related corporate purpose, which may be carried out directly or with the support of third parties with whom your information will be shared for purposes related to the object of the contract.

 

• Share your personal data with national or foreign authorities (judicial or administrative) when the request is based on legal, procedural, and/or tax reasons.

 

• Access and authorization of the benefits established by the employer, according to the requirements defined in each case.

 

• Consultation of your data on the internal control lists, in compliance with national regulations and internal policies associated with the Money Laundering and Terrorist Financing Risk Management System – SARLAFT, as well as compliance with ethics and integrity standards established by LASER.

 

• To provide your information to the employee funds and mutual funds that you have authorized to know about it.

 

• Perform any type of deep data analysis and feed any type of high-tech system that processes large amounts of data, through the use of artificial intelligence for commercial, statistical, business intelligence or similar uses.

 

In the case of former employees, LASER will store, even after the termination of the employment contract, the information necessary to comply with the obligations that may arise by virtue of the employment relationship that existed under Colombian law, or by virtue of the services that may be provided by virtue of the relationship, as well as,  Provide the labor certifications that are requested by the former employee or by third parties against whom he or she carries out a selection process.

d. Shareholders

The information and personal data of the shareholders, including personal information, contact, as well as the information and documentation provided through virtual channels, telephone channel, e-mail and information updates will be collected, consulted, updated, modified and processed directly by LASER and/or by the third parties designated by it, for the following purposes:

 

• To comply with the obligations and rights derived from its capacity as Issuer and Depositor, respectively.

 

• Carry out the activities of integral administration of the shareholders' register book.

 

• Provide information related to procedures, complaints and requests from shareholders.

 

• To give access to the information to the judicial or administrative authorities that request such data in the exercise of their functions.

 

• Manage the risk of Money Laundering and Terrorist Financing and corruption.

 

• The fulfilment of the necessary activities and purposes of the issuer-shareholder relationship.

 

e. Access to buildings, surveillance and security of own and third-party facilities

• Have information on each of the employees, the outsourcing personnel who work at the service of LASER and the visitors who enter the properties of the main headquarters, other facilities of the organization or facilities of relevant third parties.

 

• Control and identify access to the administrative headquarters of the main headquarters.

 

• Maintain security and access control to buildings, points of sale and other facilities.

 

LASER informs all data subjects that the data collected directly at the security points of the administrative headquarters, buildings, branches, points of sale and other facilities, which are provided in documents of the security personnel, and the data obtained from the video recordings that are made inside or outside the LASER facilities,  They are used for the purpose of securing people, property and facilities.

1. DURATION OF DATA PROCESSING

Personal data will be subject to processing by LASER during the contractual term in which the owner of the information has the product, service, contract or relationship, plus the term established by law.

1. RIGHTS OF THE OWNER

 

The owners of the information that is subject to processing by LASER may:

• To know, update, rectify, delete or revoke your personal data and to be informed of the processing that LASER carries out on personal data.

 

• Submit requests and claims related to current regulations on Personal Data Protection.

 

• Request revocation of the authorisation and/or deletion of personal data in the event that it is determined that LASER is behaving contrary to current regulations. The request for deletion or revocation will not proceed when the owners have a legal or contractual duty to remain in the LASER database.

 

In accordance with Article 20 of Decree 1377 of 2013, the exercise of the aforementioned rights may be exercised by the following persons:

• By the owner, who must prove his identity sufficiently by the different means made available to him by the person responsible.

 

• By their successors, who must prove such status.

 

• By the representative and/or representative of the holder, after accreditation of the representation or power of attorney.

 

• By stipulation in favor of another or for another.

 

• The rights of children or adolescents shall be exercised by persons who are authorized to represent them.

 

1. LASER DUTIES:

 

LASER, as the controller of the personal data stored in its databases, undertakes to:

• Guarantee the holder the full and effective exercise of his rights.

 

• Request and keep a copy of the authorization granted by the holder or proof thereof.

 

• Inform the owner about the purposes of the collection, the uses of their personal data and their rights due to the authorization granted.

 

• Keep the information in secure conditions to prevent its adulteration, loss, consultation, use or unauthorized access.

 

• To ensure that the information provided to third parties or data processors is truthful, complete, accurate, up-to-date, verifiable and understandable.

 

• Update the information held by any third party or person in charge of all the news in relation to the data provided and adopt the necessary measures to ensure that the information is updated.

 

• Rectify the information when you become aware that it is incorrect.

 

• Ensure that third parties and/or those in charge of processing the personal information for which LASER is responsible, have effective measures and policies in place to ensure the proper processing of such information. Likewise, it will require them to commit to and apply the provisions of this Personal Data Processing Policy and other guidelines established by LASER or certify that their internal policies at least include the provisions set forth herein. In the event that it is not possible to issue the certification, LASER must corroborate that the internal policies of the third parties and/or processors include security and/or privacy criteria equivalent to or higher than those provided herein. In this sense, third parties and/or processors must adopt security and privacy measures and conditions for personal data, which are shared with them, at least at the same level of protection adopted by LASER.

 

• To process the queries and complaints formulated in accordance with the provisions of this Policy and the law.

 

• Inform the data protection authority when security breaches occur and there are risks in the management of the information of the holders.

 

1. ATTENTION TO QUERIES, COMPLAINTS AND CLAIMS

 

When the owners of the information need to make a query, complaint or claim, they may make use of:

1. Consultations:

 

The owners, their successors or any other person who may have a legitimate interest, may request to be informed about the personal data of the owner that are stored in any LASER database. In accordance with the above, LASER will guarantee the right to consultation, disclosing the personal information linked to the owner.

Inquiries that deal with issues of access to information, proof of authorization granted by the owner, uses and purposes of personal information, or any other query related to the personal information provided by the owner, must be submitted through the channels enabled by LASER.

The query will be answered within a maximum term of ten (10) business days from the date of receipt of the same.

When it is not possible to attend the consultation within the established term, the interested party will be informed, indicating the reasons for the delay and the date on which the consultation will be attended, which will not exceed five (5) business days following the expiration of the first term, in accordance with the provisions of Article 14 of Law 1581 of 2012.

b. Claims:

Correction, updating, deletion and revocation:

The owners, their successors or any other person with a legitimate interest, who considers that the information contained in any of LASER's databases should be subject to correction, updating or deletion or who notice a possible breach of the duties established in Law 1581 of 2012 and its regulatory decrees, may file a claim following the requirements of Article 15 of the same law.

Requirements to file a claim:

• Identification of the owner or the person who is filing the claim, indicating their name and identification number.

 

• Describe the reason for the claim clearly and expressly, where the facts that gave rise to it are established, presenting the documents that you intend to assert.

 

• Prove the legitimate interest with which the person submitting the claim acts and attach, if necessary, the corresponding supports.

 

• Indicate the telephone number, the physical or electronic address to which the response to the request must be notified and forwarded.

 

In any case, if the claim is incomplete, the interested party will be required within five (5) calendar days following receipt of the claim to correct the defects. If two (2) months have elapsed from the date of the request, without the applicant submitting the required information, LASER will understand that the claim has been withdrawn.

When LASER is not the competent entity to resolve the claim filed, it will be communicated to the corresponding party within a maximum period of two (2) current days, and the interested party will be informed of this situation.

In the event that the claim is received in its entirety, a legend that says "in process" and the reason for it will be included in the database, within a period of no more than two (2) current days. This legend will remain until the complaint is resolved and will be adjusted in accordance with internal procedures.

However, the maximum term for dealing with the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend to it within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be resolved, which in no case may exceed eight (8) business days following the expiration of the first term.

The owners, their successors or any other person with a legitimate interest, may file a complaint with the Superintendence of Industry and Commerce, but only once they have exhausted the consultation or claim process before LASER, as responsible and/or any person in charge, in accordance with the provisions of Article 16 of Law 1581 of 2012.

Deletion of information:

In the event of requesting the deletion of all or part of your personal information, you must bear in mind that LASER will analyse the request made. However, the deletion of the information will not proceed in the event that the owner has any legal or contractual duty to remain in the database managed by LASER.

Revocation of authorization:

In the event of requesting the revocation of the authorisation of your personal data, LASER will analyse the request made and will inform the owner if this revocation is appropriate. However, the authorisation will not be revoked if the owner has any legal or contractual duty to remain in the database managed by LASER.

Queries and complaints submitted will be handled in accordance with internal processes and procedures.

1. CHANNELS FOR DEALING WITH QUERIES, COMPLAINTS AND CLAIMS

 

LASER has enabled the following service channels for the owners of personal data to exercise their rights to know, update, rectify and/or delete their personal information.

PHYSICAL OFFICES: the owners of the information may approach the main headquarters of LASER in the administrative office and submit their request within the terms established by law.

TELEPHONE SERVICE: to make a complaint about the handling of personal data, the owners of the information can contact us as follows <<TELEPHONE NUMBER>>

ATTENTION EMAIL: to make a complaint about the handling of personal data, the owners of the information can contact the following email: <<EMAIL>>

1. TRANSFER AND TRANSMISSION OF PERSONAL DATA

 

Eventually, LASER, as responsible for the personal information stored in its databases and in the development of the purposes described in this document, may carry out national or international data transfer or transmission.

LASER is committed to verifying the level of protection and security standards of the country receiving the personal information, making the declaration of conformity (when applicable) and signing a transfer contract or other legal instrument that guarantees the protection of the personal data subject to transfer.

By virtue of this exchange relationship, LASER has adopted various guidelines for the relationship with third parties, in order to protect the information that is the object of this activity.

In order to protect the information, LASER will verify whether the Superintendence of Industry and Commerce has included the respective country in the list of countries that offer an adequate level of data protection or will review the regulations in force in the country receiving the information, to determine if the ideal conditions are in place to guarantee adequate levels of security for the information subject to transmission or transfer.

1. RELATIONSHIP WITH THIRD PARTIES AND PROCESSORS

 

In the development of this Policy and the internal provisions for the proper handling of personal data, LASER will ensure that the third parties with which it is linked or with whom it establishes commercial, labor or alliance relationships, adapt their conduct to the personal data protection regime in Colombia.

In view of the above, LASER, without prejudice to all the documentation, forms and means provided for the request for authorization for processing, privacy notices, registrations and contractual and/or legal coverage, may request from third parties and/or processors suitable and pertinent information to verify and observe compliance with the provisions contained in this policy and in the personal data protection regime in Colombia.

In this sense, LASER may request third parties and/or processors to accredit before, during or after the relationship that binds them, compliance with the requirements of the personal data protection regime. In such a way that a review and supervision may be requested, eventually or periodically, of compliance with legal and/or contractual requirements, through evidence or support of the management carried out, visits to the facilities of the third party, among other activities that may be coordinated to validate compliance.

1. COOKIES

 

In order to improve its service on the website and digital applications, LASER uses its own and third-party cookies in order to optimize the experience of our customers and users, monitor statistical information, present content and advertising related to the preferences of users when they browse our website, platforms and/or technological and/or digital applications.

The information collected through cookies is encrypted and will not be used to identify and/or disclose user information.

1. VIDEO SURVEILLANCE

 

The Company uses various means of video surveillance installed in different internal and external sites of its facilities, offices, production plants, points of sale, etc. Because of this, it informs the general public about the existence of these mechanisms by disseminating video surveillance advertisements on visible sites.

 

The information collected through this mechanism is used for security purposes, improvement of our service and the experience at the Company's facilities, as well as as evidence in any type of process before any type of authority or organization.

 

The Company does not deliver video recordings obtained to any third party, except by court order or competent authority or as permitted by law.

 

1. COMPLEMENTARY POLICIES AND GUIDELINES

 

By virtue of this policy, LASER may develop policies on specific aspects (for example, cookies policy), as well as guidelines, guidelines and circulars aimed at their implementation, provided that they are consistent with the regulatory framework and this policy.

 

This policy may be modified at any time in order to adapt it to new practices that develop or to new legislation or jurisprudence in the matter.

 

Any update will be made available to the owners of the personal information through a request to email XXX  [AC1] or in any other means that is considered relevant, indicating the effective date of the corresponding modification or update, as the case may be.

 

1. VALIDITY

 

This policycomes  into force on May 6, 2025.

 

SONIA VILLAMIZAR ANGULO

LEGAL REPRESENTATIVE

LASER S.A.S.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​