Política de protección de datos

Data Protection Policy

1. CONTENT

The companies that make up the Marval Group, their associates or associates, hereinafter MARVAL, in compliance with Law 1581 of 2012, and its Regulatory Decree 1377 of 2013, which enacts general provisions for the Protection of Personal Data, as well as those regulations that regulate or modify it, through this document they adopt the guidelines that govern the collection, processing, storage, use, transmission, transfer, circulation, deletion, and other activities related to the management of Personal Data of customers and other Data Controllers.
‍

1.1. INFORMATION FROM THE DATA CONTROLLER 1.2 DEFINITIONS

This policy, on an individual and non-joint basis, is adopted by the following companies and companies of which they belong:

MARVAL S.A.S. NIT: 890205645-0
CONSTRUCCIONES MARVAL S.A. NIT: 890211777-9
URBANIZADORA MARIN VALENCIA S.A. NIT: 830012053-3
Home Address: Carrera 29 No. 45-45 Office 1801. Bucaramanga, Santander
Email: protecciondatos@marval.com.co Customer service lines and PQR registration form posted at www.marval.com.co.

1.2 DEFINITIONS

Authorization: Prior, express and informed consent of the Owner to bring I carry out the Processing of Personal Data by the Data Controller.
Privacy Notice: Physical document, format generated by the Data Controller that is made available to the Owner for the processing of their Personal Data. The Privacy Notice communicates to the Owner information regarding the existence of information processing policies that will apply to you, how to access the same and the purpose of the treatment that is intended to be given to Personal Data.
Database: Organized set of Personal Data that is subject to processing.
Customer: Natural or legal person linked to purchase a product offered by MARVAL at any of its stages (pre-contractual, contractual and post-contractual).
Personal Data: Any information linked to or that can be associated with one or more specific or determinable natural persons.
Public Data: Data relating to the civil status of individuals, their profession and profession and their capacity as a merchant or public servant. By its nature, Public Data may be contained, among others, in public records, public documents, official gazettes and gazettes, and duly enforceable court judgments that are not subject to reservation.
Sensitive Data: Data that affects the Owner's privacy or whose misuse may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social or human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data.
Data Processor: Natural or legal person, public or private, who, on their own or in association with others, carries out the Processing of Personal Data on behalf of Responsible for the Treatment.
Electronic Medium: Mechanism, installation, equipment or system that makes it possible to produce, store or transmit documents, data and information, through networks of open or restricted communication such as the Internet, fixed and mobile telephony or others.
Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the Treatment of data.
Third: Any person other than MARVAL who is not defined as a supplier, contractor, customer, direct worker, temporary worker or practitioner.
Temporary: Natural person linked to MARVAL to maintain an employment relationship through a temporary services company.
Owner: Natural person whose Personal Data is subject to Treatment.
Direct Worker: Natural person linked to MARVAL to maintain a direct employment relationship.
Transfer: The Transfer of data takes place when the person responsible and/or person in charge of the Processing of Personal Data, located in Colombia, sends the information or Personal Data to a recipient, who in turn is Responsible for the Treatment and is located inside or outside the country.
Transmission: Processing of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia when you are purpose of carrying out a Treatment by the Processor on behalf of the Responsible.
Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
Practitioner: Natural person linked to MARVAL to maintain an employment relationship through an apprenticeship contract.
Provider/Contractor: Natural or legal person linked to MARVAL for the supply of a material or immaterial good.
‍

1.3. AUTHORIZATION OF PERSONAL DATA

When authorization is required from the Data Controller for the processing of your Personal Data, MARVAL:

You will inform the Data Controller about the purpose of such treatment and will obtain your express and informed consent in advance.
Authorization will be obtained prior to the processing of Personal Data and, in any case, at the latest at the time of the initial collection of such information.
Authorization may be given in accordance with the law, through any means that allows its proper conservation, as well as subsequent consultation.
It will implement mechanisms that allow it to have at the disposal of the Data Subjects the information of their Personal Data, the purposes for which they have been processed and the treatment that will be given to them.

MARVAL, has provided that whenever Personal Data is provided by a third party, that third party must have the express written authorization - legal business of the mandate or legal representation - of the Data Controller that allows him to share information with the Entity or be protected by law to do so. In view of the special protection that must be given to the Personal Data of minors, MARVAL may only process the data collected with the authorization of its legal representative and provided that it is not violated or placed in at any risk of their fundamental rights, the protection of their interests and their integral harmonious development is sought. Additionally, in events where children's rights are exercised by a third party, MARVAL will verify that that third party is authorized in accordance with Law 1581 of 2012 and Regulatory Decree 1377 of 2013.
With regard to the information compiled and corresponding to Sensitive Data, MARVAL undertakes to:

Inform the Data Controller about the sensitive nature of the data it provides and about the possibility he has of providing such information or not.
Do not condition the existence and maintenance of your relationship with the Data Controller on the provision of Sensitive Data by the latter, unless such data must in fact be obtained because they are indispensable for the existence and/or proper maintenance of the relationship or for the fulfillment of the duties carried out by MARVAL.

In the same way, they will continue to be vigilant against the Personal Data found in their files and databases so that they are treated in conditions of security and confidentiality by all employees, collaborators, suppliers and contractors authorized to access them, in carrying out their activities with MARVAL.MARVAL will inform the competent authorities in the terms established by law of the relevant situations relating to the administration of the Personal Data that are being processed and in this same order, will keep the files or databases containing Personal Data for the period regulated by current regulations. Marval will incorporate mechanisms into its processes so that the Personal Data Subjects to whom it will process can know, update, rectify and delete their Personal Data, as well as to revoke the authorization granted for its use as dictated by current legislation and provided that it does not violate a legal or contractual duty. Likewise, the procedures envisaged will provide for the disclosure of this policy and its modifications in an appropriate and timely manner.
‍

1.4. PROCESSING AND PURPOSE OF PERSONAL DATA

MARVAL will obtain, use and be able to carry out monitoring activities on the Personal Data that are required for the development of its corporate purpose, for the security of people, property and information, to comply with its legal duties and to properly attend to the relationship they establish with the Data Subject; in such a way that it will avoid requesting information other than those purposes.
The data obtained will be used for the purposes indicated in this Policy:
‍

1.4.1. PERSONAL DATA OF THIRD PARTIES

Make invitations to events and offer new products and services through physical, telephone and/or electronic means through the Sales and Processing area of MARVAL and/or suppliers with whom it has a contractual link for the development and execution of these activities, when authorized by the Data Subject.
Manage procedures (Requests, complaints, claims) through physical, telephone and/or electronic means, when authorized by the Data Subject.
Develop recruitment, evaluation and personnel selection processes for current MARVAL vacancies through MARVAL's human management area and/or suppliers with whom it has a contractual link for the development and execution of these processes, when authorized by the Data Subject.
‍

1.4.2. PERSONAL CUSTOMER DATA

Carry out the necessary steps for the development of the company's corporate purpose with regard to our business relations at any stage, prior to, during or after, through physical, telephone and/or electronic means (Billing process, sending account statements, application management and follow-up to construction credit, collection, deeds or others) and provide the data to suppliers with whom MARVAL has a contractual relationship for such procedures, contacting the Owner through the following channels of contact: email; sms; WhatsApp; phone calls and the like.
Make invitations to events and offer new products and services through physical, telephone and/or electronic means.
Manage procedures (Requests, complaints, claims) through physical, telephone and/or electronic means.
Contact the Owner through physical, telephone and/or electronic means to update and/or confirm personal data necessary for the execution of the contractual relationship, through the commercial force of MARVAL and/or suppliers with whom MARVAL has a contractual relationship for the development and execution of activities of this type.
Contact the Owner through physical, telephone and/or electronic means to carry out surveys, studies and/or market research, send news, develop loyalty or service improvement campaigns, provide vouchers and referral programs, through MARVAL's sales force and/or suppliers with whom MARVAL has a contractual relationship for the development and execution of activities of this type.
Contact the Owner through physical, telephone and/or electronic means, in case or through an intermediary person with whom MARVAL has established a contractual relationship, for portfolio management and management of credit applications and bookkeeping.
Consult and/or verify your information on National and International checklists related to Money Laundering and Terrorist Financing, illegal activities or situations regulated by the Colombian Criminal Code.
Consult and report to information and risk centers.
To comply with contractual obligations, so the information may be transferred to third parties, such as financial institutions, notaries, OFAC and terrorist lists, lawyers, etc.
Transmit personal data to suppliers with whom MARVAL has signed a contract for the processing and/or transmission of data and its delivery is necessary for the fulfillment of the contractual object.
Transmit personal data to the financial institutions with which MARVAL has a relationship so that they can contact, advise and offer credit for the purchase of the property.
Study digital behavior (social networks, websites, applications), to carry out comprehensive advice on products and services, and to draw up a profile of consumer interests and habits.
‍

PERSONAL DATA OF SUPPLIERS AND CONTRACTORS

Carry out the appropriate steps for the development of the company's corporate purpose with regard to the fulfillment of the object of the contract concluded with the Data Controller.
Carry out processes for inviting, selecting, linking and evaluating the performance of suppliers and contractors for the supply of goods and/or services required by MARVAL.
Contact the Owners through physical, telephone and/or electronic means for advertising purposes and production cost studies through the MARVAL Purchasing area and/or suppliers with whom MARVAL has a contractual relationship for the development and execution of activities of this type.
Contact the Owner through physical, telephone and/or electronic means to update and/or confirm personal data necessary for the execution of the contractual relationship, through the MARVAL Purchasing area and/or suppliers with whom MARVAL has a contractual relationship for the development and execution of activities of this type.
Carry out the different payment processes for invoices and collection accounts submitted to MARVAL and manage collections that are in charge of it.
Consult and report to the different information and risk centers.
Consult, verify and report your information on National and International checklists related to Money Laundering and Terrorist Financing, illegal activities or situations regulated by the Colombian criminal code.
Send information by physical, telephone and/or electronic means, about events and other information of interest to maintain your relationship as a supplier or contractor related to MARVAL.
Use the personal data of the supplier, contractor and/or their workers in order to establish access controls to the logical or physical infrastructure of MARVAL and/or suppliers with whom MARVAL has a contractual relationship for the development and execution of activities of this type.
Use the personal data of the supplier, contractor and/or their workers for the purpose of carrying out productivity analyses and controls by MARVAL and/or suppliers with whom MARVAL has a contractual relationship for the development and execution of activities of this type.

PERSONAL DATA OF DIRECT, TEMPORARY AND TRAINEE WORKERS

The development of their main corporate purpose and of the employment, contractual relationship that binds us, which implies the exercise of their rights and duties within which, without limitation, the processing of personal data under the concluded employment contract. The personal data to be collected will be those necessary for the effective development of the employment contract.
Develop recruitment, evaluation and personnel selection processes for current MARVAL vacancies through MARVAL's human management area and/or suppliers with whom it has a contractual link for the development and execution of these processes.
Consult state information systems and regulatory bodies for legal and disciplinary background checks.
Validate information concerning employee employment data at the request of companies for credit or other authorization, after verifying the source and using data for the sole purpose of verifying but not providing information.
Validate work references at the request of third parties after verifying the source and using data for the sole purpose of verifying but not providing information.
Support internal and external auditing processes and/or requirements of competent authorities in the monitoring of labor and/or legal regulatory compliance.
Offer corporate welfare programs and plan business activities for the Owner and their beneficiaries (children, spouse, permanent partner) through the channels or means established by MARVAL for that purpose or purpose.
Consult and/or verify your information on National and International checklists related to Money Laundering and Terrorist Financing, illegal activities or situations regulated by the Colombian criminal code.
Transmit Personal Data to suppliers with whom MARVAL has signed a contract for the processing and/or transmission of data and its delivery is necessary for the fulfillment of the contractual object.
Use your curriculum as part of the structuring and presentation of MARVAL offers, tenders and/or proposals to prove the professional suitability and experience of the work team.
‍

PERSONAL DATA FOR ALL OF THE ABOVE GROUPS

For the control and preservation of the security of people, property and information, using video surveillance/CCTV systems, during the stay of the Data Subject at the MARVAL facilities. This authorization includes the use of images captured from its facilities or through cameras and equipment owned and/or contracted by MARVAL for institutional and advertising purposes.
Report substantial changes in MARVAL's information processing policies.
To defend MARVAL in legal proceedings brought against her.
Send commercial information about products and/or services through the channels or means established by MARVAL for that purpose or purpose.
‍

RIGHTS OF THE DATA SUBJECT

 In accordance with the provisions of Article 8 of Law 1581 of 2012 and Regulatory Decree 1377 of 2013, to the extent applicable in accordance with Law 1266 of 2008 and other applicable regulations, the Personal Data Subject has the following rights:

Free access to the data provided that has been the subject of treatment.
Know, update and rectify your information in the face of partial, inaccurate, incomplete, fractional, misleading, or data whose processing is prohibited or has not been authorized.
Request proof of the authorization granted.
Submit complaints to the Superintendency of Industry and Commerce (SIC) for violations of the provisions of current regulations.
Revoke the authorization and/or request the deletion of the data, provided that there is no legal or contractual duty that prevents them from being deleted.
Refrain from answering questions about Sensitive Data. Answers that relate to sensitive data or to data on children and adolescents will be optional.
‍

ATTENTION TO REQUESTS, COMPLAINTS AND/OR CLAIMS 

To meet requirements related to the processing of personal data and the exercise of the rights mentioned in this policy, MARVAL has provided the following channels:

Personalized service and mailing from Monday to Friday from 7:30 a.m. to 12:30 p.m. and from 1:30 p.m. to 6:00 p.m. at: 
—Bucaramanga: Carrera 29 No. 45 — 45 Floor 18 Metropolitan Building. 
-Bogota: Avenida El Dorado No. 69 A — 51 Tower B Floor 4 Ed. Capital Center. 
-Barranquilla: Carrera 57 No. 99 A -65 Floor 17 Torres del Atlántico. 
-Cali: Carrera 100 No. 11 — 60 Local 209 Holguines Shopping Center. 
-Cartagena: La Matuna Sector 11th Floor Building Concasa Centro.
Email: protecciondatos@marval.com.co.
Customer service lines and PQR registration form posted at www.marval.com.co.
‍

MARVAL states that the procedures will be adjusted in such a way that the Requests, Complaints and/or Claims -PQR- of the Holders are addressed in a clear, precise, simple, substantive and timely manner, and in any case, in a term that cannot exceed that provided for in current regulations.
‍

1.7.PROCEDURE FOR THE EXERCISE OF THE RIGHT TO HABEAS DATA

In compliance with the regulations on the protection of personal data, MARVAL has defined the following procedure and minimum requirements for the exercise of its rights:
To file and fulfill your request, the Owner of the personal data or, failing that, a representative authorized by the Owner must provide the following information:

Name of the company to which you are sending the request.
Full name and last name.
Contact details (Physical and/or electronic address and contact numbers).
Means to receive a response to your request.
Reason (s) /fact (s) that give rise to the complaint with a brief description of the right you wish to exercise (to know, update, rectify, request proof of the authorization granted, revoke it in whole or in part, delete, access the information).
Signature (if applicable) and identification number.

The maximum period provided by law for resolving your claim is fifteen (15) business days, counting from the day following the date of receipt. When it is not possible to respond to the claim within that period, MARVAL will inform the interested party of the reasons for the delay and the date on which their claim will be dealt with, which in no case may exceed eight (8) business days following the expiration of the first term. Once the terms indicated by Law 1581 of 2012 and the other regulations that regulate or supplement it have been fulfilled, the Owner who is denied, in whole or in part, the exercise of the rights of access, update, rectification, deletion and revocation may bring their case to the attention of the Superintendency of Industry and Commerce - Delegation for the Protection of Personal Data.
‍

1.8. EXISTENCE PERIOD OF THE AUTHORIZATION 

This Policy for the Processing of Personal Data is effective as of its publication.
The databases in which personal data will be recorded will be valid for as long as the information is kept and used for the purposes described in this policy. Once those purpose (s) are fulfilled and whenever there is no legal or contractual duty to keep your information, your data will be deleted from our databases. The Owner of the personal data can revoke consent to the processing of your personal data at any time, as long as this is not prevented by a legal or contractual provision or no product or service derived from the relationship between the Owner and MARVAL is not in force.
‍

COMPLIANCE OFFICER

Management of the areas involved (Marketing, Sales, Processing and Portfolio, Human Management, Purchasing), National Management Systems Directorate and Information Security Officer.