PERSONAL DATA POLICY
SAASXCHANGE, LLC
The following is the Personal Data Policy of SAASXCHANGE, LLC. 1. GENERAL PROVISIONS
1.1. Purpose
The purpose of this Personal Data Policy is to ensure proper compliance with the applicable rules regarding the protection of personal data and to inform on the use that SAASXCHANGE, LLC gives to the information provided by the Data Subjects, and to inform about the procedures and mechanisms to handle the Personal Data collected for the purposes foreseen with the previous authorization.
1.2. Scope of application
This Personal Data Policy is applicable to the processing of personal data recorded in any database that makes them susceptible to processing by SAASXCHANGE, LLC.
1.3. Definitions
a. Authorization: Prior, express, and informed consent of the Data Subject to carry out the processing of their Personal Data.
b. Database: Organized set of Personal Data that is subject to processing. It may be automated or physical according to its form of processing or storage.
c. Data Controller: Natural or legal person, public or private, that by itself or in association with others, decides on the Database and/or the Treatment of the data.
d. Data Processor: Natural or legal person, public or private, who by itself or in association with others, carries out the processing of Personal Data on behalf of the Data Controller.
e. Data Subject: Natural person whose Personal Data is the object of Treatment.
f. Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons.
g. Private Data: That which, due to its intimate or reserved nature, is only relevant to the Data Subject.
h. Products: Refers to goods or services.
i. Public Data: Data that is not Semi-Private, Private or Sensitive. Public Data are considered, among others, the data related to the marital status of individuals, their profession or trade, and their status as merchant or public servant. Due to their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality.
j. Sensitive Data: Data that affects the privacy of the Data Subject or whose improper use may generate discrimination, including but not limited to data revealing racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data.
k. Transfer: The Transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.
l. Transmission: Treatment of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia when its purpose is the performance of a Treatment by the Processor on behalf of the Controller.
m. Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation, or deletion.
1.4. Guiding Principles applicable to the Treatment of Personal Data In order to ensure the Treatment of Personal Data carried out by SAASXCHANGE, LLC as Controller and/or Data Processor, the following principles shall apply:
a. Legality: The Treatment performed by SAASXCHANGE, LLC on Personal Data will be subject to the provisions of applicable rules.
b. Purpose: The Treatment carried out by SAASXCHANGE, LLC will obey a legitimate purpose in accordance with the Constitution and the law, which will be informed to the Data Subject.
c. Freedom: Treatment may only be carried out with the prior, express, and informed consent of the Data Subject. Personal Data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves the consent.
d. Truthfulness or Quality: The information subject to Treatment must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned, or misleading data is prohibited.
e. Transparency: The right of the Data Subject to obtain from SAASXCHANGE, LLC as Controller and/or Processor, at any time and without restrictions, information about the existence of data concerning them, shall be guaranteed in the Treatment.
f. Access and Restricted Circulation: The Treatment is subject to the limits derived from the nature of the Personal Data. In this sense, the Treatment may only be carried out by persons authorized by the Data Subject or by the persons authorized by applicable law.
g. Security: The information subject to Treatment by SAASXCHANGE, LLC as Data Controller and/or Data Processor, shall be handled with the technical, human, and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
h. Confidentiality: All persons involved in the Processing of Personal Data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that comprise the Treatment and may only provide or communicate Personal Data when it corresponds to the development of the activities authorized by law.
2. TREATMENT TO WHICH PERSONAL DATA AND COMMERCIAL INFORMATION WILL BE SUBJECTED AND ITS PURPOSE
Personal Data will be collected, stored, transmitted, transferred, processed, and used for all those aspects inherent to the Products offered by SAASXCHANGE, LLC, and the execution of contracts with customers and users, therefore, they will be used for the following purposes:
a. To fulfill the obligations contracted by SAASXCHANGE, LLC with its Users and Customers.
b. To send information about the Products offered by SAASXCHANGE, LLC.
c. To send information about changes in the conditions of the Products offered by SAASXCHANGE, LLC.
d. Send to the physical mail, email, cell phone or mobile device, via text messages (SMS and/or MMS) or through any other analog and/or digital means of communication created or to be created, commercial, advertising or promotional information about the Products of SAASXCHANGE, LLC, events and/or promotions of commercial or non-commercial nature of these, in order to promote, invite, direct, execute, inform and generally carry out campaigns, promotions or contests of commercial or advertising nature, advanced by SAASXCHANGE, LLC and/or by third parties.
e. To treat the data of SAASXCHANGE, LLC Users and Customers provided by third parties for the purposes stated herein.
f. To transfer or transmit the Personal Data to third parties in Colombia and abroad for free or onerous title for commercial use, especially to SAASXCHANGE, LLC's clients for the management of their campaigns.
g. To transfer or transmit the personal data of Users and Customers of SAASXCHANGE, LLC, to Data Processors in Colombia and abroad when it is necessary for the execution of contracts with customers by SAASXCHANGE, LLC.
h. To elaborate analytical studies that include any details related to the Products offered by SAASXCHANGE, LLC in order to share them with partners linked to SAASXCHANGE, LLC's business.
i. To strengthen relationships with its customers and suppliers, by sending relevant information and evaluation of the quality of SAASXCHANGE, LLC's Products.
j. For the determination of outstanding obligations, the consultation of financial information and credit history and the reporting to information centers of unfulfilled obligations, with respect to its debtors.
k. To control access to the offices of SAASXCHANGE, LLC, and to establish security measures, including the establishment of video-monitored areas.
l. To respond to inquiries, requests, complaints and claims that are made by the Data Subjects and transmit the Personal Data to control agencies and other authorities that under the applicable law must receive the Personal Data.
m. To register the Personal Data in the information systems of SAASXCHANGE, LLC and in its commercial and operational databases.
n. To provide, share, send or deliver your personal data to parent companies, subsidiaries, affiliates, related or subordinate companies of SAASXCHANGE, LLC located in Colombia or abroad in the event that such companies require the information for the purposes indicated herein.
o. For other purposes necessary to comply with the contracts signed with Users and Customers of SAASXCHANGE, LLC.
3. RIGHTS OF DATA SUBJECTS
Personal data Data Subjects have the right to:
a. Know, update, and rectify their personal data against the Data Controllers or Data Processors. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized.
b. Request proof of the authorization granted.
c. To be informed by the Data Controller or the Data Processor, upon request, regarding the use made of their personal data.
d. File complaints with the competent authorities for violations of the provisions of applicable laws.
e. Revoke the authorization and/or request the deletion of the data when the Treatment does not respect the principles, rights and constitutional and legal guarantees.
f. Free of charge Access to their personal data that has been subject to Treatment.
4. PROCEDURE FOR THE DATA SUBJECTS OF THE INFORMATION TO EXERCISE THEIR RIGHTS TO KNOW, UPDATE, RECTIFY AND DELETE INFORMATION AND REVOKE THE AUTHORIZATION.
4.1. Inquiries
SAASXCHANGE, LLC has the e-mail sxc@saasxc.com so the Data Subject, their assignees, their representatives and proxies, and representatives of minor holders, can make inquiries regarding what personal data of the holder is held in the databases of SAASXCHANGE, LLC.
4.1.1. The person responsible for answering the query, will respond to the applicant as long as they have the right to do so because they are the Data Subject of the personal data, their assignee, attorney-in-fact, representative, or is the legal responsible in the case of minors. This response will be sent within ten (10) business days from the date on which the request was received by SAASXCHANGE, LLC.
4.1.2. If the request cannot be fulfilled within ten (10) business days, the applicant will be contacted to communicate the reasons why the status of the request is being processed. For this purpose, the same or a similar means to the one used by the Holder to communicate his request shall be used.
4.1.3. The final response to all requests will not take more than fifteen (15) working days from the date on which the initial request was received by SAASXCHANGE, LLC to the email sxc@saasxc.com.
4.2. Claims
SAASXCHANGE, LLC has the email sxc@saasxc.com so the Holder, their assignees, their representatives and attorneys, and representatives of minor Holders, can make claims regarding (i) personal data processed by the company that should be corrected, updated, or deleted, or (ii) the alleged breach of the applicable rules on the subject.
4.2.1. The claim must be submitted by the Holder, its assignees or representatives or accredited in accordance with the e-mail sxc@saasxc.com and must contain the following information:
a. Name and identification document of the Holder.
b. A description of the facts that give rise to the claim and the objective pursued (update, correction or deletion, or fulfillment of duties).
c. The address and contact and identification data of the claimant.
d. Accompanied by all the documentation that the claimant wishes to assert. SAASXCHANGE, LLC before attending the claim will verify the identity of the Data Subject of the personal data, its representative or proxy, or the accreditation that there was a stipulation by or for another. For this purpose, it may require the original identification document of the Data Subject, and the special or general powers of attorney or documents required as the case may be.
4.2.2. If the claim or additional documentation is incomplete, SAASXCHANGE, LLC will require the claimant only once within five (5) days after receipt of the claim to correct the faults. If the claimant does not submit the required documentation and information within two (2) months from the date of the initial claim, it will be understood that the claim has been withdrawn.
4.2.3. If for any reason the person who receives the claim is not competent to resolve it, the General Management shall forward it within two (2) working days after receiving the claim and shall inform the claimant of such referral.
4.2.4. Upon receipt of the claim with complete documentation, a legend will be included in the database of SAASXCHANGE, LLC where the data of the Holder subject to claim is located, that says, "claim in process" and the reason for it, within a period not exceeding two (2) working days. This legend shall be maintained until the claim is decided.
4.2.5. The maximum term to address the claim shall be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such term, the interested party will be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
The personal data collected, stored, transmitted, transferred, processed, and used will remain in SAASXCHANGE, LLC's database, based on the criteria of temporality and necessity, for as long as necessary for the purposes mentioned in this Policy, for which they were collected.
SAASXCHANGE, LLC
