Keybe is committed to protecting the privacy of the people who visit the Company’s websites (“Visitor(s)”, “You,” and the derived adjective “Your”), the people who register to use the Service as defined below (“Clients”), and the people who register who attend the Company’s corporate events (“Attendees”). This Privacy Statement describes Keybe’s privacy practices with respect to its websites and related services and applications offered by Keybe (collectively, the “Service”).
If you have questions or complaints regarding Keybe’s Privacy Statement or Practices, please contact us at [email protected].
2. Covered websites
Keybe has established this Privacy Statement to help you understand how Keybe collects and uses personally identifiable information. This Privacy Statement covers the information practices of websites that link to this Privacy Agreement, including but not limited to https://keybe.us.
Keybe’s websites may contain links to other websites. Keybe is not responsible for the information practices or the content of such websites. The Company encourages you to review the privacy statements of other websites to understand their information practices.
3. Information collected by Keybe
Keybe collects information from visitors. This information is collected in accordance with this Privacy Statement, from sources including, but not limited to, content syndication, website registration forms, webinar, and conference registration forms.
Personal information you provide to us. Keybe collects information from visitors to Keybe’s websites and customers of the service. Keybe receives and stores any information entered when you express interest in obtaining more information about the Service or register to use the Service.
“Personal Information" is described below:
Contact Information: email addresses, phone numbers, physical, numeric, or metaverse addresses.
Public Web Data
Personal information is collected automatically. By agreeing to the "Privacy Agreement" through the "Covered websites", an "Individual" as a visitor, agrees that Keybe may collect, store, manage, enhance and use their "Personal Information" for marketing, legal and financial purposes. Keybe may also automatically collect information using commonly used information collection tools such as cookies and web beacons.
Keybe has policies and principles of "good behavior". Our culture and purpose always put the "Individual" first, with integrity, safety and security.
4. Other third-party tracking
Keybe contracts with third parties, who use web beacons, images, and scripts, to help better manage the content on Keybe’s websites. Keybe does not provide personal information to third parties, but may link information collected from third-party tracking to personal information of visitors for marketing purposes.
For websites, Keybe uses session-based cookies. Session cookies exist only during a session. They disappear from the Vis
Most browsers have an option to disable cookies, which will prevent the browser from accepting new cookies, as well as (depending on the sophistication of the browser software) allowing the visitor to decide on the acceptance of each new cookie in various ways.
6. DATA CONTROLLER:
Company Name: KEYBE AI CORP
55 RIVERWALK PLACE INT 749
WEST NEW YORK NJ 07093-0709
Email: [email protected]
7. OBJECTIVE AND SCOPE:
At Keybe we recognize the importance of the security, privacy, and confidentiality of the personal information of our clients, workers, suppliers, and the people who use our identity services, who provide us with information through various enabled channels (including websites, applications, API’s, physical documents, among others) and we are committed to the protection and adequate treatment of them, in accordance with the legal regime for the protection of personal data applicable to each country where we operate.
For KEYBE it is necessary to collect certain personal data to carry out the activities intrinsic to its commercial line of business. KEYBE has a legal and social obligation to implement adequate security measures to protect the personal data it has collected for the purposes specified in this Privacy and Personal Data Protection Agreement (“Policy”).
Therefore, the objective of this Policy is to communicate to our clients, workers, suppliers, users of the Website and, in general, to the owners of personal information (data subjects), the type of data, the purposes of the Treatment to make possible the provision of our service, the protection and rights that assist you as the data subject of the information and the procedures to exercise them.
In general, all the information and data that you provide us, or that we otherwise collect in the context, by any means or by reason of the ordinary course of your commercial activities, will be used by KEYBE in accordance with the Regulation (UE) 2016/679 (“GDPR”) and Law 1581 of 2012. The foregoing means that any form of processing of your personal data carried out by KEYBE will uphold the principles of legality, equity, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity and confidentiality.
8. DEFINITIONS AND CONCEPTS:
For the interpretation of this Policy, we ask you to take into account the following definitions:
- Authorization: prior, express and informed consent of the Data Subject to carry out the processing of personal data.
- Database: organized set of personal data that is subject to Treatment.
- Consent: it is a manifestation of the informed, free, and unequivocal will, through which the data subject of the personal data accepts that a third party uses their information.
- Queries: the Data Subjects or their successors in title may consult the Data Subject’s personal information that resides in any database, be it the public or private sector. The Data Controller or Data Processor must provide them with all the information contained in the individual record or that is linked to the identification of the Data Subject.
- Personal Data: refers to any information associated with an identified or identifiable natural person, relative to their identity, as well as their existence and occupations.
- Public Data: it is the data classified as such by the Constitution or the Law and all that is not semi-private or private, in accordance with this law. The data contained in public documents, gazettes and judicial bulletins, duly executed judicial decisions that are not subject to reserve, and those related to the civil status of people are public, among others.
- Semi-private data: The data that is not intimate, reserved, or public in nature, and which knowledge or disclosure may interest not only the data subject but also a certain sector or group of people or society in general is semi-private, such as financial and credit data of commercial activity or services.
- Private Data: It is the data that due to its intimate or reserved nature is only relevant to the data subject.
- Sensitive Data: For the purposes of this policy, sensitive data is understood to be anything that affects the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social or human rights organizations or that promote the interests of any political party or that guarantees the rights and warranties of opposition political parties as well as data related to health, sexual life, biometric data, passwords and financial data.
- Data Processor: Natural or legal person, public or private, that by themselves or in association with others, carries out the Treatment of personal data on behalf of the Data Controller.
- Habeas Data: It is the right that every owner of information (data subject) has to know, update, rectify or oppose the information concerning their personal data
- Data Processing Policy, or Policy: refers to this document as the personal data processing policy applied by the Company in accordance with the guidelines of current legislation on the matter.
- Provider: any natural or legal person that provides a service to the Company by virtue of a contractual or mandatory relationship.
- Claim: the Data Subject or his successors in title who consider that the information contained in a database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in this law, they may file a claim before the Data Controller or the Data Processor.
- Data Controller: natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the processing of personal data.
- Treatment: any physical or automated operation or procedures that allow to capture, record, reproduce, conserve, organize, modify, and/or transmit personal data.
- Data Subject: is the natural person whose personal data is being processed by a third party, be it a client, supplier, employee, or any third party who, due to a legal or commercial relationship, provides personal data to the Company.
- Transmission: refers to the communication of personal data by the Responsible Party to the Manager, located within or outside the national territory, so that the Manager, on behalf of the Responsible Party, treats personal data.
- reatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.
To understand the terms that are not included in the previous list, you must refer to current legislation, especially Law 1581 of 2012 and chapters 25 and 26 of Decree 1074 of 2015 and Regulation (EU) 2016 / 679 (“GDPR”), giving the meaning used in said standards to the terms whose definition there is doubt.
9. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
At KEYBE we are committed to complying with the principles that govern the processing of personal data of our stakeholders and, in general, of any natural person whose personal data is in our databases and/or files, guaranteeing the application of the general principles for the treatment of this type of data, which are indicated below:
- Principle of Legality. The processing of personal data is a regulated activity and must obey a legitimate purpose, for which KEYBE will compulsorily comply with the provisions of Law 1581 and the other provisions that develop it.
- Principle of Purpose. KEYBE will treat personal data always obeying a legitimate purpose which will be previously informed to the data subject.
- Principle of Freedom. KEYBE will only process personal data when it has the prior, express and informed consent of the data subject. The Data Subject may, in any case, refuse the processing of their sensitive data.
- Principle of Veracity or Quality. The personal data processed by KEYBE must be truthful, complete, exact, updated, verifiable and understandable
- Principle of Transparency. KEYBE, will guarantee the owner of the personal data (data subject), at any time and without restrictions, to obtain information about the existence of data that concerns them.
- Principle of Access and Restricted Circulation. KEYBE, undertakes that the processing of personal data will be carried out by entities authorized by the data subject and/or by the persons provided for in Law 1581 of 2012. Personal data may not be available on the internet or other means of disclosure or massive communication, unless the access is technically controllable to provide restricted knowledge only to the data subjects or authorized third parties.
- Principle of Security. The information subject to treatment by KEYBE, will be handled with the technical, human and administrative measures necessary to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
- Principle of Confidentiality. KEYBE, undertakes that the people who intervene in the processing of personal data that are not public in nature will be obliged to guarantee the reserving of the information, even after the end of their relationship with any of the tasks that comprise the treatment, being able to only supply or communicate personal data when this corresponds to the development of authorized activities.
- Principle of Demonstrated Responsibility (Accountability). One that is based on the approach of recognition and commitment of organizations in order to increase the standards of protection to ensure and guarantee people an adequate treatment of their personal data. This principle entails an obligation for KEYBE to be accountable for its activities regarding the protection of personal data, accept responsibility for them and disclose the results in a transparent manner.
10.DUTIES OF KEYBE AS PEROSNAL DATA CONTROLLER
KEYBE as Data Controller will fulfill the following duties, without prejudice to the other provisions provided in the law and in others that govern its commercial activity:
- Guarantee the Data Subject, at all times, the full and effective exercise of the right to habeas data;
- Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Data Subject;
- Properly inform the Data Subject about the purpose of the collection and the rights that assist him by virtue of the authorization granted;
- Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;
- Guarantee that the information provided to the Data Processor is true, complete, exact, updated, verifiable and understandable;
- Update the information, communicating in a timely manner to the Data Processor, all the updates regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to them is kept up-to-date;
- Rectify the information when it is incorrect and communicate the pertinent to the Data Processor;
- Provide the Data Processor, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of the law;
- Require the Data Processor, at all times, to respect the security and privacy conditions of the Data Subject’s information;
- Process the queries and claims formulated in the terms indicated in the present law;
- Adopt an internal manual of policies and procedures to guarantee adequate compliance with the law and, especially, for the attention of queries and complaints;
- Inform the Data Processor when certain information is under discussion by the Data Subject, once the claim has been submitted and the respective procedure has not been completed;
- Inform at the request of the Data Subject about the use given to their data;
- Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Data Subjects.
- Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
11. TEMPORARY LIMITATIONS TO THE PROCESSING OF PERSONAL DATA
KEYBE will only collect, store, use or circulate personal data for as long as is reasonable and necessary, in accordance with the purposes that justified the treatment, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical information. Once the purpose or purposes of the treatment have been fulfilled and, without prejudice to legal regulations that provide otherwise, it will proceed to delete the personal data in its possession. However, KEYBE may keep your personal data when required to comply with a legal or contractual obligation.
Notwithstanding the foregoing, you as the Data Subject may, at any time, revoke the consent you have given for the processing of your personal data, unless legally or contractually KEYBE must process said information, by sending a communication and/or written request, through the contact channels contemplated in this Policy, providing a copy of your identification document or any other document that, in the opinion of KEYBE, allows you to prove your identity.
12. PURPOSES OF THE TREATMENT
KEYBE recognizes that the owner of personal data (Data Subject) has the right to have a reasonable expectation of their privacy, taking into account, in any case, their responsibilities, rights and obligations with KEYBE. By virtue of the relationship established between you and KEYBE, we inform you that your personal data will be treated with full respect for the principles defined in the applicable law and that the collection, use, circulation, transmission, transfer and, in general, any form of treatment on them, will be done in accordance with the following purposes that will be previously informed, corresponding, in any case, to the development of its corporate purpose and the ordinary course of its activities.
13. General Purposes:
The purposes described below will be applicable to all Data Subjects who have previously, in an express and informed way, authorized the processing of their personal data:
- Confirm, comply with and provide the services and/or products purchased, directly and/or with the participation of third party providers of products or services.
- Inform about substantial changes in the Policy adopted by KEYBE.
- Establish and manage the relationship, may it be pre-contractual and contractual, commercial, labor, civil, and of any other nature that arises by virtue of the fulfillment of a legal or contractual obligation in responsibility of KEYBE.
- Respond to requests, queries, claims and/or complaints made by the holders of personal information (Data Subjects) through any of the channels enabled by KEYBE for this purpose.
- Transfer or transmit your personal data to entities and/or judicial and/or administrative authorities, when these are required in relation to their purpose, and necessary for the fulfillment of their legal or contractual functions.
The treatment of the personal data of KEYBE shareholders will be carried out in accordance with the provisions of the Commercial Code, and with any other rule that regulates this matter. The purposes applicable to the shareholders’ personal data are the following:
- Allow the exercise of the rights and duties derived from the function of shareholders.
- Make the payment of dividends.
- Collect, register and update your personal data in order to inform, communicate, organize, control, attend and accredit the activities in relation to their function of shareholders.
- Comply with judicial, administrative and legal decisions related to their function of shareholders.
15. Candidates for a Vacancy:
KEYBE will use the personal data of the candidates for a vacancy in accordance with the purposes listed below:
- Establish and manage the recruitment, selection and hiring process.
- Carry out selection, competencies and skills tests, home visits, psychosocial evaluations, and all other evaluations that are deemed convenient in order to identify the relevance of the candidate’s hiring.
- Store the personal data in a physical and/or digital file or folder that will be identified with the CANDIDATE’s name; the folder or file, may be accessed by KEYBE management or by whoever has been delegated for this purpose.
- KEYBE will keep the information that resides in the file or folder of the candidate for a vacancy for an indefinite period of time to meet the requirements of administrative authorities, and audit requirements.
KEYBE will use the personal data of its employees in accordance with the purposes listed below:
- Incorporate the personal data in the employment contract, and make modifications and additions to said contract, as well as in the other documents that are necessary to manage the employment relationship and obligations derived from it that are in care of KEYBE as Data Controller of their personal information.
- Carry out performance, competencies and skills tests, home visits, psychosocial evaluations and others that are deemed appropriate in order to identify the relevance of the person’s employment relationship.
- Develop proper management of the employment relationship that links the owner of the personal data (Data Subject) with KEYBE.
- To have the personal data of the collaborators to incorporate them appropriately in the active and historical labor files of KEYBE and keep them updated.
- Send internal communications related or not to your employment relationship.
- Manage personal data so that KEYBE, as an employer, correctly fulfills its obligations. For example: carry out the affiliations to which the worker is entitled by law before the Comprehensive Social Security System, family compensation funds and other matters related to social benefits, contributions, withholdings, taxes, labor disputes, as well as in the case of contributions or payments to other entities where the collaborator had previously authorized the processing of their data.
- Manage the personal data of the data subject and those of his family nucleus to carry out affiliation procedures with health promoting entities, family compensation funds, labor risk administrators, and others necessary for KEYBE to fulfill its duty as an employer.
- Respond to requests from the worker regarding the issuance of certificates, records and other documents requested from KEYBE in cause of the employment relationship.
- Promote the participation in programs developed by KEYBE aimed at well-being and a good work environment.
- Manage the personal data to guarantee a correct assignment of work tools (including IT tools such as email, computers, mobile devices, access to databases, etc.)
- Manage the personal data to ensure proper execution of the provisions of the Internal Work Regulations, including disciplinary processes and pertinent investigations.
- Monitor and use the images captured through video surveillance systems in order to control and evaluate the development and performance of work activities in the workplace.
- Manage the personal data to make the correct payroll payment, including making discounts for payments to third parties that the employee has previously authorized and making reports related to this process.
17. Suppliers and/or Contractors:
KEYBE will use the personal data of the suppliers and/or contractors in accordance with the purposes listed below:
- Develop proper management of the contractual relationship
- Collect, register and update the personal data in order to inform, communicate, organize, control, attend, and/or accredit the activities in relation to your status as provider and/or third party related to KEYBE and other associated procedures in charge of the Data Controller.
- Manage the data to carry out the different payment processes, invoices and collection accounts presented to KEYBE, and collection management that are in their control.
- Evaluate the services offered or provided by the supplier and/or contractor.
- Comply with any other legal obligation that is in control of KEYBE.
- Analyze financial, technical and other aspects that allow KEYBE to identify the supplier’s compliance capacity.
- Fulfill the obligations derived from the commercial relationship established with the supplier or contractor.
- Provide assistance and/or information of general and/or commercial interest to the supplier or contractor.
- Develop and apply processes of selection, evaluation, and preparation of responses to a request for information, and prepare requests for quotation and proposal and/or award of contracts.
- Evaluate the quality of the products and services offered or provided to KEYBE.
- Use, in the event that it is necessary, the personal data of the supplier’s collaborator in order to establish access controls to the logical or physical infrastructure of KEYBE.
- Manage personal data to make payments to suppliers, including the administration of bank account numbers for the correct management of payments.
- Send or provide information to the competent authorities, when so requested, or in the course of contractual disputes.
- Transfer information to administrative authorities that, due to their functions, require it in order to comply with the legal obligations in our charge.
- KEYBE understands that your personal data and that of third parties that the supplier or contractor provides, such as workers authorized to carry out the management or service entrusted, references and commercial certifications, have the authorization of the data subjects to be delivered and processed in accordance with the purposes contemplated in this Policy.
18. Clients and Commercial Prospects:
KEYBE will use, directly or with the participation of third-party providers of products or services, the personal data of customers and commercial prospects in accordance with the purposes listed below:
- Evaluate them as a potential KEYBE customer.
- Register them as a KEYBE customer.
- Verify that the information provided is true.
- Show that their assets do not come from illegal activities.
- Consult and report their information in risk and credit information centers.
- Provide information about the brands and products that we sell, as well as about the promotional activities that we carry out, all within the terms authorized by the respective legislation.
- Provide services in accordance with the needs of the Data Subject.
- Collect, register, and update the personal data in order to inform, communicate, organize, control, attend to, and/or accredit activities in relation to their status as a customer or business prospect.
- Respond to requests or requirements for information about our services.
- Send to physical or electronic mail, cell phone or mobile device, via text messages (SMS and/or MMS) or via WhatsApp or Facebook Messenger, or through any other analog and/or digital means of communication created or to be created, commercial information, advertising or promotional products and/or services, events and/or promotions of a commercial nature, in order to promote, invite, direct, execute, inform and, in general, carry out campaigns, promotions or contests of a commercial or advertising nature, carried out directly by KEYBE and/or by third parties.
- Develop loyalty programs.
- Carry out credit, collection and credit risk studies.
- Verification of data through consultations in public databases or risk centers.
- Evaluate the quality of our products or services and carry out satisfaction surveys.
- Prepare and carry out market studies and statistical analysis of trends, consumption habits, and consumer behavior.
- Keep accounting, financial and statistical records.
- Carry out statistical analysis of trends, consumption habits and consumer behavior.
- Share the information with third parties and/or allied managers for the fulfillment of the purposes described above.
- Other purposes determined by KEYBE in the information collection processes for its treatment and which are communicated to the Data Subjects at the time of personal data collection.
19. SPECIAL REQUIREMENTS FOR THE TREATMENT OF SENSITIVE DATA
KEYBE, in its capacity as Data Controller, will identify the sensitive data that it will eventually collect or process to meet the following objectives:
- Implement special attention and reinforce its responsibility for the treatment of this type of data, which translates into a greater demand in terms of compliance with the principles and duties established by current regulations on data protection.
- Establish technical, legal and administrative security levels to treat this information appropriately.
- Increase restrictions on access and use by the staff of KEYBE, in its capacity as employer, and third-party contractors or suppliers.
20. PERSONAL DATA OF GIRLS, BOYS AND ADOLESCENTS
The processing of personal data of children and adolescents by KEYBE will be carried out always respecting the following requirements:
- Respond to and respect the best interests of children and adolescents.
- Ensure, on behalf of the person in charge, the respect for their fundamental rights.
- Guarantee that the legal representative of the minor grants authorization, after exercising his right to be heard, an opinion that, as far as possible, should be valued taking into account the following factors:
- Ability to understand the purpose of said treatment
- Explain the consequences of the treatment
IMPORTANT: The assessment of the above characteristics will not be carried out by KEYBE in a general way. Any person in charge, manager, or third party involved in the processing of the personal data of minors, must always ensure the adequate use of this type of personal data.
21. TRANSMISSION OF PERSONAL DATA TO THIRD PARTIES
If you provide us with Personal Data, this information will be used only for the purposes indicated in this Policy, and we will not proceed to sell, license, transmit or disclose it to third parties, unless, i) you expressly authorize us to do so; ii) it is necessary to enable our contractors or agents to provide the services we have entrusted to them; iii) it is necessary for the effective provision and fulfillment of the service acquired; iv) in order to provide our products or services to you; v) it is necessary to allow third parties to provide marketing services on our behalf or to other entities with which they have joint market agreements; vi) it is related to a merger, consolidation, acquisition, divestment or other restructuring process; vii) it is required to finalize administrative operations; or viii) it is required or permitted by law.
In order to implement the purposes described above, your personal data may be disclosed for the reasons indicated in this Policy to human resources personnel, managers, consultants, advisors and other persons and offices, as appropriate.
KEYBE may subcontract third parties for the processing of certain functions or information. When we effectively subcontract with third parties the processing of your personal information, or provide your personal information to third party service providers, we warn said third parties about the need to protect said personal information with appropriate security measures, we prohibit the use of your personal information for their own purposes and we prevent them from disclosing your personal information to others.
However, when KEYBE carries out a Transmission of Personal Data to third-party Managers located in Colombia or in other jurisdictions, it must prove (i) a prior, express and informed authorization by the Data Subject, or (ii) a contract for the transmission of Personal Data that contains the requirements contemplated in article 126.96.36.199.5.2 of Decree 1074 of 2015.
Similarly, KEYBE may transfer or transmit (as appropriate) your personal data to other companies abroad for reasons of security, administrative efficiency and better service, in accordance with the authorizations of each of these persons. Under this understanding, your data may be transmitted or transferred, as appropriate, for the completion of administrative operations in favor and under instructions of KEYBE or in favor of the global operation of KEYBE, Inc., its affiliates or subsidiaries.
22. PROCESSING OF PERSONAL DATA ON BEHALF OF A THIRD PARTY
KEYBE may act in certain events as in Data Processor of the data supplied or transmitted by some of its interest groups that have hired KEYBE, and by virtue of this contractual relationship, it commits to comply with the following duties:
- Verify that the Data Controller is authorized to supply the personal data that will be processed as Data Processor.
- Guarantee to the Data Subject, at all times, the full and effective exercise of the right to habeas data.
- Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
- Timely update, rectify or delete the data.
- Update the information reported by the Data Controller within five (5) business days from receipt.
- Process the queries and claims made by the data subjects by the terms indicated in this policy.
- Register in the database the caption “claim in process” in the form in which it is established in this policy.
- Insert in the database the caption “information in judicial discussion” once notified by the competent authority about judicial processes related to the quality of personal data.
- Refrain from circulating information that is being controverted by the data subject and whose blocking has been ordered by the Superintendency of Industry and Commerce.
- Allow access to information only to persons authorized by the data subject or empowered by law for that purpose.
- Inform the Superintendency of Industry and Commerce when there are violations of the security codes and there are risks in the administration of the information of the data subject.
- Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
23. SECURITY, INTEGRITY AND CONFIDENTIALITY
In development of the security principle contemplated in Law 1581 of 2012, KEYBE has adopted and incorporated in its different processes the necessary and adequate technical, human and administrative measures to grant security to the records with personal information avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access. The personnel who process the personal data will execute the protocols established by KEYBE in order to guarantee the security of the information. The foregoing in accordance with the state of technology, the type and nature of the data found in our databases and the risks to which they are exposed.
The personal data that KEYBE obtains through any format, contract, physical or electronic communication, will be treated with total reserve and confidentiality, committing to keep due secrecy regarding them and guaranteeing the duty to store them by adopting necessary measures to avoid their alteration, loss, and unauthorized treatment or access, in accordance with the provisions of the applicable legislation.
24. RIGHTS OF PERSONAL DATA SUBJECTS
Personal Data Subjects may exercise the right to habeas data before KEYBE in order to:
- Know and access their personal data that has been subject to treatment.
- Update their personal data that has been subject to treatment.
- Rectify personal data that has been subject to treatment.
- Delete the authorization for the processing of their personal data, when the principles established in Law 1581 of 2012 have not been respected in the treatment thereof.
- Request proof of the authorization granted for the processing of their personal data.
These rights may be exercised directly by the Personal Data Subject, his attorney or his successor in title, as the case may be. If the Data Subject wishes to exercise their right to habeas data through a legal representative, they must present a duly authenticated general or special power of attorney.
The content and details of each of the rights that you, as the personal Data Subject, can exercise are described below:
- Right of access. Any natural person will have the right to know if their personal data has been subjected to any form of treatment by KEYBE in the terms expressed in the norm, in addition to exercising the right to know the origin of their data and if they have been transmitted or transferred or not to third parties and, therefore, the identification of those third parties.
- Right to update. Any natural person will have the right to update the information kept by KEYBE as personal data in the terms expressed in the norm.
- Rights of rectification. Any natural person has the right to verify before the data controller the accuracy and veracity of the personal data collected and request the rectification of it when it is inaccurate, incomplete or lead to error. The data subjects must indicate the data they request to correct and also accompany the documentation that justifies the request.
- Request for deletion or cancellation of the data. The personal data subject must indicate the data that must be canceled or rectified, providing, if necessary, the documentation or proof that justifies it. The cancellation will lead to the blocking of your data, being kept by the data controller, with the sole purpose of making it accessible to administrative or judicial authorities, always obeying the limitation period that exists on it. Once this period has elapsed, the data controller must proceed to the definitive cancellation of the personal information of the interested or affected party, which resides in our databases or files.
Likewise, the data subject may request the deletion or cancellation of their personal data when the treatment of these by the Data Controller or Data Processor is excessive or even inappropriate. The personal data of the data subjects will be kept for the time provided for in the applicable regulations and/or, depending on the case, of the contractual relations between the data subject and the data controller.
In any case, the request to delete the information and the revocation of the authorization will not proceed when the data subject has a legal or contractual duty to remain in the database.
25. FORMS TO EXERCISE THE RIGHT OF HABEAS DATA
The Data Subjects may exercise habeas data at any time and effectively to guarantee their right of access, rectification, deletion and proof of authorization before KEYBE through any of the following contact channels enabled:
Email: you can contact us via email at [email protected]
The following are the legally permitted ways to exercise the right to habeas data:
- On your own behalf: you, as the data subject of personal data that is stored in databases and/or files of KEYBE, will have the right to know, update, access, rectify, delete, and be informed about the use of your data, request proof of authorization granted, and revoke the authorization granted.
- Through a proxy: This right can be exercised by the duly identified interested party or by the proxy of the data subject of the personal information, for which the duly authenticated special or general power of attorney must be attached to the request.
- Exercise of the right of minors: Minors must exercise their right to habeas data through whoever proves their legal representation.
26. PROCEDURES FOR QUERIES AND COMPLAINTS
- Query Procedure: Data Subjects who wish to make queries, should bear in mind that KEYBE, as the Data Controller, will provide said persons with all the information contained in the individual record or that is linked to the data subject’s identification. The query will be made through the channels enabled by KEYBE and will be answered within a maximum term of ten (10) business days from the date of receipt of the request. When it is not possible to attend the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be attended, which in no case may exceed five (5) business days following expiration of the first term, notwithstanding the provisions contained in special laws or regulations issued by the National Government that may establish lower terms, taking into account the nature of the personal data.
- Claim Procedure: The Data Subject who considers that the information contained in a KEYBE database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, may submit a claim before the Data Controller or the Data Processor, which will be processed under the following rules:
- The claim will be formulated by means of a request addressed to the data controller or the data processor, with the identification of the data subject, the description of the facts that give rise to the claim, and the address, accompanying the documents that you want to enforce.
- If the claim is incomplete, the interested party will be required within five (5) days after receiving the claim to correct the faults. After two (2) months from the date of the request without the applicant submitting the required information, it will be understood that they have withdrawn the claim.
- In the event that the person who receives the claim is not competent to resolve it, he or she will transfer it to the corresponding person within a maximum term of two (2) business days and will inform the interested party of the situation
- Once the complete claim has been received, within a period of no more than two (2) business days, a caption that says “claim in process” and the causes that motivated it will be included in the database. Said caption must be maintained until the claim is resolved in substance.
- The maximum term to attend the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.
27. MODIFICATIONS TO THIS POLICY
This policy can be adjusted or modified at any time, for which reason we recommend that you periodically review our corporate website, through which you will be notified of the change and the latest version of this Policy or the mechanisms to obtain a copy of it.
28. PERSONAL DATA PROTECTION OFFICER
KEYBE, in compliance with the principle of demonstrated responsibility, has internally designated [Daniel Agudelo] as Personal Data Protection Officer (“DPO”), who will be in charge of implementing the policies and procedures adopted by KEYBE to comply with the norm of personal data protection, as well as the implementation of good personal data management practices within the company.
The designated KEYBE DPO is internally responsible for updating and distributing the Policy, which is why any change made must be approved by them. If you, as the data subject, do not agree with the changes made to it, you can exercise your right to habeas data through the channels and in the manner established in this Policy.
At KEYBE the Data Protection Officer is [Daniel Agudelo [email protected]]
29. DATE OF ENTRY INTO EFFECT
This Policy became effective on [January 1, 2020]
For clients and users of our Website and, in general, any Personal Data Subject residing in a country of the European Union, as well as for clients who purchase KEYBE’s products or services in a country of the European Union, governs the provisions of this annex, which is applied in accordance with the Privacy and Protection of Personal Data Policy of our stakeholders and is an integral part of it.
31. METHOD OF OBTAINING YOUR PERSONAL DATA
KEYBE collects personal data from its customers and Website users each time they use our services, including when they use our Website or when they interact with us electronically or through our customer service contact channels.
32. DATA COLLECTED AND PROCESSED
KEYBE may collect information and personal data from customers and users of its Website, that may vary due to technological facilities, nature of the product or service to be supplied, among others. For that purpose, we may collect the following personal information:
- General identification data: Name and surname of the client or user, date of birth, identification or ID number, gender, marital status, profession or trade, postal and/or electronic address (personal and/or work), nationality and/or country of residence, landlines and mobile contact numbers (personal and/or work).
- Socio-economic content data: Personal data of the cardholder (names and surnames, type and identification number), billing address information, credit card information(s).
- Sensitive data: biometric data, including images, photographs, videos, voices and/or sounds, and fingerprints that identify or make identifiable our clients and users and/or any individual who is or transits in any place where KEYBE has installed video surveillance camera or georeferencing equipment.
- Other data: IP of the client, through cookies, and information about the location of your device if you have been browsing our website or using our mobile application.
- Information on purchasing channels (including representatives or agents, call centers, websites, mobile applications)
- Information and personal data collected through surveys, focus groups or other market research methods.
- Information required by officials or customer service representatives, such as sales and/or customer relations representatives, in order to attend to requests or claims.
- Certain categories of personal data, such as those related to racial origin, ethnicity, religion, health, sexual orientation or biometric data, constitute special categories of personal data that require additional protection in accordance with the data protection regulations of the European Union. Although at KEYBE we try to limit the circumstances in which we collect and process data of this nature, it is possible that we collect and process this data from customers and users in certain circumstances.
33. PURPOSES OF THE TREATMENT:
In addition to the purposes described in paragraph IX of the Privacy and Protection of Personal Data Policy, KEYBE will process your data for the following purposes:
- Celebration and management of the contractual relationship.
- Management of marketing activities.
- Compliance with legal and security obligations.
- Loyalty programs.
- Personalized communications.
- Personalization of content.
- Analysis and processing of data through Artificial Intelligence.
34. TIME OF CONSERVATION OF PERSONAL DATA:
The personal data provided by clients or users will be kept as long as the commercial or contractual relationship is in force. The foregoing, notwithstanding its conservation for the years necessary to comply with legal obligations, especially in accounting, fiscal and tax matters, and may be kept for a period of up to ten (10) years. For marketing purposes, we will keep your personal data until you ask us to delete or cancel it
35. LEGITIMATION FOR THE PROCESSING OF PERSONAL DATA:
The fundamental legal basis that allows us to process the personal data of clients and users of our Website is the execution of any contract with KEYBE, from which rights and obligations are derived for the parties to the contractual relationship.
Also, there are legal obligations in tax and fiscal matters, among others, that oblige us to process your personal data in compliance with the procedures and requirements that KEYBE must comply with before the authorities and entities of control and surveillance of any jurisdiction in which these operate.
For the provision of the services acquired, as well as in compliance with certain legal requirements, certain essential data must be collected. The client or user is obliged to provide that personal data (truthful and updated) that is required by legal requirement, and that that is necessary to sign the contract. In case of not providing it or requesting its deletion prior to the total execution of the contract, we will not be able to manage and perfect the contractual relationship, and may even communicate inaccurate data.
On some occasions, the treatment we carry out is based on our legitimate business interest, such as fraud prevention, or the distribution by email of commercial communications about products and services similar to those contracted by you; provided that they do not prevail over the interests or the rights and freedoms of the clients.
The processing of personal data for the distribution of commercial communications and, where appropriate, the treatment of special categories of data is carried out by KEYBE based on the consent given by the client or user.
Whenever we request your consent for any treatment, we will inform you about it at that time. In any case, we inform you that you have the right to withdraw your consent at any time, without the withdrawal of that consent conditioning the execution of the contract. If you are a registered user of our services, you can change your privacy preferences at any time, modifying your online profile, and accessing your private area. In addition, all commercial communications that we send you by email, SMS, PUSH or WhatsApp, will have an option to “unsubscribe” that will allow you to stop receiving electronic communications of a commercial nature. Although we do everything possible to process requests to unsubscribe from commercial communications within a period of fifteen (15) business days from when we receive the request, it is possible that you will receive some commercial communication during that period.
36. RECIPIENTS TO WHOM WE COMMUNICATE PERSONAL DATA:
The data of the clients and users may be legitimately communicated to the following third parties:
- For the management of the contractual relationship.
- For marketing activities, although we may share your data with data processors or with commercial partners, we inform you that KEYBE will not sell your personal data to any third party.
- For the fulfillment of legal obligations.
- For loyalty programs.
In the event that data is transferred outside the European Economic Area, it will be done in accordance with the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the Protection of Natural Persons with regard to the Processing of Personal Data and the Free Circulation of this Data, as well as the national laws of the Member States on the matter). For transfers outside the EEA, KEYBE uses contractual data protection clauses adopted by the European Commission and the EU – US Privacy Shield as a guarantee of those transfers made to countries that do not have an adequacy decision from the European Commission.
37. RIGHTS OF PERSONAL DATA SUBJECTS:
- You have the right to obtain confirmation on whether or not we are treating your personal data.
- You have the right to access your personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. Likewise, you will have the right to the portability of your data in the cases provided for in the regulations.
- n certain circumstances, you may request the limitation of the processing of your data, in which case, with the exception of its conservation, we will only treat it for the formulation, exercise or defense of claims or in the other cases provided for in the applicable legislation.
- In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. We will stop processing the data, except for compelling legitimate reasons, or for the formulation, exercise or defense of possible claims.
- Finally, regarding those treatments that you have voluntarily consented to, you may withdraw your consent at any time; but this withdrawal may not affect the fulfillment of the legal obligations in responsibility of KEYBE.
To exercise your rights, you must send a request through the means enabled by KEYBE, attaching the document that proves your identity, the passport for validation associated with international flights, the description of your request and the means of contact:
38. Enabled media:
Email: [email protected]
If you wish to obtain more information about your rights, if you have not obtained satisfaction in the exercise of your rights, and/or wish to file a claim, you can do so by contacting the data protection control authority of the corresponding country.
39. RIGHTS OF PERSONAL DATA SUBJECTS:
KEYBE does not carry out direct marketing to minors, nor can they be users of the products or services we offer, unless they act through, or are duly authorized by, their parents or by those who have parental authority or legal representation of the minor.
Our App collects information from users through a registration form, a chat, and the option to upload files. The collected data includes: identity, address, phone number, email address, and identification document. Users also have the option to upload any other type of personal information of their own choice through the aforementioned file.
The collected information is used to provide a more personalized service and to improve the user experience on our app. This information will not be shared with third parties without the user's prior consent, unless required by law.
The security of user information is important to us, so we take measures to protect the information from unauthorized access, alteration, disclosure, or destruction. However, we cannot guarantee absolute security of information sent through the internet.
This annex is effective from the day of its publication.