Privacy Policy

AND DATA PROCESSING

YOUR SECURITY IS OUR TOP PRIORITY

At Gen3sis SAS, we place special emphasis on the protection of your Personal Data. Therefore, we would like to inform our Clients, Users, and Visitors of the relevant aspects regarding the Processing of Personal Data that we carry out, in accordance with the provisions of Law No. 1581 of 2012, Decree No. 1377 of 2013, Chapter XXV of Decree No. 1074 of 2015, and Law No. 1266 of 2008, where applicable, as well as other current laws on Personal Data Protection or those that replace, amend, or supplement them.

In this PRIVACY AND PERSONAL DATA PROCESSING POLICY (hereinafter, the “Policy”), we include information of interest such as: the type of data we collect and process; the purposes of the Processing; your rights as the Data Subject; the mechanisms available to exercise your rights as a Data Subject; among other topics. This Policy is addressed to Users, Clients, Visitors, Employees, and third parties whose data are subject to processing by Gen3sis SAS, as specified in the annexes to this Policy.

We kindly request that you carefully read this Policy before accepting the Processing of your data and/or using our services.

  1. YOUR PERSONAL DATA.

To access information and/or services in the Gen3sis SAS Interaction spaces, and to be able to interact in them, you must voluntarily and freely provide your true, non-sensitive personal identification data, such as: name, surnames, identification, age, gender, telephone, physical and electronic address, country, city and other necessary data that may be requested in the registration process and/or in the contact channels or tools.

  1. INFORMATION SECURITY.

Gen3sis SASWe strive to protect our users and ourselves from unauthorized access to, or any unauthorized modification, disclosure, or destruction of, the information we hold.

Data transmission over the internet or any wireless network cannot be guaranteed to be 100% secure. Therefore, while we strive to protect your personal information, we cannot ensure or guarantee the complete and effective security of any information you transmit to Gen3sis SAS, and you do so at your own risk.

In our pursuit of the greatest possible security, we:

  • We encrypt all our services using the SSL security protocol.
  • We have multiple controls over our information systems that allow us to maintain greater security for your information.
  • We monitor and implement the most modern practices and protocols in the collection, storage and processing of information, including our physical security measures, to protect against unauthorized access to systems.
  • We restrict access to the personal information we hold about our customers and/or users to employees and contractors who need to know such information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be sanctioned or dismissed if they fail to comply with these obligations.
  1. STORAGE OF YOUR PERSONAL DATA.

3.1. The personal data of all our clients and/or users will be stored in a database behind a firewall for added security. The server hosting the database is physically protected in a secure location. Only authorized personnel have access to it and, therefore, to the personal data of our clients and/or users.

  1. RECEIPT OF YOUR INFORMATION / USE OF YOUR INFORMATION.

4.1. The private information of users and/or clients is in principle intended for the provision of the service for which they were linked.

4.2. When you register to participate and/or use any of the different Interaction spaces of Gen3sis SAS, you may be asked in the process for basic information such as name, surname, occupation, age, address, date of birth, telephone number among others.

4.3. When you send a request for consultation, assistance and/or complaint, we may ask you for personal information.

4.4. We may ask you for personal information at other times; you are free to provide it or not.

4.5. We may automatically receive and record information from your browser in our server logs, including your IP address, computer name, browser type and version, referring addresses, and other details. We may also record your visits to our website or your use of applications owned by Gen3sis SAS.

4.6. In general, we will not disclose your personal information to unaffiliated third parties without your express consent.

4.7. There may be circumstances in which we may need to disclose personal information about a user and/or customer. These reasons include: Employing other companies to perform functions on our behalf, such as order fulfillment, providing customer service, sending emails and correspondence, processing credit card payments, or other functions necessary for our business operations.

4.8. The obligations included in these practices regarding the care or handling that Gen3sis SAS must give to the personal information of its clients and/or users do not apply when the information is required by a public or administrative entity in the exercise of its legal functions or by court order.

4.9. The information provided by clients, visitors and/or users may be used by Gen3sis SAS in accordance with these practices and for the purpose of:

(i) Provide required information, services and products

(ii) To inform about new products or services that are related or not to those contracted or acquired by the customer

(iii) To fulfill obligations contracted with our clients

(iv) Inform about changes to our products or services

(v) Evaluate the quality of care and service

(vi) Conduct internal studies on consumption habits

(vii) Send by physical mail, email, cell phone or mobile device, – via text messages (SMS and/or MMS) commercial, advertising or promotional information about products and/or services, events and/or promotions of a commercial or non-commercial nature, in order to promote, invite, direct, execute, inform and in general, carry out campaigns, promotions or contests of a commercial or advertising nature.

(viii) Sharing, including the transfer and transmission of your personal data to third countries for purposes related to the operation.

4.11. In the event of a sale of the majority of the company’s assets, customer and/or user information may be transferred to the buyer as part of the business establishment.

  1. COOKIES.

Gen3sis SASGen3sis and its website https://gen3sis.co use cookies to personalize and optimize the USER’s browsing experience. Cookies are associated only with an anonymous USER and their computer and do not provide any information that could be used to identify the USER.

The USER may configure their browser to notify and reject the installation of cookies sent by Gen3sis SAS, without this affecting the USER’s ability to access the information and content.

  1. LINKS

In the event that the website contains links or hyperlinks to other internet sites, Gen3sis SAS will not exercise any control over such sites and their content. Under no circumstances will Gen3sis SAS assume any responsibility for the content of any link belonging to a third-party website, nor will it guarantee the technical availability, quality, reliability, accuracy, completeness, truthfulness, validity, or legality of any material or information contained in any of these links or hyperlinks or other internet sites. Likewise, the inclusion of these external links will not imply any type of association, merger, or partnership with the linked entities.

  1. KNOWLEDGE, UPDATING AND CORRECTION OF USERS’ PERSONAL INFORMATION.

At any time, clients and/or users may request Gen3sis SAS, as the data controller, to provide information about their personal data, update it, rectify it, and also include new data if they wish, delete it or exclude it from the database unless the data is absolutely necessary for the provision of the service to which the client and/or user is registered and/or enrolled and wishes to remain in it; otherwise, they will be completely unlinked and/or deactivated from it.

If the user and/or client wishes to exercise their rights and therefore update, rectify, delete, among others, they must send an email to: juan.gomez@gen3sis.net

  1. RIGHTS OF CUSTOMERS AND/OR USERS (1581 OF 2012, ARTICLE 8).
  • To know, update and rectify your personal data before the Data Controllers or Data Processors. This right may be exercised, among others, with respect to data that is partial, inaccurate, incomplete, fragmented, misleading, or whose processing is expressly prohibited or has not been authorized.
  • Request proof of the authorization granted to the Data Controller except when expressly exempted as a requirement for the Processing, in accordance with the provisions of article 10 of this law.
  • To be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been made of your personal data.
  • To file complaints with the Superintendency of Industry and Commerce for violations of the provisions of this law and other regulations that modify, add to or complement it.
  • To revoke authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees. Revocation and/or deletion will proceed when the Superintendency of Industry and Commerce has determined that the Controller or Processor has engaged in conduct contrary to this law and the Constitution.
  • Access your personal data that has been processed, free of charge.
  1. VALIDITY.

The client and/or User accepts and acknowledges that this authorization will be valid from the moment it was accepted and for as long as Gen3sis SAS carries out the activities inherent to its corporate purpose.

  1. CUSTOMER SERVICE.

For inquiries, claims, complaints, or to exercise user or customer rights, you can contact Gen3sis SAS at juan.gomez@gen3sis.net or call 350 6199798 during office hours.

Once the User and/or Client submits one of the aforementioned requests, Gen3sis SAS will have up to ten (10) business days to process it. In any case, Gen3sis SAS may be subject to the terms established by law.

  1. RESPONSIBLE FOR THE PROCESSING OF MY DATA

Juan Gómez

Colombia

Email: juan.gomez@gen3sis.net

Telephone: 350 6199798

Gen3sis SASWe may unilaterally change our privacy and personal data usage policy. We will not limit your rights under this Privacy and Personal Data Usage Policy without your explicit consent. We will post any changes to this Privacy and Personal Data Usage Policy on this page. We will also retain previous versions of this Privacy and Personal Data Usage Policy.

Our Services and Products are not directed to children and adolescents, so you are asked to refrain from proceeding with the registration and/or service if you are under eighteen (18) years of age.

  1. HOW TO ACCESS, RECTIFY AND UPDATE YOUR PERSONAL DATA OR REQUEST ITS DELETION?

You have the right to access your personal data and the details of its processing, as well as to rectify or update it if it is inaccurate, or to request its deletion when you consider that it is excessive or unnecessary for the purposes that justified its collection, or to oppose its processing for specific purposes.

To exercise this right, you must take the following into account:

The department in charge of matters related to data protection is the Commercial Management of Gen3sis SAS, which is located at Cr 20 N° 76-60 Bogotá, Colombia.

The email address: juan.gomez@gen3sis.net

For more information, please call 350 6199798 or visit our website https://www.gen3sis.net

  1. POLICIES AND PROCEDURES REGARDING THE PROTECTION OF PERSONAL DATA

CHAPTER I

GENERAL PROVISIONS

ARTICLE 1. APPLICABLE LEGISLATION.

These policies were developed taking into account the provisions contained in Articles 15 and 20 of the Political Constitution, Law 1581 of 2012 “By which general provisions are issued for the protection of personal data”.

ARTICLE 2. SCOPE OF APPLICATION.These policies apply to the processing of personal data collected and handled by Gen3sis SAS

ARTICLE 3. DATABASES.The policies and procedures contained in this manual apply to the databases of each existing and future business unit, which may include, but are not necessarily limited to, the following: Customer Service, Billing, Collections, Accounting, Marketing, Subscriptions, Advertising, Electronic Media, whose validity period is the same as the duration of the company Gen3sis SAS registered with the Bogotá Chamber of Commerce.

ARTICLE 4. OBJECT.This manual fulfills the requirements of section k) of article 17 of Law 1581 of 2012, which regulates the duties of those responsible for processing personal data, including the adoption of an internal manual of policies and procedures to ensure proper compliance with the law and, in particular, to address inquiries and complaints.

It also aims to regulate the procedures for the collection, handling and processing of personal data carried out by Gen3sis SAS, in order to guarantee and protect the fundamental right of habeas data within the framework established in the same law.

ARTICLE 5. PRINCIPLES.The principles set out below constitute the general parameters that will be respected by Gen3sis SAS in the processes of collection, use and processing of personal data.

Principle of purpose: The processing of personal data collected by Gen3sis SAS must be for a legitimate purpose, which must be communicated to the Data Subject.

Principle of freedom: Processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives the requirement for consent.

Principle of veracity or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.

Principle of transparency: In the Processing, the right of the Data Subject to obtain from Gen3sis SAS at any time and without restrictions, information about the existence of data concerning him or her must be guaranteed.

Principle of restricted access and circulation: Personal data, except for public information, may not be available on the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to the Data Subjects or authorized third parties.

Security Principle: Information subject to processing by Gen3sis SAS must be protected through the use of the necessary technical, human, and administrative measures to ensure the security of the records, preventing their alteration, loss, unauthorized or fraudulent consultation, use, or access.

Principle of confidentiality: All persons involved in the processing of personal data are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks involved in the processing has ended.

CHAPTER II

AUTHORIZATION

ARTICLE 6. AUTHORIZATION.The collection, storage, use, circulation, or deletion of personal data by Gen3sis SAS requires the free, prior, express, and informed consent of the data subject. Juan Gómez, in his capacity as data controller, has implemented the necessary mechanisms to obtain authorization from data subjects, ensuring in all cases that it is possible to verify the granting of said authorization.

ARTICLE 7. FORM AND MECHANISMS FOR GRANTING AUTHORIZATION.

The authorization may be in a physical document, electronic document, or any other format or medium that allows for its subsequent verification. The authorization will be issued by Gen3sis SAS and made available to the data subject prior to the processing of their personal data, in accordance with the provisions of Law 1581 of 2012.

The consent authorization procedure ensures that the data subject is informed that their personal information will be collected and used for specific and known purposes, and that they have the option to be informed of any changes to those purposes and the specific use made of their data. This is so that the data subject can make informed decisions regarding their personal data and control the use of their personal information. The authorization is a declaration that informs the data subject:

  • Who collects it (person in charge or responsible)
  • What is collected (data that is gathered)
  • Why is the data collected (the purposes of the processing)
  • How to exercise rights of access, correction, updating or deletion of the personal data provided
  • If sensitive data is collected

ARTICLE 8. PRIVACY NOTICE:

The Privacy Notice is the physical, electronic, or other format document made available to the Data Subject regarding the processing of their personal data. This document informs the Data Subject about the applicable data processing policies, how to access them, and the characteristics of the intended processing of their personal data.

ARTICLE 9. PRIVACY NOTICE AND INFORMATION PROCESSING POLICIES.

Gen3sis SASGen3sis SAS will retain the privacy notice template that was provided to the Data Subjects for as long as the processing of personal data is carried out and the obligations arising from it remain in effect. Gen3sis SAS may use computer systems, electronic means, or any other technology to store the template.

CHAPTER III

RIGHTS AND DUTIES

ARTICLE 13. RIGHTS OF DATA SUBJECTS.

In accordance with the provisions of Article 8 of Law 1581 of 2012, the owner of the personal data has the following rights:

  1. a) To know, update and rectify your personal data before Gen3sis SAS, in its capacity as data controller.
  2. b) Request proof of the authorization granted to Gen3sis SAS, in its capacity as Data Controller.
  3. c) To be informed by Gen3sis SAS upon request, regarding the use that has been made of your personal data.
  4. d) To file complaints with the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012, once the consultation or claim process before the Data Controller has been exhausted.
  5. e) Revoke the authorization and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees.
  6. f) Access free of charge to your personal data that has been processed.

ARTICLE 14. DUTIES IN RELATION TO THE PROCESSING OF PERSONAL DATA.

Gen3sis SASIt will bear in mind at all times that personal data belongs to the individuals to whom it refers and that only they can decide how it is used. In this regard, it will use such data only for those purposes for which it is duly authorized, and always respecting Law 1581 of 2012 on the protection of personal data.

In accordance with the provisions of Article 17 of Law 1581 of 2012, Gen3sis SAS undertakes to permanently comply with the following duties in relation to the processing of personal data:

▪ Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data.

▪ Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, use or unauthorized or fraudulent access.

▪ Carry out in a timely manner, in accordance with the terms provided in Articles 14 and 15 of Law 1581 of 2012, the updating, rectification or deletion of the data.

▪ Process inquiries and claims made by the Holders in accordance with the terms set out in article 14 of Law 1581 of 2012.

▪ Insert the legend “information under judicial discussion” into the database once notified by the competent authority about legal proceedings related to the quality or details of the personal data.

▪ Refrain from circulating information that is being disputed by the Holder and whose blocking has been ordered by the Superintendency of Industry and Commerce.

▪ Allow access to information only to people who are authorized to access it.

▪ Report to the Superintendency of Industry and Commerce when violations of security codes occur and there are risks in the management of the information of the Holders.

▪ Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

CHAPTER IV

ACCESS, CONSULTATION AND COMPLAINT PROCEDURES

ARTICLE 15. RIGHT OF ACCESS:

The power of disposition or decision that the data subject has over their personal information necessarily entails the right to access and know whether their personal information is being processed, as well as the scope, conditions, and generalities of said processing. Therefore, Gen3sis SAS must guarantee the data subject’s right of access in three ways:

The first implies that the data subject can know the actual existence of the processing to which their personal data is subjected.

The second is that the data subject can have access to their personal data that is in the possession of the data controller.

The third involves the right to know the essential circumstances of the processing, which translates into the duty of Gen3sis SAS to inform the data subject about the type of personal data processed and each and every one of the purposes that justify the processing.

Gen3sis SASThe right of access will be guaranteed when, after verification of the identity of the data subject or their representative, the details of their personal data are made available to them free of charge through electronic means that allow the data subject direct access. This access must be offered without time limits and must allow the data subject to view and update their data online.

ARTICLE 16 CONSULTATIONS.

In accordance with Article 14 of Law 1581 of 2012, data subjects or their successors may consult the data subject’s personal information held in any database. Therefore, Gen3sis SAS will guarantee the right to consultation, providing data subjects with all the information contained in their individual record or linked to their identification.

For handling requests to consult personal data, Gen3sis SAS guarantees:

  • Enable electronic or other means of communication that you deem appropriate.
  • Establish simplified forms, systems, and other methods, which must be reported in the privacy notice.
  • Use the customer service or complaints services that are in operation.
  • In any case, regardless of the mechanism implemented for handling consultation requests, they will be addressed within a maximum of ten (10) business days from the date of receipt. If it is not possible to address the consultation within this period, the interested party will be informed before the ten (10) days expire, stating the reasons for the delay and indicating the date on which their consultation will be addressed, which in no case may exceed five (5) business days following the expiration of the initial period.

ARTICLE 17. CLAIMS

.In accordance with the provisions of Article 14 of Law 1581 of 2012, the Data Subject or their successors who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, may file a claim with the Data Controller, which will be processed under the following rules:

  1. The claimant may submit the claim using the forms provided for this purpose by Gen3sis SAS on its website. If the claim received does not contain complete information for processing, specifically the claimant’s identification, a description of the events giving rise to the claim, the address, and any supporting documents, the claimant will be notified within five (5) days of receipt to correct the deficiencies. If the claimant fails to provide the required information within two (2) months of the notification date, the claim will be considered withdrawn. If, for any reason, Gen3sis SAS receives a claim that should not be directed against it, it will forward it to the appropriate party within a maximum of two (2) business days and inform the claimant of the situation.
  2. Once the complete claim is received, Gen3sis SAS will add a note stating “claim in process” and the reason for the claim within two (2) business days. This note will remain until the claim is resolved.
  3. The maximum time to address the claim will be ten (10) business days, starting from the day after the date of receipt. If it is not possible to address it within this period, the interested party will be informed before the expiration of said period of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed five (5) business days following the expiration of the first period.

DATA CORRECTION AND UPDATING.

Gen3sis SASIt has the obligation to rectify and update, at the request of the data subject, any information that is incomplete or inaccurate, in accordance with the procedure and terms indicated above. The following will be taken into account in this regard:

In requests for rectification and updating of personal data, the holder must indicate the corrections to be made and provide the documentation that supports their request.

Gen3sis SASIt has full freedom to enable mechanisms that facilitate the exercise of this right, provided that these benefit the holder. Consequently, electronic or other means deemed appropriate may be enabled.

Gen3sis SASYou may establish simplified forms, systems and other methods, which must be reported in the privacy notice and made available to interested parties on the website.

Gen3sis SASIt will use the customer service or support services it has in operation, provided that the response times are not longer than those indicated by Article 15 of Law 1581 of 2012.

Whenever Gen3sis SAS makes available a new tool to facilitate the exercise of their rights by data subjects or modifies existing ones, it will inform them through the respective section on its website.

Paragraph 2.

DATA DELETION.

The data subject has the right, at any time, to request Gen3sis SAS to delete their personal data when:

  • Consider that they are not being treated in accordance with the principles, duties and obligations provided for in Law 1581 of 2012.
  • They have ceased to be necessary or relevant for the purpose for which they were collected.
  • The period necessary for the fulfillment of the purposes for which they were collected has been exceeded.

This deletion implies the total or partial removal of personal information, as requested by the data subject, from the records, files, databases, or processing carried out by Gen3sis SAS.

It is important to note that the right to cancellation is not absolute and the data controller may refuse to exercise it when:

  • The request for deletion of information will not be granted when the holder has a legal or contractual duty to remain in the database.
  • The deletion of data hinders judicial or administrative proceedings related to tax obligations, the investigation and prosecution of crimes, or the updating of administrative sanctions.
  • The data is necessary to protect the legally protected interests of the data subject; to carry out an action based on the public interest, or to comply with a legally acquired obligation of the data subject.

If the cancellation of personal data is deemed appropriate, Gen3sis SAS must operationally carry out the deletion in such a way that the removal does not allow the recovery of the information.

CHAPTER V

INFORMATION SECURITY

ARTICLE 20. SECURITY MEASURES.

In accordance with the security principle established in Law 1581 of 2012, Gen3sis SAS will adopt the necessary technical, human and administrative measures to ensure the security of the records, preventing their alteration, loss, unauthorized or fraudulent consultation, use or access.

ARTICLE 21. IMPLEMENTATION OF SECURITY MEASURES.

Gen3sis SASIt will maintain mandatory security protocols for personnel with access to personal data and information systems.

The procedure must consider, at a minimum, the following aspects:

  • Scope of application of the procedure with detailed specification of the protected resources.
  • Measures, norms, procedures, rules and standards aimed at guaranteeing the level of security required in Law 1581 of 2012
  • Staff duties and responsibilities.
  • Structure of personal data databases and description of the information systems that process them.
  • Procedure for notifying, managing and responding to incidents.
  • Procedures for performing backups and data recovery.
  • Periodic checks that must be carried out to verify compliance with the provisions of the security procedure that is implemented.
  • Measures to be taken when a medium or document is to be transported, disposed of or reused.
  • The procedure must be kept up-to-date at all times and must be reviewed whenever relevant changes occur in the information system or its organization.
  • The content of the procedure must at all times comply with the current provisions on the security of personal data.

CHAPTER VI

FINAL PROVISIONS

ARTICLE 22.

Gen3sis SASdesignates Juan Gómez, Director G3; to fulfill the function of personal data protection and to process the requests of the holders, for the exercise of the rights of access, consultation, rectification, updating, deletion and revocation referred to in Law 1581 of 2012

ARTICLE 23.

EFFECTIVE DATE. This manual is effective from January 1, 2024.