Privacy Policy

POLICIES AND PROCEDURES TO ENSURE PROPER COMPLIANCE WITH LAW 1581 OF 2012 AND OTHER REGULATIONS GOVERNING THE PROTECTION OF PERSONAL DATA.

1. Introduction

Pursuant to the provisions of Articles 17 literal k) and 18 literal f) of Law 1581 of 2012, as well as Articles 13 to 19 of Decree 1377 of 2013 and the stipulations of Decree 886 of 2014 and Circular No. 2 of the Superintendence of Industry and Commerce, the following establishes the Personal Data Processing Policies, as well as the protection of the same; received and transmitted from aspiring workers of CASTRO & SALAZAR LAW GROUP S.A. S. also called THE COMPANY, its employees, suppliers, contractors, customers and third parties in general, called Information Holders, with whom on the occasion of a commercial and/or contractual relationship, in the development of its corporate purpose, may have access to the personal, legal, fiscal and tax information of the same, for which CASTRO & SALAZAR LAW GROUP S.A.S. is responsible or in charge of the processing of personal data. The present policies are also applicable to the data of THE COMPANY where CASTRO & SALAZAR LAW GROUP S.A.S. is the data controller, such as: the data of the applicants in selection processes, the data of the workers and the data of suppliers and contractors, as well as clients.

2. Scope of Application

In compliance with the law and decrees mentioned above, CASTRO & SALAZAR LAW GROUP S.A.S. compiled the principles to be applied in order to inform the rights and duties enshrined in favor of the Owners of the Personal Data Information, and the duties assumed by THE COMPANY as Responsible for the Processing of Personal Data. The Policies will be applicable to personal data, registered before or after the entry into force of the rules on the processing of personal data. The Policies shall not be applicable to those data that, due to their generality, become anonymous because they do not allow identifying or individualizing a specific Data Subject.

Taking into account that CASTRO & SALAZAR LAW GROUP S.A.S. requires the prior and express authorization by the Holder of the personal data, such authorization shall be made by the signature of the applicant to a position within THE COMPANY, by the employee of the same or by a person authorized by the Holder of the personal data, as supplier, contractor and customer, of a document stating that between the parties, whether natural or legal persons, may have or have, labor or commercial ties, expressly authorizing THE COMPANY by the Holder of the personal data, as well as their representatives, so that the same, obtained voluntarily from the Holder, may be compiled, processed, stored, consulted, administered, shared, disclosed, transmitted, in accordance with the present PERSONAL DATA PROCESSING POLICY, for a period of up to five (5) years, counted from the termination of the relationship between the Holder of the personal data and CASTRO & SALAZAR LAW GROUP S. A.S.

3. Processing of personal data

With the authorization referred to in the previous paragraph, the Holder of the personal data being a supplier, contractor or customer, authorizes CASTRO & SALAZAR LAW GROUP S.A.S. to:

(a) To make inquiries, requests and reports of all credit behavior information, both its own and that of its representatives and managers, before any of the financial information operators, due to the obligations contracted, or to be contracted, between the Holder of the personal data and THE COMPANY. Likewise, CASTRO & SALAZAR LAW GROUP S.A.S. is authorized to obtain information about commercial relations of the Holder of the personal data with other entities and to consult their reports before the information centers. For this purpose, it expressly, previously and irrevocably authorizes CASTRO & SALAZAR LAW GROUP S.A.S. to carry out before any information center operator, any operation or treatment carried out on the information and personal data provided, both of the Holder of the same, as well as its representatives and directors, including the consultation, request, supply, report, processing and disclosure of all the information related to the credit behavior of the Holder of the personal data, the origin of the obligations under its responsibility, any novelty, modification, extinction, compliance or non-compliance of obligations. CASTRO & SALAZAR LAW GROUP S.A.S. is authorized to verify the behavior of the Holder of the personal data in the relationships established with any other entity, either directly with such entity or through an information operator.

b) To provide the information contained in its databases to the following persons: to the Owners of the personal data, to the persons duly authorized by them; to the users of the information, within the parameters of the law, of the contracts or agreements subscribed by CASTRO & SALAZAR LAW GROUP S.A. S; prior order, to any judicial or administrative authority; to the public entities of the executive branch, when the knowledge of such information corresponds directly to the fulfillment of any of its functions; to the control bodies and other disciplinary, fiscal or administrative investigation agencies, when the information is necessary for the development of an ongoing investigation; to data operators, in accordance with current regulations, and in general to other persons authorized by law.

Collect, obtain, compile, modify, use, store, process and, in general, manage the information. The above, subject to the obligations of professional secrecy provided for in the rules that regulate, modify or complement it.

4. Definitions

a) Authorization: Prior, express and informed consent of the Data Subject to carry out the processing of personal data.

b) Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Data Subject for the Processing of his/her personal data, by means of which he/she is informed about the existence of the information processing policies that will be applicable to him/her, the way to access them and the purposes of the processing that is intended to be given to the personal data.

c) Database: Organized set of data that is subject to processing.

d) Personal Data: Any information linked or that may be associated to one or more natural and/or legal persons, determined or determinable.

e) Private Personal Data: Data which, due to its intimate or reserved nature, is only relevant to the Data Owner.

f) Semi-Private Personal Data: Semi-private data is data that is not of an intimate, reserved or public nature, and whose knowledge or disclosure may be of interest not only to the Data Controller, but also to a certain sector or group of persons or to society in general.

g) Sensitive Personal Data: Sensitive data is understood as that which affects the privacy of the Data Subject or whose improper use may generate discrimination, such as that which reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

h) Public Personal Data: Data that is not private, semi-private or sensitive. Public data includes, among others, data related to the marital status of individuals, their profession or trade, and their status as merchants or public servants. Due to their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality.

i) Company: For the purposes of this document, CASTRO & SALAZAR LAW GROUP S.A.S. is referred to.

j) Data Processor: Natural or Legal Person, public or private, who by himself or in association with others, performs the processing of personal data on behalf of the data controller.

k) Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data.

l) Data Subject: Natural person whose personal data is the object of processing.

m) Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

n) Transmission: Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia, when the purpose is the performance of a Processing by the Processor on behalf of the Controller.

o) Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.

5. Guiding Principles for the Processing of Personal Data

a) Legality Principle: This principle refers to the processing referred to in this Policy, it is a regulated activity that must be subject to the provisions set forth in this Policy and in the other provisions that develop it.

b) Principle of Purpose: It is defined in the following terms: The processing must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Data Subject.

c) Principle of Freedom: It refers to the fact that the processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent.

Principle of Truthfulness or Quality: It establishes that the information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

d) Principle of Transparency: In the processing, the right of the Data Subject to obtain from the Data Controller or the person in charge of the processing, in THE COMPANY, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed.

e) Principle of Access and Restricted Circulation: The treatment is subject to the limits derived from the nature of the personal data, the provisions of this Policy and the Constitution. In this sense, the processing may only be carried out by persons authorized by the Holder of the personal data and/or by the persons provided for in this Policy.

f) Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communications, unless access is technically controllable to provide restricted knowledge only to the Data Controllers or authorized third parties in accordance with this Policy.

g) Security Principle: The information subject to processing by the Data Controller or Data Processor, in THE COMPANY, referred to in this Policy, shall be handled with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

h) Principle of Confidentiality: THE COMPANY guarantees the confidentiality of the information, even after the end of its relationship with any of the tasks that include the processing of personal data, and may only provide or communicate personal data when it corresponds to the development of the activities authorized in this Policy and under the terms of the same.

6. Identification of the Controller

The company CASTRO & SALAZAR LAW GROUP S.A.S. will normally act as the Controller of the processing of personal data, but it could eventually be in charge. In any of these cases, THE COMPANY will be identified as follows:

Company name: CASTRO & SALAZAR LAW GROUP S.A.S. Registered Office: Bogotá D.C., Colombia

TAX ID: 901455257 – 7

Address: Cr 14 B # 163 29 Apt 1207

E-mail: cesar.castro@cs-lawgroup.com

Phone: (571) 3003753032

All employees of CASTRO & SALAZAR LAW GROUP S.A.S. shall be responsible for:

a) Ensure that the Personal Data Treatment Policies are known by third parties, customers, suppliers and contractors,

b) Comply with the provisions of this Policy, as well as the duties defined therein, regarding the strict protection and safekeeping of personal data and documents transmitted and received from aspiring workers, their own workers and colleagues, suppliers and contractors and customers, preventing adulteration, loss, consultation, use or unauthorized or fraudulent access to them.

c) Update the information, communicating in a timely manner to the Data Processor, all developments with respect to the data previously provided, taking the necessary measures to ensure that the information provided to it is kept up to date;

d) Rectify the information when it is incorrect, and communicate the pertinent to the Data Processor.

e) Inform the Data Processor when certain information is under discussion by the Holder of the personal data, once the claim has been filed and the respective process has not been completed.

f) Inform, at the request of the Data Controller, the use given to his/her data.

g) Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Personal Data Holders.

7. Personal Data

The treatment of the personal data of CASTRO & SALAZAR LAW GROUP S.A.S. is indicated below, depending on whether it is responsible or in charge of the treatment of such data.

7.1. As Responsible: THE COMPANY shall process the personal data under the terms and scope of the authorization given by the Holder of the information, of the following data:

Workers’ data: it comprises the data of those aspiring to work in THE COMPANY, those of the active workers, as well as the former workers of the same, in order to: (i) Manage and operate, directly or through third parties, the processes of selection and hiring of workers, including the evaluation and qualification of the applicants or the workers themselves, enabling the verification of labor and/or personal references, and the performance of safety studies; ii) Develop human resources and management activities, such as payroll, affiliations to entities of the general social security system of the Holder and its beneficiaries, occupational health and welfare activities, exercise of the employer’s sanctioning power, among others; iii) Report work accidents, prevention of occupational risks, medical and safety examinations; iv) Attendance control and registration for payroll payment. In addition to the collection, storage, copying, delivery, updating, ordering, classification, transfer, correction, verification, use for statistical purposes and in general employment and use of all data provided, in order to properly manage the labor relationship between THE COMPANY and its employees. THE COMPANY may share the data of its employees with its current or potential clients, in the development of its commercial relationship and in order to comply with its commercial and/or contractual obligations.

a) Data from suppliers and contractors: Includes data from suppliers and contractors to: i) Develop contractual management processes of goods and services; ii) Invite to participate in bidding processes or bids to be selected; iii) Registration in the Company’s databases of the Holder’s information for commercial, tax and fiscal purposes; iv) Registration of payments and account statements; v) Evaluation and qualification of compliance. In addition to the collection, storage, copying, delivery, updating, ordering, classification, transfer, correction, verification, use for statistical purposes and in general use and utilization of all data provided for the purpose of developing the corporate purpose of THE COMPANY and as stipulated in the respective contracts and/or commercial documents signed between the parties, as well as to properly manage the business relationship between THE COMPANY and its suppliers and contractors.

7.2. As Data Processor: Eventually THE COMPANY may process personal data under the terms and scope of the authorization given by the Data Subject:

a) Data owned by Clients of THE COMPANY: It includes the data of the clients in order to: i) Fulfill the obligations contracted at the time of contracting the services of CASTRO & SALAZAR LAW GROUP S.A.S.; ii) Send information of offers and quotations, of services; iii) Strengthen commercial relationships by sending relevant information, contracting new services, quotations, billing and portfolio collection; iv) Send information about changes in general or particular conditions of the services offered by THE COMPANY. In addition to the collection, storage, copying, delivery, updating, use, sorting, classification, transfer, correction, verification and use for statistical purposes of data owned by corporate clients of THE COMPANY, which shall at all times be subject to the policies and instructions agreed between the Parties. As far as possible, in the agreements or contracts with the clients THE COMPANY will expressly state the condition of Data Processor and Data Controller, with the obligations that such quality imposes on them. The data provided by the clients will only be used according to the purpose established in the respective agreements or contracts, and for the same reason, they will be returned to the Client’s Data Controller once the contractual obligations, or those derived from agreements, of CASTRO & SALAZAR LAW GROUP S.A.S. as Data Processor are concluded.

8. Information Security

The mechanisms through which THE COMPANY makes use of personal data are safe and confidential, because it has the appropriate technological means to ensure that they are stored in such a way as to prevent unwanted access by third parties, ensuring the confidentiality of the same.

Personal data shall be kept as long as there is a business relationship between CASTRO & SALAZAR LAW GROUP S.A.S. and third parties, and in any given case up to five (5) years after the termination of the aforementioned relationship.

9. Rights of the Holders of the Information

The Holders of the information have the following rights:

(a) To know, update and rectify their personal data. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorized;

b) Request proof of the authorization granted to THE COMPANY, as Data Controller, except when expressly exempted as a requirement for the Processing, in accordance with the provisions of these Policies and the laws in force governing the matter;

c) Be informed by THE COMPANY, upon request, regarding the use that has been made of their personal data;

d) File complaints before the Superintendence of Industry and Commerce for violations of the provisions of the law and other regulations that modify, add or complement it;

e) To revoke the authorization and/or request the deletion of the data when the treatment does not respect the constitutional and legal principles, rights and guarantees. The revocation and/or suppression will proceed when the Superintendence of Industry and Commerce has determined that in the treatment THE COMPANY has incurred in conduct contrary to the law and the Constitution;

f) Access free of charge to their personal data that have been subject to processing.

g) The other rights that are contained in the regulations in force with respect to the matter.

In exercising the rights listed above may make inquiries as appropriate and make any claims deemed necessary in order to ensure respect for them.

10. The Company’s Duties

10.1. Duties as Data Controller: CASTRO & SALAZAR LAW GROUP S.A.S., when acting as Data Controller of personal data, shall comply with the following duties:

a) Guarantee to the Holder of personal data, at all times, the full and effective exercise of the right of habeas data.

b) Request and keep a copy of the respective authorization granted by the Data Subject.

c) Duly inform the Holder of the personal data about the purpose of the collection and the rights he/she is entitled to by virtue of the authorization granted.

d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

e) Guarantee that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.

f) Update the information, communicating in a timely manner to the Data Processor, all developments regarding the data previously provided and take other necessary measures to ensure that the information provided to the Data Processor is kept up to date.

g) Rectify the information when it is incorrect and communicate the pertinent to the person in charge of the processing of personal data.

h) To provide the person in charge of the processing of personal data, as the case may be, only data whose processing is previously authorized.

i) To demand from the Data Processor at all times to respect the security and privacy conditions of the information of the Personal Data Holder.

j) To process the queries and claims formulated in the terms set forth in this Policy.

k) Inform the person in charge of the processing of personal data when certain information is under discussion by the Personal Data Holder, once the claim has been filed and the respective process has not been completed.

l) Inform upon request of the Data Subject about the use given to his/her personal data.

m) Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the Personal Data Holders.

n) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

o) The others provided for in the Law.

10.2. Duties as Data Processor: CASTRO & SALAZAR LAW GROUP S.A.S. as Data Processor, shall comply with the following duties:

a) Guarantee to the Holder of personal data, at all times the full and effective exercise of the right of habeas data.

b) Request and keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

c) Update, rectify or delete data in a timely manner.

d) Update the information reported by the Controllers of personal data within five (5) working days from its receipt.

e) To process the queries and claims made by the Personal Data Holders.

f) Register in the database the legend “claim in process” in the manner regulated by law.

g) Insert in the database the legend “information under judicial discussion” once notified by the competent authority about judicial proceedings related to the quality of the personal data.

h) Refrain from circulating information that is being disputed by the Holder of personal data and whose blocking has been ordered by the Superintendence of Industry and Commerce.

i) To allow access to the information only to those persons who may have access to it.

j) Inform the Superintendence of Industry and Commerce when there are violations to the security codes and there are risks in the administration of the information of the Personal Data Holders.

k) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

10.3. Concurrence of Qualities: In the event that the qualities of Controller and Data Processor concur, the Company shall be required to comply with the duties provided for each.

11. Sensitive data and data of minors

THE COMPANY processes sensitive data but not of minors. Notwithstanding the foregoing, it undertakes to comply fully with Title III of Law 1581 of 2012, which establishes the sensitive data and data of children and adolescents.

12. Procedure for the exercise of rights by the Owners of the information.

The Owners of the personal data information may exercise their rights to know, update, rectify and delete information, revoke the authorization initially granted, consult information, file claims and in general the other rights established in Article 8 and other concordant of Law 1581 of 2012, through the following means:

E-mail: cesar.castro@cs-lawgroup.com by sending your communication to Carrera 14 B # 163 29 Apt 1207 in Bogotá D.C., Colombia, addressed to Cesar Augusto Castro Salazar, who will be the Compliance Officer at THE COMPANY.

The answers will be issued within a maximum term of fifteen (15) working days from the day following the date of receipt of the request of rights by the Holder of the personal data. This term may be extended when it is not possible to meet the request within such term, and THE COMPANY must inform the petitioner the reasons for the postponement, before its original expiration.

The Holder of the Personal Data Information who notices the alleged breach of any of the duties of THE COMPANY regarding the processing of personal data, may file a claim which will be processed under the following rules:

The claim shall be formulated directly to THE COMPANY following the procedure and through the channel, established. The claim must establish the identification of the Holder of the Personal Data Information, the description of the facts that give rise to the claim, the address, and accompanied by the respective documentary evidence to support the claim. If the claim is incomplete, the Holder of the Personal Data Information will be required within fifteen (15) business days from the day following the date of receipt of the request of rights by the Holder of the Personal Data, to remedy the faults. After thirty (30) days from the date of the request, without the claimant or Personal Data Owner submitting the required information, it will be understood that the claim has been withdrawn.

Once the complete claim has been received, the database will include the summary “claim in process” and the origin or reason for the claim, within a term not exceeding two (2) business days. Said summary shall be maintained until the claim request has been resolved.

The maximum term to address the claim shall be fifteen (15) business days from the day following the date of receipt. This term may be extended when it is not possible to meet the request within that period, and THE COMPANY must inform the petitioner the reasons for the postponement, before its original expiration.

Regarding the complaint before authorities, the Holder of the Personal Data Information may only file a complaint before the Superintendence of Industry and Commerce or before the authority that is competent according to the legal stipulations, once the consultation or complaint procedure before THE COMPANY has been exhausted. CASTRO & SALAZAR LAW GROUP S.A.S., within the legal opportunity, will attend to the rights exercised by the Holders of personal data information, their requests, queries and/or claims through the Compliance Officer.

The Holders of personal data must understand that according to Article 9 of Decree 1377 of 2013, “the request for the information and the revocation of the authorization shall not proceed when the Holder has a legal or contractual duty to remain in the database”.

13. Areas responsible for the attention of requests, queries and claims of the Holders of personal data information in the exercise of their rights.

Any process related to the processing of personal data will be coordinated and supervised by the Compliance Officer, Cesar Augusto Castro Salazar.

E-mail: cesar.castro@cs-lawgroup.com

Address: Carrera 14 B # 163 29 Apt 1207, Bogotá D.C., Colombia.

14. Security measures for personal data

THE COMPANY shall apply the best practices, the greatest effort and diligence in the treatment of personal data under its responsibility, either as Responsible or as Responsible, in order to guarantee the security and confidentiality of the personal data received voluntarily from the Holders of the personal data information. CASTRO & SALAZAR LAW GROUP S.A.S. has adopted mechanisms and measures that ensure the integrity and confidentiality of personal data, which once incorporated in the databases cannot be altered, lost, fraudulent use or unauthorized access.

15. Transfer and transmission of personal data

THE COMPANY carries out transmission but not transfer of personal data for which it is responsible.

16. Prevalence of the substantive rules on the matter

Taking into account that this document seeks to comply with the rules governing the protection of the right of habeas data enshrined in the Constitution, the statutory laws on the subject and the regulations issued by the National Government for that purpose, the interpretation of the policies of CASTRO & SALAZAR LAW GROUP S.A.S. shall at all times be subordinated to the content of such higher provisions, so that in case of incompatibility or contradiction between these policies and the higher regulations, the latter shall apply.

17. Effective date of the information processing policy.

This version l of the Policy of Treatment of personal data information becomes effective upon its publication on the COMPANY’s website https://cs-lawgroup.com/, where it can be consulted, effective from the time of its publication. Any modification to this Policy will be informed and published on THE COMPANY’s website.

18. Privacy Notice

As stipulated in Article 14 of Decree 1377 of 2013, in the event that it is not possible to make available to the Holder of the personal data information the Information Processing Policies, the Controllers shall inform the Holder by means of a Privacy Notice about the existence of such policies and how to access them in a timely manner and in any case no later than the time of collection of personal data. The following is a transcription of the Privacy Notice that may be used by THE COMPANY. However, THE COMPANY may adjust such notices for its application in the different types of authorizations, but without failing to comply with the provisions of current regulations.

Privacy Notice:

CASTRO & SALAZAR LAW GROUP S.A.S.(hereinafter “The Company”) is committed to the protection of personal data information. By means of this notice you are informed of our Personal Data Protection Policy, describing the treatment to which the data will be subjected and its purpose, the rights of the Owners, the security measures and the means to make inquiries, requests and claims.

THE COMPANY will process the personal data under the terms and scope of the authorization given by the Holder of the personal data, of the following data:

(a) Of aspiring workers and of the workers themselves.

b) Suppliers, contractors and customers.

19. Rights of the Holders and Mechanisms to Enforce the Rights:

The Holders of Personal Data Information have the rights contemplated in this Policy of Treatment of Personal Data Information, as well as in the current data protection regulations, and at any time may contact THE COMPANY by writing to the e-mail address violations to the security codes and there are risks in the administration of the information of the Holders of personal data.

c) Comply with the instructions and requirements given by the Superintendence of Industry and Commerce.

10.4. Concurrence of Qualities: In the event that the qualities of Controller and Data Processor concur, the Company shall be required to comply with the duties foreseen for each of them.

20. Sensitive data and data of minors

THE COMPANY processes sensitive data but not that of minors. Notwithstanding the foregoing, it undertakes to comply fully with Title III of Law 1581 of 2012, which establishes the sensitive data and data of children and adolescents.

21. Procedure for the exercise of rights by the Owners of the information.

The Holders of personal data information may exercise their rights to know, update, rectify and delete information, revoke the authorization initially granted, consult information, file claims and in general the other rights established in Article 8 and other concordant of Law 1581 of 2012, through the following means:

E-mail: cesar.castro@cs-lawgroup.com or by sending your communication to Carrera 14 B # 163 29 Apt 1207 of Bogotá D.C., Colombia, addressed to Cesar Augusto Castro Salazar, who will be the Compliance Officer at THE COMPANY.

Regarding the complaint before authorities, the Holder of the personal data information may only file a complaint before the Superintendence of Industry and Commerce or before the competent authority according to the legal stipulations, once the consultation or complaint procedure before THE COMPANY has been exhausted.TANNUS & ASOCIADOS S.A.S., within the legal opportunity, will attend the rights exercised by the Holders of the personal data information, their requests, consultations and/or complaints through the Compliance Officer.

22. Areas responsible for the attention of requests, queries and claims of the Holders of personal data information in the exercise of their rights.

Any process related to the processing of personal data will be coordinated and supervised by the Compliance Officer, Cesar Augusto Castro Salazar.

E-mail: cesar.castro@cs-lawgroup.com

Address: Carrera 14 B # 163 29 Apt 1207, Bogotá D.C., Colombia.

23. Personal Data Security Measures

THE COMPANY shall apply the best practices, the greatest effort and diligence in the treatment of personal data under its responsibility, either as Responsible or as Responsible, in order to guarantee the security and confidentiality of the personal data received voluntarily from the Holders of the personal data information. CASTRO & SALAZAR LAW GROUP S.A.S has adopted mechanisms and measures that ensure the integrity and confidentiality of personal data, which once incorporated in the databases, it is not possible its alteration, loss, fraudulent use or unauthorized access.

24. Transfer and transmission of personal data

THE COMPANY carries out transmission but not transfer of personal data for which it is responsible.

25. Prevalence of the substantive rules on the matter

26. Effective date of the information treatment policy.

The present version l of the Policy of Treatment of personal data information comes into force from its publication on the website THE COMPANY https://cs-lawgroup.com/, where it can be consulted, effective from the time of its publication. Any modification to this Policy will be informed and published on THE COMPANY’s website.

27. Privacy Notice

As stipulated in Article 14 of Decree 1377 of 2013, in the event that it is not possible to make available to the Holder of the personal data information the Information Processing Policies, the Controllers shall inform by means of a Privacy Notice to the Holder about the existence of such policies and how to access them in a timely manner and in any case no later than at the time of collection of personal data. The following is a transcription of the Privacy Notice that may be used by THE COMPANY. However, THE COMPANY may adjust such notices for its application in the different types of authorizations, but without failing to comply with the provisions of current regulations.

Privacy Notice:

CASTRO & SALAZAR LAW GROUP S.A.S. (hereinafter “THE COMPANY”) is committed to the protection of personal data information. By means of this notice you are informed of our Personal Data Protection Policy, describing the treatment to which the data will be subjected and its purpose, the rights of the Holders, the security measures and the means to make inquiries, requests and claims.

THE COMPANY will process the personal data under the terms and scope of the authorization given by the Holder of the personal data, of the following data:

(a) Of aspiring workers and of the workers themselves.

b) Suppliers, contractors and customers.

28. Rights of the Holders and Mechanisms to Enforce the Rights:

The Holders of Personal Data Information have the rights contemplated in this Personal Data Information Processing Policy, as well as in the current data protection regulations, and at any time may contact THE COMPANY by writing to the e-mail cesar.castro@cs-lawgroup.com where they may also request the sending of the Personal Data Processing and Protection Policy.

Colombian visas for expatriates in Bogotá and Medellín

Useful Links

Practices Areas

Contact Us

Office Hours