1. GENERAL INFORMATION
In compliance with the Florida Information Protection Act (FIPA), FIT FASHION LATINO CORP; adopts this policy for the treatment of personal data, which will be communicated to all data subjects whose data is collected or obtained in the course of commercial or labor activities. Thus, SORETEX SAS declares that it guarantees the rights to privacy, intimacy, and the treatment of personal data, and accordingly, all its actions will be governed by the principles of legality, purpose, freedom, truthfulness or quality, transparency, access and restricted circulation, security, and confidentiality. All individuals who, in the course of various commercial or labor activities, whether permanent or occasional, provide any type of personal information or data to the Company, may know, update, and rectify it.
2. COMPANY NAME
FIT FASHION LATINO CORP, a company dedicated to the commercialization of sports garments for women, established since 2018
EMAIL: international@bonlife.com.co
PHONE: +1 (786) 798 6257
3. LEGAL FRAMEWORK
The Florida Information Protection Act of 2014 (FIPA) expanded notification requirements on covered entities that acquire, use, store, or maintain state residents’ the personal information.
The statute, which came into effect on July 1, 2014, made several modifications to Florida law. These modifications apply to commercial and government entities, especially those that experience a data breach.
4. SCOPE OF APPLICATION
This policy applies to personal data registered in any database of the company SORETEX SAS, whose data subject is a natural or legal person.
5. DEFINITIONS
For the purposes of this policy and in accordance with the current regulations on the protection of personal data, the following definitions shall be taken into account:
Authorization: Prior, express, and informed consent of the Data Subject to carry out the Treatment of personal data.
Privacy Notice: Verbal or written communication generated by the Data Controller, addressed to the Data Subject for the treatment of their personal data, through which they are informed about the existence of the information treatment policies applicable to them, the way to access them, and the purposes of the treatment of personal data.
Database: Organized set of personal data subject to treatment.
Heir: Person who has succeeded another by reason of their death (legatee).
Personal Data: Any information linked to one or more specific or ascertainable natural persons.
Public Data: Data that is not semi-private, private, or sensitive. Public data includes, among others, data relating to the civil status of individuals, their profession or occupation, and their status as a trader or public servant. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court judgments that are not subject to reservation.
Sensitive Data: Sensitive data refers to those that affect the privacy of the Data Subject or whose misuse could lead to their discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data.
Data Controller: Natural or legal person, public or private, who, by themselves or in conjunction with others, carries out the processing of personal data on behalf of the Data Controller.
Data Processor: Natural or legal person, public or private, who, by themselves or in conjunction with others, decides on the database and/or the processing of the data.
Data Subject: Natural person whose personal data is subject to processing.
Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion.
Transfer: The transfer of data occurs when the Data Controller and/or Data Processor, located in Colombia, sends information or personal data to a recipient who is also responsible for the processing and is located inside or outside the country.
Transmission: Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia when it is intended for processing by the processor on behalf of the controller.
The definitions included in this document are taken from the current regulations in Colombia that regulate the protection of personal data.
6. PRINCIPLES
In order to guarantee the protection of personal data, the Company will apply the following principles harmoniously and comprehensively, in light of which the processing, transfer, and transmission of personal data must be carried out:
Principle of legality in data processing: Data processing is a regulated activity, which must be subject to the current and applicable legal provisions governing the subject matter.
Principle of purpose: The processing of personal data carried out by the company or to which it has access shall serve a legitimate purpose in accordance with the Political Constitution of Colombia, which shall be informed to the respective data subject.
Principle of consent: The processing of personal data may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of statutory or judicial mandate demonstrating consent.
Principle of accuracy or quality: Information subject to the processing of personal data must be truthful, complete, accurate, up-to-date, verifiable, and understandable. Partial, incomplete, fragmented, or misleading data processing is prohibited.
Principle of transparency: In the processing of personal data, SORETEX SAS shall guarantee the Data Subject's right to obtain, at any time and without restrictions, information about the existence of any type of information or personal data that is of their interest or ownership.
Principle of restricted access and circulation: The processing of personal data is subject to the limits arising from the nature of the data, as well as the provisions of the law and the Constitution. Therefore, the processing may only be carried out by persons authorized by the data subject and/or by persons provided for by law. Personal data, except for public information, may not be available on the internet or other means of disclosure or mass communication, unless access is technically controllable to provide restricted knowledge only to data subjects or third parties authorized by law. For these purposes, SORETEX SAS's obligation shall be one of means.
Principle of security: The information subject to processing by SORETEX SAS must be handled with the technical, human, and administrative measures necessary to ensure the security of the records, preventing their alteration, loss, consultation, unauthorized or fraudulent use or access.
Principle of confidentiality: All individuals in the company who manage, handle, update, or have access to any type of information in databases are obliged to guarantee the confidentiality of the information. Therefore, they undertake to strictly preserve and maintain all the information they come to know in the execution and exercise of their functions as strictly confidential and not to disclose it to third parties, except when expressly authorized by data protection law. This obligation persists and shall be maintained even after the termination of their relationship with any of the tasks comprising the processing.
7. RIGHTS OF THE DATA SUBJECT
In accordance with the applicable legislation on data protection, the following are the rights of data subjects:
To access, know, update, and rectify their personal data held by SORETEX SAS as the data controller. This right may be exercised, among others, in relation to partial, inaccurate, incomplete, fragmented, misleading data, or data whose processing is expressly prohibited or unauthorized.
To request proof of the authorization granted to the company for the processing of data, through any valid means, except in cases where authorization is not required.
To be informed by SORETEX SAS, upon request, about the use that has been made of their personal data.
To lodge complaints with the Superintendence of Industry and Commerce, or the entity acting in its capacity, for breaches of Law 1581 of 2012 and other regulations amending, supplementing, or complementing it, following the consultation or requirement procedure with the Company.
To revoke the authorization and/or request the deletion of the data when the processing does not comply with constitutional and legal principles, rights, and guarantees.
To access their personal data that have been processed free of charge, at least once every calendar month, and whenever substantial modifications to this policy justify new inquiries. These rights may be exercised by: - The data subject, who must sufficiently prove their identity through the various means made available by the company. - The legal successors of the data subject, who must prove such status. - The representative and/or attorney-in-fact of the data subject, upon proof of representation or power of attorney.
To exercise any other right stipulated in favor of or for the data subject. Rights of children and adolescents: When processing personal data, the respect for the prevailing rights of minors shall be ensured.
The processing of personal data of minors is prohibited, except for those data that are of a public nature, and in such cases, the processing must comply with the following parameters:
To respond to and respect the best interests of minors.
To ensure respect for the fundamental rights of minors.
8. DUTIES OF THE COMPANY AS DATA CONTROLLER AND PROCESSOR OF PERSONAL DATA
The Company acknowledges the ownership of personal data held by individuals, and therefore, they alone can decide on their use. Accordingly, FIT FASHION LATINO CORP will use personal data for the fulfillment of purposes explicitly authorized by the data subject or by applicable laws. In the processing and protection of personal data, the company shall have the following duties, without prejudice to others provided for in the regulations that govern or may govern this matter:
To guarantee the data subject's full and effective exercise of the right to habeas data at all times.
To request and retain a copy of the respective authorization granted by the data subject for the processing of personal data.
To duly inform the data subject about the purpose of the data collection and the rights that they are entitled to based on the granted authorization.
To maintain the information under the necessary security conditions to prevent its alteration, loss, consultation, unauthorized or fraudulent use or access.
To ensure that the information is truthful, complete, accurate, up-to-date, verifiable, and understandable.
To timely update the information, thus addressing any changes regarding the data of the data subject. Additionally, all necessary measures must be implemented to keep the information up to date.
To rectify the information when it is incorrect and communicate the pertinent updates.
To respect the security and privacy conditions of the data subject's information.
To process inquiries and complaints in accordance with the terms established by law.
To identify when certain information is under discussion by the data subject.
To inform the data subject upon request about the use of their data.
To report to the data protection authority in case of security breaches and risks in the management of data subject information.
To comply with the requirements and instructions issued by the Superintendence of Industry and Commerce regarding the specific topic.
To use only data for which processing has been duly authorized in accordance with the provisions of Law 1581 of 2012.
To ensure proper use of personal data of children and adolescents in cases where their data processing is authorized.
To record in the database the phrase 'claim in progress' as regulated by law. To insert in the database the phrase 'information under judicial discussion' once notified by the competent authority of judicial processes related to the quality of personal data.
To refrain from circulating information that is being disputed by the data subject and has been blocked by the Superintendence of Industry and Commerce.
To grant access to information only to those individuals who are authorized to access it.
To use the data subject's personal data only for the purposes for which it is duly authorized, always especting the current regulations on the protection of personal data.
9. AUTHORIZATION AND CONSENT OF THE DATA SUBJECT
The processing of personal data requires the free, prior, express, and informed consent of the data subject, except in cases expressly authorized by law, namely:
Information required by a public or administrative entity in the exercise of its legal functions or by a court order.
Data of a public nature.
Cases of medical or health emergencies.
Processing of information authorized by law for historical, statistical, or scientific purposes.
10. PRIVACY NOTICE
The Privacy Notice is the physical, electronic, or any other format document made available to the data subject to inform them about the processing of their personal data. Through this document, the data subject is informed about the existence of the company's information processing policies that will be applicable to them, how to access them, and the characteristics of the intended processing of personal data. The privacy notice must contain, at least, the following information:
The identity, address, and contact details of the data controller.
The type of processing to which the data will be subjected and its purpose.
The rights of the data subject.
The general mechanisms provided by the data controller for the data subject to become aware of the information processing policy and any substantial changes that occur in it. In all cases, the data controller must inform the data subject how to access or consult the information processing policy.
The voluntary nature of the response to questions about sensitive data.
11. PROCEDURE FOR HANDLING INQUIRIES, COMPLAINTS, REQUESTS FOR RECTIFICATION, UPDATING, AND DATA DELETION
Inquiries: Data subjects or their successors in interest may inquire about the personal information held by the company, which will provide all the information contained in the individual record or that is linked to the identification of the Data Subject. Regarding the handling of requests for personal data inquiries, the company guarantees:
Providing electronic communication channels or any other relevant means. Establishing forms, systems, and other simplified methods, which should be informed in the privacy notice.
Utilizing customer service or complaint handling services that are inoperation.
In any case, regardless of the mechanism implemented for handling inquiry requests, they will be addressed within a maximum period of ten (10) business days from the date of receipt. If it is not possible to address the inquiry within that time frame, the interested party will be informed before the expiration of the 10-day period, stating the reasons for the delay and indicating the date when the inquiry will be addressed, which shall not exceed five (5) business days following the expiration of the initial deadline.
Inquiries can be submitted to the email address international@bonlife.com.co
12. FIT FASHION LATINO CORP NATIONAL DATABASE REGISTRY
In accordance with the law, the company reserves the right, in the events contemplated by the law, its statutes, and internal regulations, to maintain and classify certain information held in its databases as confidential, in accordance with current regulations, statutes, and regulations, all of the above in line with fundamental constitutional rights.
13. INFORMATION SECURITY AND SECURITY MEASURES
In compliance with the principle of security established in current regulations, FIT FASHION LATINO CORP will adopt the necessary technical, human, and administrative measures to ensure the security of the records, preventing their alteration, loss, consultation, unauthorized or fraudulent use, or access.
14. USE AND INTERNATIONAL TRANSFER OF PERSONAL DATA AND PERSONAL INFORMATION BY FIT FASHION LATINO CORP
In compliance with the institutional mission and the strategic development plan of the company, and considering the nature of the permanent or occasional relationships that any data subject may have with us, the company may transfer and transmit, including internationally, all personal data, provided that applicable legal requirements are met. Consequently, by accepting this policy, data subjects expressly authorize the transfer and transmission, including at an international level, of their personal data. The data will be transferred for all relationships that may be established with FIT FASHION LATINO CORP
For the international transfer of personal data of data subjects, the company will take necessary measures to ensure that third parties are aware of and commit to complying with this policy, with the understanding that the personal information they receive can only be used for matters directly related to FIT FASHION LATINO CORP and only as long as the relationship lasts, and it cannot be used or intended for any other purpose.
15. EFFECTIVENESS
This policy is effective from its issuance on January 15, 2018, and the databases subject to processing will remain valid as long as necessary for the purposes of marketing and the provision of any type of service.