top of page
Aeronave King Air 300 beechcraft en Mantenimiento Colombia Central Aerospace

PRIVACY POLICY, TREATMENT AND PROCEDURE FOR THE PROTECTION OF PERSONAL DATA

PRESENTATION

This document responds to the need to comply with the provision set forth in paragraph k) of Article 17 of Law 1581 of 2012, which regulates the duties of those responsible for the processing of personal data, among which stands out the adoption of an Internal Manual of Policies and Procedures to ensure proper compliance with the Law and especially for the attention of queries and complaints.

It is of great importance to specify that in paragraphs d) and e) of article 3 of Law 1581 of 2012, express mention is made of the Data Controller and the Data Processor, respectively. Thus, the Data Controller is the natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Processing of the data, in this case CENTRAL AEROSPACE S.A.S duly represented by Rodrigo Perdomo, a company located at Avenida Calle 26 No. 103 - 22 Aeropuerto Internacional El Dorado Entrada 2 Interior 1, Bogotá D.C., with contact telephone number +57 (601) 413 - 9530. While the Data Processor is the natural or legal person, public or private, which by itself or in association with others, performs the processing of personal data on behalf of the Controller. In the specific case of CENTRAL AEROSPACE S.A.S., the Data Processor is the Technical Support Area, located at the same address as the Controller, with contact e-mail rvelasco@centralaerospace.com

 

Now, current technologies allow companies to efficiently manage, exploit and store personal information used for the fulfillment of their corporate business objectives, such as in their personnel selection and hiring processes, or processes related to service and attention to customers, users, suppliers, shareholders, managers, among others.

 

The fundamental right to habeas data is intended to guarantee citizens the power to know, update and rectify the information that has been collected in data banks, as well as to exercise their rights, freedoms and constitutional guarantees related to the collection, processing and circulation of their personal data. In this sense, the right to the protection of personal data provides the holder with a range of powers to maintain control over his personal information. These powers range from the right to know who keeps the personal data, the uses to which they are being put, to the definition of who may consult them and the opposition to their possession and use.

 

Law 1581 of 2012 develops a series of guarantees and instruments designed to guarantee the validity of the aforementioned fundamental right. In this context, the purpose of this manual is to cover and provide the aforementioned guarantees and instruments taking into account our status as Controllers of personal data in the light, in particular, of the provisions of paragraph k) of article 17 of the aforementioned Law. 

 

It is for the above then, that this manual aims to expose the procedures for the collection and processing of personal data, as well as the channels of access to personal data and other situations enshrined in the provisions of Law 1581 of 2012 and Decrees 1377 of 2013 and 886 of 2014. In the same way, it includes the basic aspects of a regulatory nature, contains separate annexes with models, documents and outlines of procedures that allow us to obtain authorization for the processing of personal data according to our particular needs.

 

 

CHAPTER I

GENERAL PROVISIONS

ARTICLE 1. APPLICABLE LEGISLATION. This manual was prepared taking into account the provisions contained in Articles 15 and 20 of the Political Constitution of Colombia, Law 1581 of 2012, and Decrees 1377 of 2013 and 886 of 2014.

 

ARTICLE 2. SCOPE OF APPLICATION. This manual applies to the processing of personal data collected and managed by CENTRAL AEROSPACE S.A.S. (Data Controller), located at Avenida Calle 26 No. 103 - 22 El Dorado International Airport Entrance 2 Interior 1.

ARTICLE 3. DATABASES. The policies and procedures contained in this manual apply to the databases managed by the company, which will be registered in accordance with the provisions of Law 1581 of 2012, and Decrees 1377 of 2013 and 886 of 2014. Likewise, the processing of personal data will be executed according to the time limits enshrined in Article 11 of Decree 1377 of 2013.

 

ARTICLE 4. PURPOSE. This manual complies with the provisions of Article 17(k) of Law 1581 of 2012, which regulates the duties of those responsible for the processing of personal data, among which is the adoption of an internal manual of policies and procedures to ensure proper compliance with the Law and especially for the attention of queries and complaints. It also has the purpose of regulating the procedures for the collection, handling and processing of personal data carried out by C.A. in order to guarantee and protect the fundamental right of Habeas Data within the framework established in the Law and its Regulatory Decrees.

ARTICLE 5. DEFINITIONS. For the purposes of the application of the rules contained in this manual and in accordance with the provisions of Article 3 of Law 1581 of 2012, the following definitions shall apply: 

  1. Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of personal data;

  2. Database: Organized set of personal data that is the object of Processing;

  3. Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons;

  4. Data Processor: Any natural or legal person, public or private, who by himself or in association with others, carries out the Processing of personal data on behalf of the Controller;

  5. Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the Processing of the data;

  6. Data Subject: Natural person whose personal data is the object of Processing;

  7. Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

 

 

 

ARTICLE 6. PRINCIPLES. The principles set forth below are the general parameters to be respected by C.A. in the processes of collection, use and processing of personal data. 

 

  1. Principle of purpose: The processing of personal data collected by C.A. must obey a legitimate purpose of which the Data Subject must be informed.

  2. Principle of freedom: Processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that reveals consent.

  3. Principle of truthfulness or quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

  4. Principle of transparency: The right of the Data Subject to obtain from C.A., at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed in the Processing.

  5. Principle of restricted access and circulation: Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to Data Controllers or authorized third parties.

  6. Principle of security: The information subject to treatment by C.A. shall be protected through the use of technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

  7. Principle of confidentiality: All persons involved in the processing of personal data are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing.

ARTICLE 7. THE PROCESSING (collection, storage, use, circulation or deletion) of personal data that C.A. will carry out will have one or more of the following purposes:

  1. To achieve an efficient communication related to our products, services, offers, promotions, alliances, studies, contents, as well as those of our related companies, and to facilitate general access to information about them.

  2. To provide our services and products.

  3. Inform about new products or services that are related to the one(s) contracted or purchased.

  4. To comply with obligations contracted with our customers, suppliers, and employees.

  5. To inform about changes in our products or services. Evaluate the quality of service.

  6. Inform about new programs and/or services that are related to our corporate purpose.

  7. Establish a direct relationship with our clients and those interested in our services.

  8. To include you in a database.

  9. Exchange, transfer and/or transmit your personal data to third parties.​

 

CHAPTER II 

AUTHORIZATION

ARTICLE 8. AUTHORIZATION. The collection, storage, use, circulation or deletion of personal data by C.A. requires the free, prior, express and informed consent of the data owner. C.A., as the party responsible for the processing of personal data, has provided the necessary mechanisms to obtain the authorization of the owners, guaranteeing in any case that it is possible to verify the granting of such authorization.

ARTICLE 9. FORM AND MECHANISMS TO GRANT THE AUTHORIZATION. The authorization may be recorded in a physical or electronic document, in any other format that guarantees its subsequent consultation, or by means of a suitable technical or technological mechanism by which it may be unequivocally concluded that, in the absence of the holder's conduct, the data would never have been captured and stored in the database. The authorization will be issued by C.A. and will be made available to the holder prior to the processing of personal data, in accordance with the provisions of Law 1581 of 2012 and Decrees 1377 of 2013 and 886 of 2014. 

With the consent authorization procedure, it is guaranteed that the holder of the personal data has been made aware of the fact that his/her personal information will be collected and used for specific and known purposes, and that he/she has the option to know any alternation to the same and the specific use that has been made of them.

The above in order for the holder to make informed decisions regarding their personal data and control the use of their personal information. The authorization is a statement that informs the holder of the personal data of the following information:

  1. Who collects (responsible or in charge).

  2. What is collected (data that is collected)

  3. What you collect the data for (the purposes of the processing).

  4. How to exercise rights of access, correction, updating or deletion of personal data provided.

  5. If sensitive data is collected.

Annex 1 of this manual includes the model of authorization for the collection and processing of personal data in order to inform and allow access to information from the company and its affiliates, related to services, products, offers, promotions, partnerships, studies, contests and content.

 

ARTICLE 10. PROOF OF AUTHORIZATION. C.A. shall adopt the necessary measures to keep records or suitable technical or technological mechanisms of when and how it obtained authorization from the owners of personal data for the processing thereof.

ARTICLE 11. PRIVACY NOTICE. The Privacy Notice is the physical document, electronic or in any other format, which is made available to the Data Subject for the processing of his/her personal data. Through this document, the Data Subject is informed of the existence of the information processing policies that will be applicable to him/her, how to access them and the characteristics of the processing that is intended to be given to the personal data.

 

Annex 2 of this manual includes a model privacy notice.

ARTICLE 12. MINIMUM CONTENT OF THE PRIVACY NOTICE. The Privacy Notice, as a minimum, shall contain the following information:

 

1.Name or company name and contact details of the Data Controller.

2.The treatment to which the data will be subjected and the purpose of the same.

3.The rights of the Data Subject.

4.The mechanisms provided by the Controller for the Data Subject to know the information processing policy and the substantial changes that occur in it or in the corresponding Privacy Notice. In all cases, the Data Controller must inform the Data Subject how to access or consult the information processing policy.

 

Notwithstanding the foregoing, when sensitive personal data is collected, the Privacy Notice shall expressly state the optional nature of the response to questions concerning this type of data.

 

ARTICLE 13. PRIVACY NOTICE AND INFORMATION PROCESSING POLICIES. C.A. shall keep the model of the privacy notice that was transmitted to the Data Controllers for as long as personal data processing is carried out and the obligations deriving therefrom remain in force. For the storage of the model, C.A. may use computer, electronic or any other technology.​

 

CHAPTER III 

RIGHTS AND RESPONSIBILITIES

ARTICLE 14. RIGHTS OF THE OWNERS OF THE INFORMATION.  In accordance with the provisions of Article 8 of Law 1581 of 2012, the holder of the personal data has the following rights:

  1. To know, update and rectify their personal data against C.A. To know, update and rectify their personal data against C.A., in its capacity as data controller.

  2. To request proof of the authorization granted to C.A., in its capacity as Data Controller. A., in its capacity as Data Controller.

  3. Be informed by C.A. Upon request, regarding the use it has made of your personal data.

  4. File complaints before the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012, once you have exhausted the process of consultation or complaint to the Data Controller.

  5. To revoke the authorization and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the Processing.

  6. Access free of charge to their personal data that have been subject to processing.

ARTICLE 15. DUTIES OF C.A. IN RELATION TO THE PROCESSING OF PERSONAL DATA. C.A. shall bear in mind, at all times, that personal data are the property of the persons to whom they refer and that only they can decide about them. In this sense, it will make use of them only for those purposes for which it is duly empowered, and respecting in any case Law 1581 of 2012 and Decrees 1377 of 2013 and 886 of 2014 on personal data protection.

In accordance with the provisions of Article 17 of Law 1581 of 2012, C.A. is committed to permanently comply with the following duties in relation to the processing of personal data:

  1. Guarantee the Data Subject, at all times, the full and effective exercise of the right of Habeas Data.

  2. To keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

  3. To update, rectify or delete data in a timely manner, that is, within the terms set forth in Articles 14 and 15 of Law 1581 of 2012.

  4. To process the queries and claims made by the Holders under the terms set forth in Article 14 of Law 1581 of 2012.

  5. Insert in the database the legend "information under judicial discussion" once notified by the competent authority on legal proceedings related to the quality or details of the personal data.

  6. Refrain from circulating information that is being disputed by the Holder and whose blocking has been ordered by the Superintendence of Industry and Commerce.

  7. Allow access to the information only to the persons who may have access to it.

  8. To inform the Superintendence of Industry and Commerce when there are violations to the security codes and there are risks in the administration of the Holders' information.

  9. Comply with the instructions and requirements given by the Superintendence of Industry and Commerce.

 

CHAPTER IVACCESS,

CONSULTATION AND CLAIM PROCEDURES

ARTICLE 16. RIGHT OF ACCESS.  The power of disposition or decision that the holder has over the information concerning him/her, necessarily entails the right to access and know whether his/her personal information is being processed, as well as the scope, conditions and generalities of such processing,

conditions and generalities of such processing. Thus, C.A. must guarantee the holder's right of access in three ways: 

 

  1. The first implies that the holder may know the effective existence of the processing to which his personal data are subjected.

  2. The second implies that the holder may have access to his personal data that are in possession of the Controller.

  3. The third implies the right to know the essential circumstances of the processing, which translates into the duty of C.A. to inform the holder about the type of personal data processed and each and every one of the purposes that justify the processing.

PARAGRAPH: C.A. will guarantee the right of access to the information with, prior accreditation of the identity of the holder or personality of his representative, the details of the personal data are made available to him, free of charge, through electronic means that allow the direct access of the Holder to them. Such access shall be offered without time limit and shall allow the holder the possibility of knowing and updating them online.

ARTICLE 17. CONSULTATIONS. In accordance with the provisions of Article 14 of Law 1581 of 2012, the owners or their successors in title may consult the personal information of the Holder that is contained in any database. Consequently, C.A. will guarantee the right of consultation, providing the holders with all the information contained in the individual record or that is linked to the identification of the Holder. 

 

For the attention of requests for consultation of personal data C.A. guarantees:

 

  1. Enable electronic means of communication or others it deems relevant.

  2. Establish forms, systems and other simplified methods, which must be informed in the privacy notice.

  3. Use the customer service or complaint services it has in operation.

In any case, regardless of the mechanism implemented for the attention of consultation requests, they will be attended within a maximum term of ten (10) working days from the date of receipt. When it is not possible to attend the consultation within such term, the interested party shall be informed before the expiration of the 10 days, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

ARTICLE 18. CLAIMS. Pursuant to the provisions of Article 15 of Law 1581 of 2012, the Data Subject or his/her assignees who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, may file a claim with the Data Controller, which shall be processed under the following rules: 

 

  1. The claim may be submitted by the Holder, taking into account the information indicated in Article 15 of Law 1581 of 2012, in the format or formats proposed for this purpose by the Responsible Party. If the claim received does not have complete information that allows it to be processed, that is: with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying documents to be asserted, the interested party will be required within five (5) days of receipt to correct the faults. After two (2) months from the date of the requirement without the applicant submitting the required information, it will be understood that the claim has been abandoned. If for any reason a claim is received that should not actually be directed against C.A. C.A. will, to the extent of its possibilities, transfer the claim to the person concerned within a maximum period of two (2) working days, and will inform the interested party of the situation.

  2. Once the complete claim has been received, a legend stating "claim in process" and the reason for the claim will be included in the database maintained by the Responsible, within a term not exceeding two (2) business days. Such legend shall be maintained until the claim is decided.

 

 

The maximum term to address the claim will be fifteen (15) working days from the day following the date of receipt. When it is not possible to address it within said term, the interested party shall be informed before the expiration of said term the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

ARTICLE 19. IMPLEMENTATION OF PROCEDURES TO GUARANTEE THE RIGHT TO FILE CLAIMS. At any time and free of charge, the holder or his representative may request C.A. to rectify, update or delete his personal data, upon proof of identity. The rights of rectification, updating or deletion may only be exercised by:

  1. The owner or his assignees, upon proof of identity, or through electronic instruments that allow him to identify himself.

  2. Their representative, with prior accreditation of the representation.

When the request is formulated by a person other than the owner and it is not accredited that he/she is acting on behalf of the owner, it shall be deemed not to have been filed.

The request for rectification, updating or deletion must be submitted through the means enabled by C.A. indicated in the privacy notice and contain, at least, the following information: 

 

  1. The name and address of the holder or any other means to receive the response.

  2. The documents proving the identity or the personality of its representative.

  3. The clear and precise description of the personal data with respect to which the holder seeks to exercise any of the rights.

  4. If necessary, other elements or documents that facilitate the location of the personal data.

PARAGRAPH ONE. RECTIFICATION AND UPDATING OF DATA. C.A. has the obligation to rectify and update at the request of the holder, the information of the latter that turns out to be incomplete or inaccurate, in accordance with the procedure and terms indicated above. In this regard, the following shall be taken into account:

  1. In the requests for rectification and updating of personal data, the holder must indicate the corrections to be made and provide the documentation supporting his request.

  2. C.A. is free to enable mechanisms that facilitate the exercise of this right, as long as they benefit the holder. Consequently, it may enable electronic or other means it deems appropriate.

  3. C.A. may establish forms, systems and other simplified methods, which must be informed in the privacy notice and will be made available to the interested parties on the website. 

For these purposes, C.A. may use the same customer services or customer service that it has in operation, provided that the response times are not longer than those indicated by Article 15 of Law 1581 of 2012.

 

Whenever C.A. makes available a new tool to facilitate the exercise of their rights by the holders of information or modifies the existing ones, it will inform it through its website.

SECOND PARAGRAPH. DELETION OF DATA. The holder has the right, at any time, to request C.A. the suppression (deletion) of his personal data when:

  1. Considers that the same are not being treated in accordance with the principles, duties and obligations provided in Law 1581 of 2012.

  2. They are no longer necessary or relevant for the purpose for which they were collected.

  3. The necessary period for the fulfillment of the purposes for which they were collected has been exceeded.

This deletion implies the total or partial elimination of the personal information as requested by the holder in the records, files, databases or processing carried out by C.A. . It is important to note that the right of cancellation is not absolute and the responsible may deny the exercise of the same when:

  1. The holder has a legal or contractual duty to remain in the database.

  2. The deletion of data hinders judicial or administrative proceedings related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.

  3. The data is necessary to protect the legally protected interests of the owner; to carry out an action in the public interest, or to comply with an obligation legally acquired by the owner.

In the event that the cancellation of the personal data is appropriate, C.A. must carry out the deletion in such a way that the deletion does not allow the recovery of the information.

ARTICLE 20. REVOCATION OF AUTHORIZATION. The owners of the personal data may revoke their consent to the processing of their personal data at any time, as long as it is not prevented by a legal or contractual provision. To this end, C.A. shall establish simple and free mechanisms that allow the owner to revoke their consent, at least by the same means by which it was granted.

If should be noted that there are two ways in which the revocation of consent may occur. The first can be on the totality of the consented purposes, i.e., that C.A. must stop processing the data of the owner; the second can occur on specific types of processing, such as for advertising or market research purposes. With the second modality, that is, the partial revocation of consent, other purposes of the processing that the data controller, in accordance with the authorization granted, may carry out and with which the data subject agrees, are maintained. Therefore, it will be necessary that the holder, at the time of submitting the revocation request, indicates whether the revocation he/she intends to make is total or partial. In the second hypothesis, it must be indicated with which treatment the holder does not agree.

 

 

 

There will be cases in which the consent, due to its necessary nature in the relationship between owner and responsible for the fulfillment of a contract, by legal provision may not be revoked. The mechanisms or procedures that C.A. establishes to meet the requests for revocation of consent may not exceed the deadlines set to meet the claims as stated in Article 15 of Law 1581 of 2012.

CHAPTER V

INFORMATION SECURITY

ARTICLE 21. SECURITY MEASURES. In development of the security principle established in Law 1581 of 2012, C.A. shall adopt the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

ARTICLE 22. IMPLEMENTATION OF SECURITY MEASURES. C.A. shall maintain security protocols of mandatory compliance for personnel with access to personal data and information systems. The procedure shall consider, as a minimum, the following aspects:

  1. Scope of application of the procedure with detailed specification of the protected resources.

  2. Measures, norms, procedures, rules and standards aimed at guaranteeing the level of security required by Law 1581 of 2012.

  3. Roles and duties of personnel.

  4. Structure of the personal databases and description of the information systems that process them.

  5. Procedure of notification, management and response to incidents.

  6. Procedures for backing up and recovering data.

  7. Periodic controls to be carried out to verify compliance with the provisions of the security procedure to be implemented.Medidas a adoptar cuando un soporte o documento vaya a ser transportado, desechado o reutilizado.

  8. The procedure shall be kept up to date at all times and shall be reviewed whenever relevant changes occur in the information system or in the organization of the system.

  9. The content of the procedure shall at all times comply with the provisions in force regarding the security of personal data. 

CHAPTER VI

FINAL PROVISIONS

ARTICLE 23. C.A. designates the area of TECHNICAL SUPPORT or whoever takes its place, to comply with the function of personal data protection. TECHNICAL SUPPORT or whoever takes its place, will process the requests of the owners, for the exercise of the rights of access, consultation, rectification, updating, deletion and revocation referred to in Law 1581 of 2012. The above, if necessary, will be done with the support of the LEGAL area.

The attention of the requests of the Personal Data Holders, their representatives or assignees will be made through electronic communication to the following email: rvelasco@centralaerospace.com; or through written communication sent to our facilities,

 

Avenida Calle 26 No. 103 - 22 El Dorado International Airport Entrance 2 Interior 1, Bogotá Colombia.

PARAGRAPH. C.A. designates the TECHNICAL SUPPORT area as responsible for the adoption and implementation of the obligations set forth in Law 1581 of 2012.

ARTICLE 24. VALIDITY. This manual is effective as of July 30, 2016.

 

How to access, rectify and update your personal data or request its deletion? You have the right to access your personal data and the details of their processing, as well as to rectify and update them if they are inaccurate or to request their deletion when you consider that they are excessive or unnecessary for the purposes that justified their collection or oppose their processing for specific purposes.

 

To exercise the aforementioned right, the following must be taken into account:

 

1.The unit in charge of data protection matters is the one indicated in Article 23 of this manual, located at the address identified in the Privacy Notice.

2.Our office is located at the physical and electronic address informed in our Privacy Notice.

3.For further information, please contact the telephone numbers and physical and electronic addresses listed in our Privacy Notice and on our website.

 

ATTACHED 1

MODEL FORM OF AUTHORIZATION FOR THE PROCESSING OF PERSONAL INFORMATION​
 

DATE:

NAME OF THE COMPANY: CENTRAL AEROSPACE S.A.S.

ADDRESS: Avenida Calle 26 No. 103 - 22 El Dorado International Airport Entrance 2 Interior 1.

DESCRIPTION OF THE PURPOSE FOR WHICH THE COLLECTED DATA WILL BE USED:

The personal data we request from you is used for the following purposes:

  • To achieve an efficient communication related to our products, services, offers, promotions, alliances, studies, contents, as well as those of our related companies, and to provide you with general access to their information.

  • To provide our services and products.

  • Inform you about new products or services related to the one(s) contracted or acquired.

  • To comply with obligations contracted with our clients, suppliers, and employees.

  • Inform about changes in our products or services. Evaluate the quality of service.

  • Inform about new programs and/or services that are related to our corporate purpose.

  • Establish a direct relationship with our clients and those interested in our services.

  • Include you in a database.

  • Exchange, transfer and/or transmit your personal data to third parties. 

 

We inform you that, in accordance with the provisions of Law 1581 of 2012, the personal data obtained from your request or provision of services or products will be collected in a database for the purpose stated above and for a period determined by its use.

If you wish your data to be deleted from our databases, we ask you to expressly state so within thirty (30) business days from receipt of this notice.

This database is kept and managed under the responsibility of C.A. . The database has the necessary security measures for the adequate conservation of the data.

By accepting, the owner authorizes the processing of his/her data for the aforementioned purpose and acknowledges that the data provided in the request are true and that no information has been omitted or altered, being informed that the falsity or omission of any data will result in the impossibility of providing the service correctly.

We remind you of the possibility you have to access at any time to the data provided, as well as to request the correction, updating or deletion, in the terms established by Law 1581 of 2012, by sending a written communication to the data controller at the address indicated above with the following data: name and surname, address for the purpose of notifications, petition in which the request is specified, date, signature of the person concerned. For your convenience, you can exercise these same rights through the website www.centralaerospace.com.

As a sign of acceptance of the above (In case of physical filling out, through the web page or acceptance through the call or contact center: www.centralaerospace.com or +57 601 413-9530.

I consent and authorize that my personal data be processed in accordance with the provisions of this authorization.


 

__________________________

 

Person Name:

I.D.

 

 

 

ATTACHED 2 

PRIVACY NOTICE

CENTRAL AEROSPACE S.A.S., identified with NIT 860.072.156-9, a company incorporated and existing under the laws of the Republic of Colombia and domiciled in the city of Bogotá, D.C., with main offices at Avenida El Dorado # 103 - 22 El Dorado International Airport Entrance 2 Interior 1, with telephone number (601) 413 - 9530, is an entity committed to the protection of all information that may be associated or related to specific or determinable natural persons (the "Personal Data"), to which it has access in the development of its activity and corporate purpose. Generally, the Personal Data that C.A. may receive, collect or access, include the name, identification and contact data of natural persons, as well as information about their income, financial information through data collection, financial reports or other similar documents, gender, age, educational level, among others. In compliance with Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014 and other rules that add, modify or repeal, we communicate to all holders of Personal Data this privacy notice (the "Notice") in order to inform them that C.A. has created an Information Processing Policy (the "Policy") in which are defined, among others, the principles that will comply when collecting, storing, using, transferring, transmitting and performing any activity or operation with personal data (the "Processing"). It also establishes the rights that the Data Controllers have and the mechanisms to exercise them, as well as the purposes for which the personal data will be processed. The Policy can be consulted on the website at the following link: www.centralaerospace.com and in our offices at the following address: Avenida El Dorado # 103 - 22 Aeropuerto Internacional El Dorado Entrada 2 Interior 1.

 

You, as the owner of the Personal Data, shall have by virtue of Law 1581 of 2012, Decrees 1377 of 2013 and 886 of 2014, the following rights

2012, Decrees 1377 of 2013 and 886 of 2014, the following rights:

(i) To know, update and rectify your Personal Data against C.A. or those in charge of the processing thereof. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data or data whose processing is expressly prohibited or has not been authorized; (ii) Request proof of the authorization given to C.A. (ii) Request proof of authorization given to C.A., unless the Law indicates that such authorization is not necessary or that it has been validated in accordance with the provisions of article 10 of Decree 1377; (iii) Submit requests to C.A. or the data processor regarding the use it has made of its Personal Data, and to be provided with such information; (iv) File complaints before the Superintendence of Industry and Commerce for infringements of the Law; (v) File complaints before the Superintendence of Industry and Commerce for infringements of the Law; (vi) Request that C.A. or the data processor provide information regarding the use of its Personal Data.

(v) To revoke your authorization and/or request the deletion of your Personal Data from C.A.'s Databases, provided that there is no legal obligation to do so; (vi) To revoke your authorization and/or request the deletion of your Personal Data from C.A.'s Databases, provided that there is no legal obligation to do so. C.A., provided that there is no legal duty or contractual obligation between the Data Subject and C.A., according to which the Data Subject does not have any legal obligation with C.A. C.A., according to which the Data Subject does not have the right to request the deletion of his or her Personal Data.​

 

 

 

Personal Data or revoke their Authorization for the Processing thereof. If there is no legal or contractual duty and C.A. has not deleted the Personal Data of the Data Subject from its Databases or has not revoked the authorization of whoever is entitled to revoke it within the legal term to do so, the Data Subject may go to the Superintendence of Industry and Commerce to demand the revocation of the authorization and/or the deletion of the Personal Data; (vi) Request access and access free of charge to his/her Personal Data that has been subject to Processing.

C.A. will inform the holder of the Personal Data of any modification to the Policy. Likewise, all modifications to the Policy and to this Privacy Notice will be informed on C.A.'s web page and/or by means of an e-mail that will be sent to the holders of the Personal Data, as long as C.A. has such information in its possession.

Likewise, in the Policy you may consult which are the sensitive data that C.A. will collect and under what circumstances. It is important to note that the authorization for the processing of sensitive data is optional on your part.

Your personal data will be collected and stored in a database and will be used for the following purposes: 

  1. To achieve an efficient communication related to our products, services, offers, promotions, alliances, studies, contents, as well as those of our related companies, and to facilitate your general access to their information.

  2. To provide our services and products.

  3. Inform you about new products or services that are related to the one(s) contracted or acquired.

  4. To comply with obligations contracted with our customers, suppliers, and employees.

  5. To inform about changes in our products or services. Evaluate the quality of service.

  6. Inform about new programs and/or services that are related to our corporate purpose.

  7. Establish a direct relationship with our clients and those interested in our services.

  8. To include you in a database.

  9. Exchange, transfer and/or transmit your personal data to third parties.

Information holders are informed that they can consult the Internal Manual of Policies and Procedures of Personal Data of C.A., which contains our policies for the treatment of personal data. which contains our policies for the treatment of the information collected, as well as the procedures for consultation and claims that will allow you to enforce your rights to access, consultation, rectification, updating and deletion of data, by clicking on the following link: www.centralaerospace.com

bottom of page