top of page
Aeronave King Air 300 beechcraft en Mantenimiento Colombia Central Aerospace

PRIVACY POLICY, TREATMENT AND PROCEDURE FOR THE PROTECTION OF PERSONAL DATA

PRESENTATION

Pursuant to the provisions of Article 15 of the Political Constitution of Colombia, which develops the fundamental right to habeas data, referring to the right of all citizens to know, update, rectify the personal data that exist about it in databases and files in both public and private bases, which is inevitably related to the handling and processing of information that recipients of personal information must take into account. Said right has been developed through the issuance of Statutory Law 1581 of 2012 and Regulatory Decree 1377 of 2013 (contained in Sole Decree 1074 of 2015). 

Central Aerospace S.A.S. will act as Responsible, for the collection, storage, use, processing, updating, circulation, deletion, transfer, transmission and, in general, any operation or set of operations in and on your Personal Data, understood as any information linked or that may be associated to you as Data Subject.  

 

 

OBJECTIVE

 

The objective of this Personal Data Processing Policy (the "Policy") is, together with the technical, human and administrative measures implemented, to guarantee the adequate compliance with the applicable Personal Data Protection Law, as well as the definition of the guidelines for the attention of queries and claims from the Data Controllers of the Personal Data on which the Companies carry out any type of Processing. 

 

DEFINITIONS


Authorization: Prior, express and informed consent of the data owner to carry out the processing. This may be written, verbal or through unequivocal conduct that allows the reasonable conclusion that the owner granted authorization.
Data Base: It is the organized set of Personal Data that are subject to processing, electronic or not, whatever the modality of its formation, storage, organization and access.
Consultation: Request of the owner of the data or of the persons authorized by the owner or by law to know the information about him/her in databases or files.
Personal data: Any information linked or that may be associated to one or several determined or determinable natural persons. These data are classified as sensitive, public, private and semi-private.

Sensitive personal data: Information that affects the privacy of the person or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data (fingerprints, among others). For the purposes of this policy, Central Aerospace warns of the optional nature of the holder of the personal data to provide this type of information in cases in which, eventually, it may be requested.
Public personal data: It is the data qualified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. Public are, among others, the data contained in public documents, public records, official gazettes and bulletins and duly executed court rulings that are not subject to confidentiality, those relating to the marital status of individuals, their profession or trade and their status as merchants or public servants. The personal data existing in the commercial registry of the Chambers of Commerce are public (Article 26 of the Commercial Code).

Likewise, public data are those which, by virtue of a decision of the owner or a legal mandate, are in files of free access and consultation. These data may be obtained and offered without any reservation and regardless of whether they refer to general, private or personal information.
Private personal data. This is data that, due to its intimate or reserved nature, is only relevant to the person who owns it. Examples: merchants' books, private documents, information extracted from a home inspection.
Semi-private personal data. Semi-private is data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of persons or to society in general, such as, among others, data relating to the fulfillment or non-fulfillment of financial obligations or data relating to relations with social security entities.
Data Controller: Person who by himself or in association with others, decides on the database and/or the processing of the data.
Data processor: Person who carries out the data processing on behalf of the data controller. Authorized" means Central Aerospace and all persons under the responsibility of the same, who by virtue of the authorization and the Policy have the legitimacy to submit to processing the personal data of the holder. The Authorized Party includes the Entitled Party's gender.

"Enabling" or being "Enabled", is the legitimization expressly and in writing by contract or document that takes its place, granted by Central Aerospace to third parties, in compliance with the applicable law, for the processing of personal data, making such third parties in charge of the processing of personal data delivered or made available.
Claim: Request from the data owner or persons authorized by the data owner or by law to correct, update or delete their personal data or when they notice that there is an alleged breach of the data protection regime, according to Article Art. 15 of Law 1581 of 2012.
Data subject: The natural person to whom the information refers.
Processing: Any operation or set of operations on personal data such as, among others, the collection, storage, use, circulation or deletion of that kind of information.

Transmission: Processing of personal data that involves the communication of such data within (national transmission) or outside Colombia (international transmission) and that has as its purpose the performance of a processing by the processor on behalf of the controller.
Transfer: The transfer of data takes place when the controller and/or processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.
Procedural requirement: The holder or assignee may only file a complaint before the Superintendence of Industry and Commerce once the consultation or complaint process has been exhausted before the data controller or data processor, according to Article 16 of Law 1581 of 2012.

 

PRINCIPLES FOR THE TREATMENT OF PERSONAL DATA


The processing of personal data must be carried out in compliance with the general and special rules on the subject and for activities permitted by law. Consequently, the following principles apply for the purposes of this policy:

Legality principle: Data processing is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.

Principle of purpose: The processing must obey a legitimate purpose in accordance with the Constitution and the Law.

Principle of freedom: The treatment can only be exercised with the prior, express and informed consent of the holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves consent.

Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

Principle of transparency: The right of the owner to obtain from the data controller, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed in the processing.

Principle of restricted access and circulation: The processing is subject to the limits derived from the nature of the personal data, the provisions of the law and the Constitution. In this sense, the processing may only be carried out by persons authorized by the owner and/or by the persons provided for by law.

Principle of security: The information subject to processing by the Data Controller or Data Processor referred to in this law, must be handled with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

Principle of confidentiality: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only supply or communicate personal data when this corresponds to the development of the activities authorized in this law and under the terms of the same.

Any new project within the Organization that involves the Processing of Personal Data must be consulted with the Information Security Management, which is the person and unit in charge of the data protection function to ensure compliance with the policy and the necessary measures to maintain the confidentiality of personal data.

 

AUTHORIZATION

 

At the time of processing Personal Data, Central Aerospace will obtain the consent of the owner, which in any case must be prior, express and informed. The authorization may be obtained by any means that guarantees its reproduction.  

In the following events, authorization by the owner is not required: 

  • Information required by a public or administrative entity in the exercise of its legal functions or by court order.

  • Data of a public nature.

  • Cases of medical or health emergency.

  • Processing of information authorized by law for historical, statistical or scientific purposes.

  • Data related to the Civil Registry of Persons.

  • In the case of the collection of Sensitive Data, the Authorization must be explicit as to the fact that the Personal Data to be processed are sensitive and the purposes of the Processing. In this case, the Data Subject is not obliged to authorize the Processing of such information. 

In cases where it is not possible to make available to the Data Subject the Personal Data Processing Policy, Central Aerospace will inform by means of a Privacy Notice to the Data Subject about the existence of the Policy and how to access it, in a timely manner and in any case no later than the time of collection of Personal Data. The Privacy Notice may be available in physical documents in the business premises, by electronic means in the non-face-to-face channels, by data message in the chat, telephone channel, among other means that may be available.

DATA COLLECTED

Natural person: first and last names, type of identification, type of identification, identification number, gender, marital status and date of birth, email, financial data (bank accounts).

 

Legal entity: company name, NIT, address, telephone, cell phone, email, country, city, financial data (bank accounts).

The validity of the database will be the reasonable and necessary time to fulfill the purposes of the treatment in each case, taking into account the provisions of Article 2.2.2.2.25.2.8. of Decree 1074 of 2015.

RIGHTS OF THE OWNERS OF THE DATA

In accordance with the legal provisions in force, the following are rights of the holders of personal information:

  • Right to know, update, rectify, consult your personal data at any time, with respect to the data that you consider partial, inaccurate, incomplete, fractioned and those that induce to error.

  • The right to request at any time a proof of the authorization granted, except in those cases in which the Controller is legally released from having authorization to process the holder's data.

  • Right to be informed, upon request of the owner of the data, regarding the use that has been made of them.

  • Right to file before the Superintendence of Industry and Commerce the complaints considered pertinent to assert their right to Habeas Data.

  • Right to revoke the authorization and/or request the deletion of any data when he/she considers that his/her constitutional rights and guarantees have not been respected.

  • Right to access free of charge to the personal data you have voluntarily shared with Central Aerospace.

 

GENERAL PURPOSES OF THE PROCESSING 

Central Aerospace will process personal data in accordance with the conditions established by the Holder, the law or public entities, through physical, automated or digital means according to the type and form of information collection. 

Personal data may be processed by that collaborator who has authorization to do so, or those who within their functions are in charge of carrying out such activities, also, the treatment will be carried out by third parties in charge for the fulfillment and execution of the purposes authorized by the Holder. Public or administrative entities in the exercise of their legal functions or by court order, may request access to the information.  


Where applicable, Central Aerospace may process, with prior authorization, personal information in accordance with the following purposes common to customers, candidates, collaborators, suppliers, visitors: 

 

  • Validation of information in order to comply with Money Laundering and Terrorist Financing regulations by Central Aerospace or third parties contracted for such purpose.

  • For e-commerce purposes.

  • Storage of the information in our own servers or those of third parties, located in the Republic of Colombia or outside of it.

  • Disclosure, Transfer and/or Transmission of Personal Data at national and international level.

  • Central Aerospace may transfer data to other Data Controllers when authorized by the owner of the information or by law or by an administrative or judicial mandate. Central Aerospace may send or transmit data to one or more data processors located within or outside the Republic of Colombia in the following cases: a) When authorized by the data owner and b) when, without authorization, there is a data transmission contract between the Data Controller and the data processor.

  • To meet the requirements of external and internal audits and/or competent authorities.

  • Compliance with the Policies provided according to the contractual and/or commercial relationship, including the Personal Data Processing Policy.

  • Manage compliance with legal, pre-contractual, contractual, post-contractual, tax, financial and/or accounting obligations.

  • Manage queries, requests, petitions, complaints and claims related to the owners of the information.

  • Implement artificial intelligence programs or any other that technology and the law allow.

  • Ensure physical and digital security, service improvement and experience in Central Aerospace facilities.
     

TREATMENT PURPOSES: CUSTOMERS AND VISITORS

 

Commercial purposes:

  • To develop commercial, advertising and marketing activities, such as: consumer analysis; profiling, brand traceability; sending news, advertising, promotions, offers and benefits; customer loyalty programs; market research; generation of campaigns, newsletters, etc.

Service Purposes:

  • To notify orders, deliveries or events related to the products or services purchased or contracted.

  • To carry out data update campaigns, for the purposes indicated in this Policy.

  • Conduct satisfaction surveys.

  • Make use within the framework of the contractual and/or commercial relationship of personal information, images and/or biometric data such as, but not limited to, fingerprints, photographs, video recordings, etc.

Analysis and Operational Purposes:

  • Carry out statistical analysis, invoicing, offering and/or recognition of benefits and collections.

  • If required by the nature of the activities, to compare, contrast, consult and complement the Personal Data with financial, commercial, credit and service information available in credit information centers and/or financial information database operators ("Information Centers").

  • If required by the nature of the activities, to report to the Information Centers on the fulfillment or non-fulfillment of obligations acquired.

 

Security purposes:

 

  • Conduct video surveillance to ensure the security of the facilities and personnel.

 

PROCESSING PURPOSES: CANDIDATES AND EMPLOYEES

 

  • Comply with the purposes of the selection and/or hiring process, evaluate their suitability and/or eventual hiring.

  • Verify and confirm the veracity of the information included in the résumé and in any other document or information provided to Central Aerospace. 

  • Conduct security studies of the candidate, which includes consulting or obtaining judicial records, conducting home visits and consulting data in information centers, among others. 

  • Be part of the database of applicants for future hiring.

  • Sending communications of selection processes similar to those in which the holder has participated.

  • Comply with hiring policies.

  • Verify their background in accordance with the provisions of binding compliance programs, such as, for example, crime prevention, ethics, etc.

  • Request supports corresponding to the résumé, medical exams, psycho-technical tests and any other that may be necessary.

  • Manage human resources in accordance with the applicable legal and contractual terms.  

  • Comply with legal obligations as an employer, including, among others, payroll management, social benefits, comprehensive social security system, occupational risk prevention.

  • Manage activities of labor welfare, talent and promotion of employees. As part of the management of the welfare of its Employees, Central Aerospace may contact the collaborator and offer products and services through financial, credit, educational or any other entity with which it has commercial ties. To do so, it may require communicating personal data of the employee to such third parties with due compliance with the corresponding legal requirements.

  • Make use of personal information and images generated in the framework of the activities, processes and events of the organization, to socialize them internally and externally through digital channels, social networks, WhatsApp, YouTube, or any other communication media; as well as the creation and distribution of physical, digital or audiovisual advertising material.

  • Carry out physical and digital security risk management activities through video surveillance and biometric registration devices.

  • To carry out due diligence and disciplinary investigation procedures in matters of legal or reputational risk management, such as fraud, possible commission of crimes, infringements to free competition, information leaks, or any other.

  • Record, process, process and store the information provided in the complaints and / or queries filed in the communication channels provided in Central Aerospace.

  • Carry out the transmission and/or transfer of data to other companies, business alliances or third parties in order to comply with the obligations acquired. The transmission and transfer may be made even to third countries that may have a different level of protection with respect to the Colombian, when necessary for the fulfillment of our obligations.

 

DUTIES OF THE DATA CONTROLLER

  • Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.

  • Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the holder.

  • Duly inform the holder about the purpose of the collection and the rights he/she has by virtue of the authorization granted.

  • Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

  • To process the consultations and claims formulated in the terms indicated in the present law.

  • Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the handling of queries and claims.

  • To inform, at the request of the holder, about the use given to his/her data.

  • Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the information of the owners.

  • Comply with the instructions and requirements given by the superintendence of industry and commerce.

 

DUTIES OF DATA PROCESSORS

  • Guarantee the holder, at all times, the full and effective exercise of the right of habeas data.

  • Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

  • Timely update, rectify or delete data in accordance with the terms of this law.

  • Update the information reported by the data controllers within five (5) business days from its receipt.

  • To process the queries and claims made by the owners under the terms set forth in this law.

  • Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the handling of queries and claims by the owners.

  • Refrain from circulating information that is being disputed by the holder and whose blocking has been ordered by the superintendence of industry and commerce.

  • Allow access to the information only to the persons who may have access to it.

  • Inform the superintendence of industry and commerce when there are violations to the security codes and there are risks in the administration of the information of the owners.

  • Comply with the instructions and requirements given by the superintendence of industry and commerce.

 

REQUESTS, COMPLAINTS AND CLAIMS

For the purpose of receiving requests, complaints and queries related to the handling and processing of personal data, Central Aerospace has assigned the e-mail address soportetic@centralaerospace.com, to channel, study and answer them. Therefore, you may send your requests to this address, which will be treated in accordance with the provisions of Law 1581:  

Consultations: The holders or their assignees may consult the personal information of the holder that is in our database. Central Aerospace will provide them with all the information contained in the individual record or that is linked to the identification of the holder. The consultation will be answered within a maximum term of ten (10) working days from the date of receipt of the same. When it is not possible to attend the consultation within such term, the interested party will be informed, and the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term, will be indicated.

Claims: The holder or its assignees who consider that the information contained in a database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in the law, may file a claim with Central Aerospace, which will be processed under the following rules:

The claim shall be formulated through a request addressed to Central Aerospace with the identification of the owner, the description of the facts that give rise to the claim, the address, and accompanying the documents to be asserted. If the claim is incomplete, Central Aerospace will require the interested party within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

Once the complete claim has been received, a legend will be included in the database stating "claim in process" and the reason for the claim, within a term no longer than two (2) business days. Such legend shall be maintained until the claim is decided.

The maximum term to address the claim shall be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend the claim within such term, the interested party will be informed and the date on which the claim will be attended, which in no case may exceed eight (8) business days following the expiration of the first term.

In any case, the owner or the assignee may only file a complaint before the Superintendence of Industry and Commerce once the consultation or complaint process has been exhausted before Central Aerospace.

The area responsible for the reception and processing of claims is the Administrative Management - systems area.

The request for suppression of information and revocation of authorization will not proceed when the holder has a legal or contractual duty to remain in the database.

 

DATA CONTROLLER DATA

Company Name: Central Aerospace S.A.S.

Address: Calle 26 # 103-22. Entrada 2, inteior 1, Bogota, Colombia

E-mail: soportetic@centralaerospace.com

Telephone: + 57 (601) 4139530

Website: https://www.centralaerospace.com/

 

QUESTIONS OR SUGGESTIONS

If you have any questions or queries about the process of collection, processing or transfer of your personal information, or consider that the information contained in a database should be subject to correction, updating or deletion please send us a message to the following email account: soportetic@centralaerospace.com.

 

VALIDITY

Central Aerospace reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as to good industry practices. In such cases, Central Aerospace will announce on this page the changes introduced with reasonable notice before their implementation.

This policy was modified and published on Central Aerospace websites on July 30, 2016 and is effective as of the date of publication. It was last updated on May 20, 2024.

bottom of page