R&H Legal Services

  • (+57) 317 6816817 - (+57) 3002170870
  • admin@rhlegalservices.com

R&H LEGAL SERVICES PRIVACY AND PERSONAL DATA PROCESSING POLICY

1. INTRODUCTION

R&H Legal Services is a commercial establishment, domiciled in the city of Cali, Colombia, whose owner and responsible party is Diana Rivera H., of legal age, hereinafter R&H Legal Services, and who in compliance with the provisions of Statutory Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014 and Circular No. 2 of the Superintendence of Industry and Commerce and other regulations that add to, complement or modify it, informs its clients, strategic and commercial allies, suppliers, contractors, prospective clients and other natural persons, hereinafter the OWNER, who will be RESPONSIBLE FOR THE PROCESSING OF DATA provided or transferred to it through the completion of the contact form, chat windows found at www.rhlegalservices.com, the contact telephone numbers and emails indicated therein or any other means such as documents writings, emails or phone calls, among others, and which will be used in accordance with the contents of the PRIVACY AND PERSONAL DATA PROCESSING POLICY, hereinafter the POLICY, detailed below.

2. SCOPE OF APPLICATION.

In compliance with the law and decrees mentioned here, R&H Legal Services will assume full responsibility for the processing of the data provided to it, which is not data that, due to its generality, could become anonymous by not allowing the full identification of a specific Owner or data in the public domain.

Because R&H Legal Services requires prior authorization and express consent from the OWNER of the personal data, it is understood that such authorization will be carried out by sending your data through the contact form or chat window found on the website www.rhlegalservices.com, the consent given in contractual clauses or documents where it is stated that between the parties, whether natural or legal persons, there may be or are employment or commercial ties, expressly authorizing R&H Legal Services by the OWNER, so that they may be compiled, processed, stored, consulted, managed, shared, disclosed and transmitted, in accordance with this PERSONAL DATA PROCESSING POLICY.

R&H Legal Services is committed to:

  • Guarantee the exercise of the HOLDER’s right to Habeas Data contained in its databases and files;
  • Comply with current regulations regarding personal data protection and apply this policy for the processing of such data;
  • Guarantee adequate control of the personal data provided by the HOLDER, in order to prevent loss, manipulation by unauthorized third parties, or fraudulent use of such data.

3. PROCESSING OF PERSONAL DATA.

With the authorization referred to in the previous section, the OWNER, a natural person, being a client, strategic and commercial ally, supplier, contractor, prospective client or third party, authorizes R&H Legal Services to:

a. Provide the information stored in its databases to the following persons: the holders of personal data, to persons duly authorized by them; to users of the information within the parameters of the law, the contracts, or agreements signed by R&H Legal Services; upon prior order, to any judicial or administrative authority; to public entities of the executive branch, when knowledge of said information directly corresponds to the fulfillment of one of their functions; to oversight bodies and other disciplinary, fiscal, or administrative investigation agencies, when the information is necessary for the development of an ongoing investigation; and, in general, to other persons authorized by law.

b. Collect, obtain, compile, modify, use, store, process, and, in general, manage the information. The foregoing is subject to the obligations of professional confidentiality provided for in the regulations that regulate, modify, or complement it.

R&H Legal Services informs that through free, prior, express and informed authorization, the OWNER of personal data authorizes that the same be captured, stored, transmitted, used, updated, circulated and, in general, treated in accordance with the purposes listed in this POLICY.

The HOLDER may, at any time, revoke the consent they have given for the processing of their personal data by sending a written communication and/or request through the channels described in this POLICY, providing a copy of their identification document.

R&H Legal Services may only collect, store, use, or circulate personal data for as long as is reasonable and necessary, in accordance with the purposes that justified the processing, and in compliance with the applicable provisions governing the information. Once the purpose of the processing has been fulfilled, and without prejudice to any legal provisions that provide otherwise, R&H Legal Services will delete the personal data in its possession. Notwithstanding the foregoing, personal data must be retained when required to comply with a legal or contractual obligation.

4. DEFINITIONS:

  1. Authorization: Prior, express and informed consent of the HOLDER to carry out the processing of personal data.
  2. Privacy Notice: Verbal or written communication generated by the Controller, addressed to the HOLDER for the Processing of their personal data, through which they are informed about the existence of the information processing policies that will be applicable to them, how to access them and the purposes of the processing that is intended to be given to the personal data.
  3. Database: Organized set of personal data that is the object of processing
  4. Consent of the owner: It is a manifestation of will, which is informed and will be understood to be free and unequivocal, through which the OWNER accepts that a third party may use his or her information.
  5. Personal Data: Any information linked to or that can be associated with one or more natural and/or legal persons, determined or determinable, relating to their identity, existence and/or occupation.

GUIDING PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA BY R&H LEGAL SERVICES.

R&H Legal Services is committed to ensuring the application of this policy, in compliance with the following guiding principles for the protection of personal data. It is committed to maintaining the truthfulness, integrity, confidentiality, transparency, freedom, and availability of its Data Subjects’ personal data.

  1. Principle of Legality: This principle refers to the processing mentioned in this Policy, which is an activity regulated by Law 1581 of 2012 and must comply with the provisions established in it and in any other regulations that develop it.
  2. Principle of Accuracy: This principle refers to the accuracy and relevance of personal data, which must be appropriate for the purpose of the processing, ensuring that the information is as complete as possible.
  3. Principle of Purpose: The processing must serve a legitimate purpose in accordance with the Constitution and the Law. This lawful purpose will be previously informed to the DATA SUBJECT.
  4. Principle of Freedom: The processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that releases the need for consent.
  5. <data-start=”762″ data-end=”1054″>Principle of Truthfulness or Quality: Personal data subject to processing must be truthful, complete, accurate, updated, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.
  6. Principle of Transparency: The processing must guarantee the right of the Data Subject to obtain, at any time and without restrictions, information from the Controller or Processor about the existence of data concerning them.
  7. Principle of Restricted Access and Circulation: The processing is subject to the limits derived from the nature of personal data, the provisions of this Policy, and the Constitution. Therefore, processing may only be carried out by individuals authorized by the DATA SUBJECT and/or by those specified in this Policy. Except for public information, personal data must not be available on the Internet or through other mass communication media, unless access is technically controllable to ensure restricted knowledge only to Data Subjects or authorized third parties in accordance with this Policy.
  8. Principle of Security: The information subject to processing by the Controller or Processor, as referred to in this POLICY, will be managed with the necessary technical, human, and administrative measures to ensure the security of the records, thus preventing their alteration, loss, consultation, unauthorized or fraudulent use or access.
  9. Principle of Confidentiality: R&H Legal Services guarantees the confidentiality of the information, even after the end of its relationship with any task related to the processing of personal data. Data may only be provided or disclosed when it corresponds to the development of activities authorized by this Policy and under its terms.
  10. Principle of Demonstrated Responsibility (Accountability): Demonstrated responsibility is based on the commitment of entities to increase protection standards to ensure the DATA SUBJECT an adequate processing of their personal data. R&H Legal Services undertakes to be accountable for its data protection activities, to accept responsibility for them, and to transparently disclose the results.

R&H Legal Services informs all Data Subjects whose data is processed by it that in the event of any modification to this POLICY, this will be communicated promptly through the channels provided for this purpose. This is done in order to keep all data subjects informed and up-to-date on the conditions of use of their personal data.

5. IDENTIFICATION OF THE CONTROLLER.

Diana Rivera H., will be the person responsible for the processing of personal data that is provided through the contact forms and/or chat windows on the website www.rhlegalservices.com, the contact telephone numbers and email addresses indicated therein or through contracts, telephone calls or contracts signed with the Data Controller, but may eventually be the Person in Charge of a third party. In any of these cases, the Controller will be identified as follows: Diana Rivera H., email: dianarivera@rhlegalservices.com or admin@rhlegalservices.com,

6. DUTIES OF R&H LEGAL SERVICES, AS DATA CONTROLLER.

R&H Legal Services will process personal data in the terms and scope of the authorization given by the Data Subject, of the following data without prejudice to the other provisions set forth in the law: telephone: 3017808915.

  1. Guarantee the DATA SUBJECT, at all times, the full and effective exercise of the right to habeas data.
  2. Request and retain a copy of the respective authorization granted by the DATA SUBJECT.
  3. Inform the DATA SUBJECT of the purpose of the data collection and the rights they have by virtue of the authorization granted.
  4. Safeguard the collected information in order to prevent its loss, alteration, consultation, use, or unauthorized or fraudulent access.
  5. Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.
  6. Update the information and keep the Data Processor informed of any modifications or changes, and take all necessary measures to ensure the information remains current.
  7. Correct any incorrect information and communicate the correction to the Data Processor.
  8. Provide the Data Processor, as applicable, only with data that has been previously authorized for processing in accordance with the law.
  9. Demand from the Data Processor, at all times, compliance with the security and privacy conditions of the DATA SUBJECT’s information.
  10. Handle inquiries and claims submitted within the terms outlined in the current law.
  11. Adopt an internal manual of policies and procedures to ensure proper compliance with the law, especially for handling inquiries and claims.
  12. Notify the Data Processor when specific information is under dispute by the DATA SUBJECT, once a claim has been submitted and while the process remains unresolved.
  13. Inform the DATA SUBJECT, upon request, about how their data is being used.
  14. Inform the data protection authority when security breaches occur and there are risks in the administration of the DATA SUBJECTS’ information.
  15. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

7. DUTIES OF R&H LEGAL SERVICES, AS DATA PROCESSOR.

Eventually, Diana Rivera H., as the data controller, may process personal data under the terms and scope of the authorization provided by the Data Subject:

  1. Client Ownership Data of R&H Legal Services: This includes client data for the following purposes:
    i) Fulfilling obligations acquired at the time of contracting services with R&H Legal Services;
    ii) Sending information regarding service offerings and quotes;
    iii) Strengthening business relationships through the delivery of relevant information, new service contracts, quotations, invoicing, and debt collection;
    iv) Sending updates about general or specific conditions of services offered by R&H Legal Services.
    This also includes the collection, storage, copying, delivery, updating, use, organization, classification, transfer, correction, verification, and statistical use of corporate client data, which will always be subject to the policies and instructions agreed upon by the Parties. Whenever possible, R&H Legal Services will expressly state in agreements or contracts with clients its role as Data Processor and the corresponding Data Controller, with all the obligations such roles entail. The data provided by clients will only be used according to the purpose established in the respective agreements or contracts.
  2. Ensure the DATA SUBJECT, at all times, the full and effective exercise of the right to habeas data.
  3. Maintain the information under security conditions necessary to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.
  4. Timely update, rectify, or delete data.
  5. Update the information reported by the Data Controllers within the contractually agreed terms.
  6. Handle inquiries and complaints submitted by the data subjects in accordance with the terms set forth in this policy.
  7. Refrain from circulating any information being contested by the data subject and that has been ordered to be blocked by the Superintendence of Industry and Commerce.
  8. Allow access to the information only to those individuals authorized by the data subject or legally permitted.
  9. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
  1. Client Property Data of R&H Legal Services: This includes client data for the following purposes:
    i) Fulfilling the obligations contracted at the time of hiring services with R&H Legal Services;
    ii) Sending service offers and quotations;
    iii) Strengthening business relationships through the delivery of relevant information, contracting new services, issuing quotations, invoicing, and collecting payments;
    iv) Providing information about changes in general or specific service conditions offered by R&H Legal Services.
    This also includes the collection, storage, copying, delivery, updating, use, organization, classification, transfer, correction, verification, and statistical use of corporate client property data, which will always be subject to the policies and instructions agreed upon by the Parties.
    Where possible, agreements or contracts with clients will expressly state R&H Legal Services’ role as the Data Processor, and identify the Data Controller, along with the obligations associated with those roles. Data provided by clients will only be used for the purposes set out in the corresponding agreements or contracts.
  2. Guarantee the DATA SUBJECT, at all times, the full and effective exercise of the right to habeas data.
  3. Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.
  4. Timely update, rectify, or delete data when required.
  5. Update the information reported by the Data Controllers within the contractually agreed timeframes.
  6. Process inquiries and complaints submitted by data subjects in accordance with the terms outlined in this policy.
  7. Refrain from sharing information that is being disputed by the data subject and has been ordered to be blocked by the Superintendency of Industry and Commerce.
  8. llow access to information only to individuals authorized by the data subject or legally empowered to do so.
  9. Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

8. PURPOSES OF THE PROCESSING OF PERSONAL DATA AND THEIR PROCESSING.

Diana Rivera H, in her capacity as CONTROLLER of the Owner’s personal data, informs you through this POLICY that your personal data will be treated with complete confidentiality and that the collection, use, circulation, transmission, transfer and, in general, any form of processing thereof, will be done in accordance with the following purposes, corresponding, in any case, to the development of its corporate purpose and the ordinary course of its activities.

 

10. PURPOSES OF THE PROCESSING OF PERSONAL DATA AND THEIR PROCESSING.

The purposes of the processing of personal data described below will apply to all Holders of personal data who have given their prior, express and informed authorization, which is understood to have been given through the sending of the information requested in the contact form, chat window, emails or telephone numbers indicated on the website www.rhlegalservices.com, or in the authorization given in contracts, emails or any data delivered or transferred through any means:

  1. Establish and manage the pre-contractual and contractual relationship—commercial, labor, civil, or any other arising from the fulfillment of a legal or contractual obligation by R&H Legal Services.
  2. Inform of substantial changes to R&H Legal Services’ Data Processing Policy.
  3. Respond to requests, inquiries, complaints, and/or claims made by data subjects through any of the channels enabled for such purposes.
  4. Transfer or transmit personal data to judicial and/or administrative entities or authorities, when required in relation to their purpose and necessary for the fulfillment of their duties.
  5. Send communications about new services or products offered by R&H Legal Services, contact the data subject, and/or communicate regarding matters related to the services entrusted.
  6. Send news updates that R&H Legal Services considers may be of interest to the data subject.
  7. Send service offers.
  8. Carry out the necessary procedures to fulfill the obligations related to the services and products contracted with R&H Legal Services.
  9. Personal data processing may be carried out directly by the Data Controller or by a third party designated by the Controller, provided it is done for the purposes stated herein, for which no additional authorization from the DATA SUBJECT will be required—something the DATA SUBJECT expressly agrees to when providing their personal data. The DATA SUBJECT shall have the right, free of charge, to access, update, rectify, and/or request the deletion of their personal data by contacting the company through the channels provided: admin@rhlegalservices.com or dianarivera@rhlegalservices.com.

11. INFORMATION SECURITY.

R&H Legal Services is committed to ensuring the security of the OWNER’s personal data and has secure technological tools in place to ensure that the personal data remains confidential and is stored in such a way as to prevent unwanted access by third parties. Personal data will be retained as long as there is a business relationship between R&H Legal Services and third parties, and where appropriate for up to five (5) years after the termination of said relationship.

12. RIGHTS OF INFORMATION OWNERS.

Data subjects have the following rights:

  1. To know, update, and rectify your personal data. This right may be exercised, among others, in the case of data that is partial, inaccurate, incomplete, fragmented, misleading, or whose processing is expressly prohibited or unauthorized.
  2. Request proof of the authorization granted to the data controller.
  3. Be informed by R&H Legal Services, upon request, regarding the use that has been given to your personal data;
  4. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of the law and other regulations that modify, add to or complement it;
  5. Revoke authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees. Revocation and/or deletion will proceed when the Superintendency of Industry and Commerce has determined that R&H Legal Services has engaged in conduct contrary to the law and the Constitution in the processing;
  6. In exercising the rights listed above, you may make any relevant inquiries and lodge any complaints you deem necessary to ensure their respect.
  7. Other rights contained in the current regulations regarding the matter.

13. SENSITIVE DATA AND MINORS.

R&H Legal Services may occasionally process sensitive data as the Controller or Processor of personal data, but will not process the personal data of minors. Notwithstanding the foregoing, it is committed to fully complying with Title III of Law 1581 of 2012, which establishes sensitive data and the data of children and adolescents.

14. PROCEDURE FOR THE EXERCISE OF RIGHTS BY INFORMATION OWNERS.

The Holders of personal data information may exercise the rights to know, update, rectify and delete information, revoke the authorization initially granted, consult information, file claims and in general the other rights established in article 8 and other concordant ones of Law 1581 of 2012, through the following means: Email: dianarivera@rhlegalservices.com or admin@rhlegalservices.com addressed to Diana Rivera H, who will be the Compliance Officer at R&H Legal Services.

Responses will be issued within a maximum period of fifteen (15) business days counted from the day following the date of receipt of the rights request by the Owner of the personal data. This period may be extended when it is not possible to attend to the request within said term, and R&H Legal Services must inform the petitioner of the reasons for the postponement, before its original expiration.

15. TRANSFER, TRANSMISSION AND CONSERVATION OF PERSONAL DATA.

R&H Legal Services is obligated to retain the personal data of the data subjects, fulfilling the purpose authorized by the data subject, making its best efforts to keep the information secure, safeguarding its integrity, veracity, and confidentiality. It will also transmit the personal data of the HOLDER for which it is responsible, solely and exclusively for the purposes indicated in this POLICY.

16. PREVALENCE OF SUBSTANTIVE RULES ON THE MATTER.

Taking into account that this document seeks to comply with the rules that regulate the protection of the right of habeas data enshrined in the Constitution, the statutory laws on the matter and the regulations issued by the National Government for this purpose, the interpretation of the policies of R&H Legal Services will at all times be subordinate to the content of such higher provisions, so that in case of incompatibility or contradiction between these policies and the higher regulations, the latter will be applicable.

The personal data obtained by R&H Legal Services through the completion of the contact form, chat windows, contact telephone numbers and email addresses indicated on www.rhlegalservices.com and/or any other written document, contract, physical or electronic communication, will be treated with complete confidentiality and reserve. R&H Legal Services undertakes to maintain absolute confidentiality regarding the same and to store them adopting the necessary measures to prevent their alteration, loss and unauthorized treatment or access, in accordance with the provisions of applicable legislation.

17. MODIFICATIONS TO THE POLICY.

Any changes made after the initial publication date of this Privacy and Personal Data Processing Policy will be posted on our website www.rhlegalservices.com. R&H Legal Services reserves the right to make changes to this Policy at any time and without notice, when such changes are the result of a legal mandate. Any substantial changes will be immediately notified to the OWNER and will become effective upon publication. Policy effective since March 10,