Data Privacy Framework Policies

Updated: October 3, 2023

Guidepost Solutions LLC (“Guidepost Solutions” or “we”) offers global investigations, compliance, monitoring, and security and technology consulting solutions for clients in a wide range of industries. Our address is 260 Madison Avenue, Third Floor, New York, NY 10016.

We regard the privacy of individuals and the confidentiality of our clients’ business activities to be essential to our values as a company.

This EU-U.S. Data Privacy Framework Policy (the “Framework Policy”) describes how Guidepost Solutions collects and uses personal data we receive from within European Union (“EU”) member countries and the United Kingdom under the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”). We will comply with the requirements of the EU-U.S. Data Privacy Framework Principles as explained in more detail below.

This Framework Policy covers Personal Data, including Sensitive Data, which we receive from within the EU and the United Kingdom in the course of conducting investigations of individuals on behalf of our clients. The terms Personal Data and Sensitive Data mean information about an identified or identifiable individual as those terms are defined in the EU-U.S. Data Privacy Framework Principles. To learn how Guidepost Solutions collects and uses personal data collected through its company website, www.guidepostsolutions.com, please see our website privacy policy.

The Federal Trade Commission has jurisdiction over Guidepost Solutions with respect to its compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF.

CHANGES TO THIS POLICY

Guidepost Solutions may update this Framework Policy at any time so long as the changes are consistent with the Data Privacy Framework Principles and any other terms of our certification under it. We will post the effective date of any changes as part of any updated Framework Policy.

THE DATA PRIVACY FRAMEWORK PRINCIPLES

Guidepost Solutions Guidepost Solutions complies with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Guidepost Solutions has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Guidepost Solutions is committed to protecting personal privacy. Pursuant to our internal Information Security program and procedures, we regularly train our employees on privacy requirements and the implementation of this Framework Policy. Failure of an employee to comply with this Framework Policy may result in disciplinary action. We regularly review this Framework Policy and our processes to ensure that we are in compliance with the EU-U.S. DPF.

1. Notice

Guidepost Solutions collects and processes Personal Data in the course of conducting investigations and due diligence under contract with its clients (or their legal representatives).

Personal Data we process on behalf of our clients may include, for example, the following: name, date of birth, address, driver’s license, passport, visa or other national identifiers, title at work, or any similar information helpful to correctly identify a subject of investigation and provide the information requested by the client. We may add personal data from other sources, for example, from an employer’s records, from social media or public databases, court records, or an educational institution. Subject to applicable law, we may collect court records or certificates related to criminal history or bankruptcies, litigation history, credit history, information related to service in a directorship, or professional licenses and certificates.

We will post a link to this Framework Policy on our website, www.guidepostsolutions.com, and ask our clients to provide either a link to it or its URL on any form from which the client provides notice or seeks consent for us to conduct our investigations on its behalf or to receive data transferred from the EU and the United Kingdom.

To the extent permitted by the EU-U.S. Data Privacy Framework Principles and applicable law, Guidepost Solutions also reserves the right to process Personal Data provided by or collected on behalf of a client without notice or knowledge of individuals involved, including any supplementation of the information through publicly available sources, as we may deem necessary to fulfill our obligations to our clients.

2. Choice

Guidepost Solutions recognizes its duty under the EU-U.S. Data Privacy Framework Principles to give individuals the right of choice before use of Personal Data about them for a purpose materially different from the purposes for which the data was collected or for disclosure to a third party for any use unrelated to those purposes. We will offer choice if either of those circumstances occurs except as otherwise permitted by the EU-U.S. Data Privacy Framework Principles or applicable law.

3. Accountability for Onward Transfer

Guidepost Solutions may transfer Personal Data we collect and process to companies and individuals acting as agents for the limited purposes of helping us provide services to our clients. These third-parties may include, for example, vendors that store or process data on our behalf or individual investigators who collect additional Personal Data as described above. Investigators may disclose limited Personal Data to seek publicly available records, for example, to a court or to an educational institution or, in limited circumstances, to individuals with publicly available knowledge about the individual under investigation.

We obtain contractual assurances that our agents will safeguard Personal Data consistent with this Framework Policy. Examples of appropriate assurances that may be sought from agents include contractual obligations to limit use of the data to defined purposes, to abide by applicable law, to provide reasonable security and to notify us of any breach and to pass the same or similar protections on in any onward transfers. If we find actual knowledge that an agent is using or disclosing Personal Data in a manner contrary to this Framework Policy, we will take reasonable steps to prevent or stop the use or disclosure. As described in the EU-U.S. Data Privacy Framework Principles, Guidepost Solutions may remain liable for onward transfer of Personal Data covered by the Framework Policy in certain circumstances.

Guidepost Solutions may also disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, to comply with a subpoena for a civil or criminal proceeding or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect safety, investigate fraud, or respond to a government request.

As a participating organization in the EU-U.S. Data Privacy Framework, the EU-U.S. DPF Principles require us, in the context of an onward transfer, to have responsibility for the processing of personal data we receive under the EU-U.S. DPF and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable under the Principles if our agent processes such personal data in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.

4. Security

Guidepost Solutions will take reasonable and appropriate measures to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved and the nature of the Personal Data. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot warrant or guarantee its absolute security.

5. Data Integrity, Purpose Limitation and Use

Guidepost Solutions collects and uses Personal Data for the purposes requested by our clients. Guidepost Solutions will retain a copy of Personal Data compiled on behalf of our clients for as long as we need the data to provide services to those clients. We may also retain and use any Personal Data covered by this Framework Policy as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

6. Access and Correction

Guidepost Solutions recognizes the rights of a person to access Personal Data and to amend that data or request deletion as that right is defined in the EU-U.S. Data Privacy Framework Principles. Requests for access may be made to Privacy Contact at the address at the end of this Framework Policy. If, for example, you are aware that your employer has requested us to conduct an investigation of your background or if you have consented to such an investigation by an individual or company, we suggest that you first direct any requests for access to Personal Data directly to the employer or that individual or company. That company, our client, retains ownership of any Personal Data we have collected on its behalf. We hold the data subject to legal requirements of confidentiality.

7. Recourse, Enforcement and Liability

In compliance with the EU-U.S. Data Privacy Framework Principles and the UK Extension to the EU-U.S. DPF, Guidepost Solutions commits to resolve complaints about your privacy and our collection or use of your personal data transferred to the United States pursuant to the Data Privacy Framework Principles. EU and UK individuals with Data Privacy Framework inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Guidepost Solutions at: privacyframework@guidepostsolutions.com

or to:

Guidepost Solutions LLC
Attn: Chief Privacy Officer Allison Spagnolo
260 Madison Avenue, Third Floor
New York, NY 10016

We will endeavor to respond to any such questions or concerns within forty-five (45) days of receipt, as the EU-U.S. Data Privacy Framework Principles require.

Guidepost Solutions has further committed to refer unresolved privacy complaints under the EU-U.S. Data Privacy Framework Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, which is based in the United States and operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information, see https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

PRIVACY CONTACT

If you have any requests, concerns or questions under this EU-U.S. Data Privacy Framework Policy, please submit them to privacyframework@guidepostsolutions.com

or to:

Guidepost Solutions LLC
Attn: Chief Privacy Officer Allison Spagnolo
260 Madison Avenue, Third Floor
New York, NY 10016
(202) 499-4330

Updated: October 3, 2023

Guidepost Solutions LLC (“Guidepost Solutions” or “we”) offers global investigations, compliance, monitoring, and security and technology consulting solutions for clients in a wide range of industries. Our address is 260 Madison Avenue, Third Floor, New York, NY 10016.

We regard the privacy of individuals and the confidentiality of our clients’ business activities to be essential to our values as a company.

This Swiss-U.S. Data Privacy Framework Policy (the “Swiss Framework Policy”) describes how Guidepost Solutions collects and uses personal data we receive from within Switzerland under the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”). We will comply with the requirements of the Swiss-U.S. Data Privacy Framework Principles as explained in more detail below.

This Swiss Framework Policy covers Personal Data, including Sensitive Data, which we receive from within Switzerland in the course of conducting investigations of individuals on behalf of our clients. The terms Personal Data and Sensitive Data mean information about an identified or identifiable individual as those terms are defined in the Swiss-U.S. Data Privacy Framework Principles. To learn how Guidepost Solutions collects and uses personal data collected through its company website, www.guidepostsolutions.com, please see our website privacy policy.

The Federal Trade Commission has jurisdiction over Guidepost Solutions with respect to its compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF.

Changes to This Policy

Guidepost Solutions may update this Swiss Framework Policy at any time so long as the changes are consistent with the Swiss-U.S. Data Privacy Framework Principles and any other terms of our certification under it. We will post the effective date of any changes as part of any updated Swiss Framework Policy.

The Data Privacy Framework Principles

Guidepost Solutions complies with the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. Guidepost Solutions has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Guidepost Solutions is committed to protecting personal privacy. Pursuant to our internal Information Security program and procedures, we regularly train our employees on privacy requirements and the implementation of this Swiss Framework Policy. Failure of an employee to comply with this Swiss Framework Policy may result in disciplinary action. We regularly review this Swiss Framework Policy and our processes to ensure that we are in compliance with the DPF.

1. Notice

Guidepost Solutions collects and processes Personal Data in the course of conducting investigations and due diligence under contract with its clients (or their legal representatives).

Personal Data we process on behalf of our clients may include, for example, the following: name, date of birth, address, driver’s license, passport, visa or other national identifiers, title at work, or any similar information helpful to correctly identify a subject of investigation and provide the information requested by the client. We may add personal data from other sources, for example, from an employer’s records, from social media or public databases, court records, or an educational institution. Subject to applicable law, we may collect court records or certificates related to criminal history or bankruptcies, litigation history, credit history, information related to service in a directorship, or professional licenses and certificates.

We will post a link to this Swiss Framework Policy on our website, www.guidepostsolutions.com, and ask our clients to provide either a link to it or its URL on any form from which the client provides notice or seeks consent for us to conduct our investigations on its behalf or to receive data transferred from Switzerland.

To the extent permitted by the Data Privacy Framework Principles and applicable law, Guidepost Solutions also reserves the right to process Personal Data provided by or collected on behalf of a client without notice or knowledge of individuals involved, including any supplementation of the information through publicly available sources, as we may deem necessary to fulfill our obligations to our clients.

2. Choice

Guidepost Solutions recognizes its duty under the Data Privacy Framework Principles to give individuals the right of choice before use of Personal Data about them for a purpose materially different from the purposes for which the data was collected or for disclosure to a third party for any use unrelated to those purposes. We will offer choice if either of those circumstances occurs except as otherwise permitted by the Data Privacy Framework Principles or applicable law.

3. Accountability for Onward Transfer

Guidepost Solutions may transfer Personal Data we collect and process to companies and individuals acting as agents for the limited purposes of helping us provide services to our clients. These third-parties may include, for example, vendors that store or process data on our behalf or individual investigators who collect additional Personal Data as described above. Investigators may disclose limited Personal Data to seek publicly available records, for example, to a court or to an educational institution or, in limited circumstances, to individuals with publicly available knowledge about the individual under investigation.

We obtain contractual assurances that our agents will safeguard Personal Data consistent with this Swiss Framework Policy. Examples of appropriate assurances that may be sought from agents include contractual obligations to limit use of the data to defined purposes, to abide by applicable law, to provide reasonable security and to notify us of any breach and to pass the same or similar protections on in any onward transfers. If we find actual knowledge that an agent is using or disclosing Personal Data in a manner contrary to this Swiss Framework Policy, we will take reasonable steps to prevent or stop the use or disclosure. As described in the Data Privacy Framework Principles, Guidepost Solutions may remain liable for onward transfer of Personal Data covered by the Swiss Framework Policy in certain circumstances.

Guidepost Solutions may also disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, to comply with a subpoena for a civil or criminal proceeding or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect safety, investigate fraud, or respond to a government request.

As a participating organization in the Swiss-U.S. Data Privacy Framework, the Swiss-U.S. DPF Principles require us, in the context of an onward transfer, to have responsibility for the processing of personal data we receive under the Swiss-U.S. DPF and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable under the Principles if our agent processes such personal data in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.”

4. Security

Guidepost Solutions will take reasonable and appropriate measures to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved and the nature of the Personal Data. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot warrant or guarantee its absolute security.

5. Data Integrity, Purpose Limitation and Use

Guidepost Solutions collects and uses Personal Data for the purposes requested by our clients. Guidepost Solutions will retain a copy of Personal Data compiled on behalf of our clients for as long as we need the data to provide services to those clients. We may also retain and use any Personal Data covered by this Swiss Framework Policy as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

6. Access and Correction

Guidepost Solutions recognizes the rights of a person to access Personal Data and to amend that data or request deletion as that right is defined in the Data Privacy Framework Principles. Requests for access may be made to Privacy Contact at the address at the end of this Swiss Framework Policy. If, for example, you are aware that your employer has requested us to conduct an investigation of your background or if you have consented to such an investigation by an individual or company, we suggest that you first direct any requests for access to Personal Data directly to the employer or that individual or company. That company, our client, retains ownership of any Personal Data we have collected on its behalf. We hold the data subject to legal requirements of confidentiality.

7. Recourse, Enforcement and Liability

In compliance with the Swiss-U.S. Data Privacy Framework Principles, Guidepost Solutions commits to resolve complaints about your privacy and our collection or use of your personal data transferred to the United States pursuant to the Swiss-U.S. DPF Principles. Swiss individuals with DPF inquiries or complaints regarding our handling of personal data received in reliance on the Swiss-U.S. DPF should first contact Guidepost Solutions at: privacyframework@guidepostsolutions.com

or to:

Guidepost Solutions LLC
Attn: Chief Privacy Officer Allison Spagnolo
260 Madison Avenue, Third Floor
New York, NY 10016

We will endeavor to respond to any such questions or concerns within forty-five (45) days of receipt, as the Swiss-U.S. Data Privacy Framework Principles require.

Guidepost Solutions has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, which is based in the United States and operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information, see https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Privacy Contact

If you have any requests, concerns or questions under this Swiss-U.S. Data Privacy Framework Policy, please submit them to privacyframework@guidepostsolutions.com

or to:

Guidepost Solutions LLC
Attn: Chief Privacy Officer Allison Spagnolo
260 Madison Avenue, Third Floor
New York, NY 10016
(202) 499-4330

La presente Política de Tratamiento de Datos Personales e Información (en adelante la “Política”), tiene como objetivo implementar las disposiciones contenidas en la Ley 1581 de 2012 y en el Decreto 1074 de 2015, y demás normas relacionadas, en lo que se refiere exclusivamente a las bases de datos, archivos e información que contenga datos personales susceptibles de Tratamiento, y explica como Guidepost Solutions S.A.S. recolecta, almacena, usa, circula y trata información que usted provee a través de distintos medios.

I. DATOS DE CONTACTO DEL RESPONSABLE O ENCARGADO DEL DATO – ÁREA RESPONSABLE DE LA ATENCIÓN DE CONSULTAS, PETICIONES Y RECLAMOS.

Guidepost Solutions S.A.S. es una sociedad por acciones simplificada, legalmente constituida y existente bajo las leyes de la República de Colombia, identificada con NIT. 901.761.534-0, teléfono 6017321278 y con domicilio principal en la CR 11 86 53 OF 1303-2, de la ciudad de Bogotá D.C. (en adelante, el “Responsable del Tratamiento”).

Para efectos de esta Política, el Área Encargada de resolver las peticiones, quejas y reclamos de los titulares de la información es el área administrativa y podrá ser contactada al siguiente correo electrónico: bogadmin@guidepostsolutions.com .

II. TRATAMIENTO DE LOS DATOS Y FINALIDAD

El Responsable del Tratamiento, previa Autorización de los titulares de la información (en caso que esta sea requerida), puede obtener información de personas naturales, visitantes, empleados, aprendices, clientes, potenciales clientes, proveedores y contratistas, según el medio a través del cual éstos proporcionen de forma libre y voluntaria su información personal, según el tipo de relación comercial, contractual y/o legal que exista con el Responsable del Tratamiento. Los tipos de datos personales que recolectamos son datos públicos, semi privados, y no serán recolectados datos sensibles o de menores de edad que no sean públicos, siempre y cuando no exista una Autorización previa y expresa del tutor o representante legal de dicho Menor de Edad.

Los datos personales proporcionados al Responsable del Tratamiento serán recolectados, almacenados, usados, analizados, circulados, actualizados y reportados para las siguientes finalidades: (i) como elemento de análisis para establecer y mantener una relación contractual o comercial, cualquiera que sea su naturaleza, (ii) como elemento de análisis para hacer estudios de mercado o investigaciones comerciales o estadísticas, (iii) como herramienta para el ofrecimiento de productos o servicios propios o de terceros, (iv) como herramienta para el inicio de cualquier cobro prejudicial o judicial, (v) para que la información sea compartida, circulada y usada por otras entidades, dentro y fuera del territorio colombiano, para cualquiera de los fines aquí previstos, (vi) para el adelantamiento de cualquier trámite ante una autoridad pública o una persona o entidad privada, respecto del cual la información resulte pertinente, (vii) para que toda la información referida al comportamiento crediticio, financiero, comercial, de servicios y datos de la misma naturaleza proveniente de terceros países sea consultada, suministrada, reportada, procesada o divulgada, (viii) para efectos de vigilancia y monitoreo de seguridad, (ix) para que la información suministrada sea consultada en listas para la prevención del lavado de activos y financiación del terrorismo, (x) para el cumplimiento de cualquier otra obligación legal a cargo del Responsable del Tratamiento, (xi) para el inicio de cobros prejudiciales o judiciales, (xii) para la remisión de información publicitaria, comercial y de mercadeo, (xiii) para transmitir los datos personales a terceros ubicados fuera de la República de Colombia o dentro de la República de Colombia (esto es, llevar a cabo la cesión nacional) a terceros para cualquiera de las finalidades previstas en la respectiva Autorización, (xiv) para transferir (esto es, llevar a cabo la cesión nacional) la información personal a terceros ubicadas dentro y/o fuera de la República de Colombia, para que usen la información para cualquiera de los fines previstos en la respectiva Autorización, así como a empresas filiales, ubicadas dentro y/o fuera de Colombia para cualquiera de las finalidades indicadas en la respectiva Autorización, o terceros ubicados dentro y/o fuera de la República de Colombia en caso que se lleve a cabo una cesión o transferencia de activos a cualquier título, enajenación global de activos o venta del establecimiento de comercio; (xv) para tramitar peticiones, quejas o reclamos y cualquiera de sus derechos al habeas data; (xvi) para efectos de monitoreo de seguridad y video vigilancia; (xvii) para mejorar la experiencia del usuario en la página web del Responsable; (xviii) y en general, para cualquier otra finalidad establecida en la respectiva autorización para el tratamiento de los datos personales.

Si bien no consideramos que los datos recolectados a través de cookies puestas los sitios web de del Responsable del Tratamiento sean datos personales, se informa que las cookies son fragmentos de información informática que recopilan los sitios web con el fin de personalizar la experiencia de los usuarios que lo visitan. Por lo que, para estos fines, las cookies almacenan cierta información de los visitantes del sitio, que no se relacionan con la persona tras el usuario sino con el dispositivo, usuario o ip que accede al sitio web. con esto, el Responsable del Tratamiento, a través de las cookies de su sitio web, recopila y trata los datos de sus visitantes, que si bien no son personales, serán tratados de acuerdo con esta política de tratamiento de datos si en algún momento pueden llegar a categorizarse como tales.
Existen diferentes tipos de cookies de acuerdo con el tipo de información que se recopila y las finalidades para las que se hace. en la página web de Guidepost Solutions podrá encontrar los siguientes tipos de cookies:

  • Necesarias: las cookies necesarias ayudan a hacer una página web utilizable activando funciones básicas como la navegación en la página y el acceso a áreas seguras de la página web. La página web no puede funcionar adecuadamente sin estas cookies.
  • Preferencias: las cookies de preferencias permiten a la página web recordar información que cambia la forma en que la página se comporta o el aspecto que tiene, como su idioma preferido o la región en la que usted se encuentra.
  • Estadísticas: las cookies estadísticas ayudan a los propietarios de páginas web a comprender cómo interactúan los visitantes con las páginas web reuniendo y proporcionando información de forma anónima.
  • Marketing: las cookies de marketing se utilizan para rastrear a los visitantes en las páginas web. la intención es mostrar anuncios relevantes y atractivos para el usuario individual, y por lo tanto, más valiosos para los editores y terceros anunciantes.

Se hace la salvedad que, ciertas funciones, herramientas o funcionamientos del sitio web sólo operan gracias a la información que recopilan cierto tipo de cookies, por lo que, si estas no son autorizadas por el usuario, puede que no funcione adecuadamente la página web.

III. TRANSFERENCIA Y TRANSMISIÓN DE DATOS PERSONALES

Guidepost Solutions podrá transferir los Datos Personales que recolecta terceros que realicen ubicadas dentro y/o fuera de la República de Colombia, para que usen la información para cualquiera de los fines previstos en la respectiva Autorización, así como a empresas filiales, ubicadas dentro y/o fuera de Colombia para cualquiera de las finalidades indicadas en la respectiva Autorización, o terceros ubicados dentro y/o fuera de la República de Colombia en caso que se lleve a cabo una cesión o transferencia de activos a cualquier título, enajenación global de activos o venta del establecimiento de comercio; así como a entidades legales que la requieran en virtud de un mandato legal, como por ejemplo la Dirección de Impuestos y Aduanas Nacionales –DIAN, así como cualquier tercero ubicado dentro y/fuera de la República de Colombia conforme Guidepost Solutions celebre un contrato de Transferencia con éstos.

IV. DERECHOS DE LOS TITULARES

El titular de los datos personales tiene los siguientes derechos frente al Responsable del Tratamiento:

  1. Conocer, actualizar y rectificar sus datos personales;

  2. Solicitar prueba de la Autorización otorgada;

  3. Ser informado por el Responsable del Tratamiento previa solicitud, respecto del uso que le ha dado a sus datos personales;

  4. Presentar ante la Superintendencia de Industria y Comercio quejas por infracciones a lo dispuesto en la Ley 1581 de 2012 y en el Decreto 1074 de 2015, una vez haya agotado el trámite de consulta o reclamo ante el Responsable del Tratamiento;

  5. Revocar la Autorización y/o solicitar la supresión del dato cuando en el Tratamiento no se respeten los principios, derechos y garantías constitucionales y legales; y

  6. Acceder en forma gratuita a sus datos personales que hayan sido objeto de Tratamiento.

V. PROCEDIMIENTO PARA EJERCER LOS DERECHOS AL HABEAS DATA

Los titulares de la información podrán ejercer los derechos a conocer, actualizar, rectificar, revocar la Autorización mediante el envío de una comunicación a la dirección de correo electrónico y al área indicada en la presente Política. Esta comunicación deberá contener como mínimo lo siguiente:

  1. El nombre, domicilio del titular y medio de contacto para recibir la respuesta como teléfono, correo electrónico, dirección de residencia.

  2. Los documentos que acrediten la identidad o la representación de su representado.

  3. La descripción clara y precisa de los datos personales respecto de los cuales el titular busca ejercer alguno de los derechos.

  4. En caso dado, otros elementos o documentos que faciliten la localización de los datos personales.

Una vez recibida la comunicación por parte del Responsable del Tratamiento, se procederá a dar respuesta dentro de los términos establecidos en la regulación aplicable.

VI. MODIFICACIÓN Y/O ACTUALIZACIÓN DE LA POLÍTICA DE PROTECCIÓN DE DATOS Y MANEJO DE INFORMACIÓN

Cualquier cambio sustancial en las Políticas de Tratamiento, se comunicará de forma oportuna a los titulares de los datos a través de correo electrónico y/o a través de la página de internet: guidepostsolutions.com

VII. VIGENCIA DE LAS POLÍTICAS DE TRATAMIENTO DE INFORMACIÓN PERSONAL Y DE LAS BASES DE DATOS

Los datos que sean recolectados por el Responsable del Tratamiento serán tratados por éste de acuerdo con las finalidades que justificaron el tratamiento, atendiendo a las disposiciones aplicables a la materia de que se trate y a los aspectos administrativos, contables, fiscales, jurídicos e históricos de la información. Una vez cumplida la o las finalidades del tratamiento y sin perjuicio de normas legales que dispongan lo contrario, el Responsable del Tratamiento procederá a la supresión de los datos personales en su posesión. No obstante lo anterior, los datos personales deberán ser conservados cuando así se requiera para el cumplimiento de una obligación legal o contractual.

Las presentes políticas rigen a partir de la fecha de su aprobación, esto es, el día uno (01) de julio de 2024.

InvestigationHotlines