Terms & Privacy

CORPORACION COLEGIO NUEVA GRANADA

PERSONAL DATA PROCESSING POLICY

IN COMPLIANCE WITH STATUTORY LAW 1581 OF 2012


CONTENTS:

  1. PERSONAL DATA CONTROLLER.
  2. SCOPE.
  3. SCOPE OF APPLICATION.
  4. APPLICABLE LEGAL FRAMEWORK.
  5. DEFINITIONS.
  6. GOVERNING PRINCIPLES FOR THE PERSONAL DATA PROCESSING.
  7. RIGHTS AND CONDITIONS OF LEGALITY FOR THE DATA PROCESSING. AUTHORIZATION.
  8. PURPOSES
  9. PERSONAL DATA PROCESSOR.
  10. SENSIBLE DATA PROCESSING.
  11. DATA OF CHILDREN AND ADOLESCENTS.
  12. USE OF COOKIES.
  13. BEHAVIOR OF TALENT MANAGEMENT.
  14. DURATION OF DATA PROCESSING.
  15. INFORMATION SECURITY.
  16. FUNDACION HOGAR NUEVA GRANADA.
  17. ASSOCIATION OF PARENTS OF COLEGIO NUEVA GRANADA.
  18. DELIVERY OF DATA TO AUTHORITIES.
  19. DATA TRANSFER TO THIRD COUNTRIES.
  20. EXERCISE OF THE RIGHT OF PERSONAL DATA HOLDERS. INQUIRES AND CLAIMS.
  21. VALIDITY AND MODIFICATIONS.

CORPORACION COLEGIO NUEVA GRANADA, legal entity identified with NIT 860.006.522-0 undertakes to process the personal data of all its stakeholders in accordance with Law 1581 of 2012 and therefore publishes its Personal Data Processing Policy so that data subjects, processors, competent authorities and interested parties know how to act as CONTROLLER for the personal data it uses for the fulfilment of its corporate purpose.


1. DATA OF THE PERSONAL DATA CONTROLLER.

CORPORACION COLEGIO NUEVA GRANADA
NIT 860,006,522-0
E-mail: PROTECCIONDEDATOS@CNG.EDU
Phone: (571) 212 3511
Address: Carrera 2ª ESTE # 70-20 Bogota, D.C., Colombia

In this document we will refer to the CORPORACION COLEGIO NUEVA GRANADA as the CONTROLLER, the SCHOOL or CNG.

The responsibility of the CORPORACION COLEGIO NUEVA GRANADA extends to its human team: managers, teachers, tutors, academic assistants, advisors, sports coaches, administrative, accounting and financial human team, logistics, security, health personnel, among other employees.


2. SCOPE.

This Policy allows to inform the different groups of users and data subjects the guidelines of the CONTROLLER regarding the processing of their data, taking as priority compliance under privacy, confidentiality and security premises.

These users and holders include administrative employees, teachers, candidates for laborpositions, contractors and mission staff, applicants, students, graduates, former students, active and inactive parents, suppliers, journalists, strategic allies, visitors, among others with an inherent link to the mission of the CORPORACION COLEGIO NUEVA GRANADA.


3. SCOPE OF APPLICATION.

This Personal Data Processing Policy is in compliance with Statutory Law 1581 of 2012, its Sole Regulatory Decree of the Trade Sector 1074 of 2015 (Chapters 25 and 26) and other rules established by the Government of Colombia for respect for the constitutional mandate of habeas data (Articles 15 and 20).


4. APPLICABLE LEGAL FRAMEWORK.

  • Political Constitution of Colombia 1991 Articles 15 and 20.
  • Judgments of the Constitutional Court C-1011 of 2008 and C-748 of 2011.
  • Statutory Law 1581 of 2012.
  • Decree 1377 of 2013
  • Decree 886 of 2014
  • Sole Regulatory Decree of the Trade Sector 1074 of 2015 Chapter 25 and Chapter 26 compiling the previous two.
  • External Circular 01 of November 8, 2016
  • Decree 090 of January 18, 2018

Note: This Policy includes sections of Law 1581 of 2012 and its regulatory decrees for clarity and compliance purposes. The enumeration corresponds to the order of this document and not to that specified in the Law or Decrees.


5. DEFINITIONS.

For the understanding of this Policy it is necessary to understand the definitions set out in Law 1581 of 2012, Article 3:

  • Authorization: Prior, express and informed consent of the holder to carry out the processing of personal data.
  • Database: Organized set of personal data subject to Processing;
  • Personal data: Any information linked or that may be associated with one or several natural persons determined or determinable.
  • Data Processor: Natural or legal person, public or private, who by itself or in association with others, performs the Processing of personal data on assistance of the Data Controller;
  • Data Controller: Natural or legal person, public or private, who by itself or in association with others, decides on the basis of data and/or the processing of data;
  • Holder: Natural person whose personal data is subject to treatment.
  • Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

Definitions of Decree 1074 Chapter 25 Title I Article 2.2.2.25.1.3.:

Privacy Notice. Verbal or written communication generated by the Controller, directed to the owner for the processing of his/her personal data, by means of which he/she is informed about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the processing that is intended to be given to personal data.
Public data. Data that is not semi-private, private or sensitive. Public data are considered, among others, the data related to the marital status of the persons, their profession or occupation and to their status as merchants or public servants. By its nature, public data may be contained in, among others, public records, public documents, gazettes and official bulletins and duly executed judicial sentences which are not subject to confidentiality.
Sensitive data. Sensitive data is defined as that data that affect the privacy of the owner or whose misuse can lead to their discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, trade union, social, human rights organizations membership or that promotes interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data concerning the health, sexual life, and biometric data.
Transfer. The transfer of data takes place when the data Controller and/or the personal data Processor, located in Colombia, sends the information or personal data to a receiver, who in turn is responsible for the processing and is inside or outside the country.
Transmission. Processing of personal data that implies their communication within or outside the territory of the Republic of Colombia when it has the purpose of carrying out aprocessing by the Data Processor on behalf of the Controller.


6. GOVERNING PRINCIPLES FOR THE PERSONAL DATA PROCESSING.

Considering Law 1581 of 2012 in its Title II article 4, these are the principles that govern our actions on Personal Data. In the development, interpretation and application of this law, the following principles shall apply, in a harmonious and comprehensive manner:

Principle of legality regarding data processing: The Processing referred to in this law is a regulated activity that must be subject to the provisions of this law and the other provisions that develop it;

Principle of Purpose: The Processing must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Holder;

Principle of Freedom: The Processing can only be exercised with the prior, express and informed consent of the Holder. Personal data cannot be obtained or disclosed without prior authorization, or in its absence, by legal or judicial mandate that relieves consent.

Principle of truthfulness or quality: The information subject to Processing must be truthful, complete, accurate, up-to-date, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

Principle of Transparency: In the Processing, the right of the Holder to obtain information about the existence of data that concerns him/her from the Data Controller or Processor must be guaranteed, at any time and without restrictions;

Principle of access and restricted circulation: The Processing is subject to the limits arising from the nature of the personal data, the provisions of this law and the Constitution. In this sense, the processing can only be done by people authorized by the holder and/or by the persons provided by law.
Personal data, except for public information, may not be available on the Internet or other means of mass dissemination or communication, unless the access is technically controllable to provide a restricted knowledge only to the holders or authorized third parties.

Principle of Security: The information subject to Processing by the Data Controller or the Processor referred to in this law shall be handled with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access;

Principle of Confidentiality: All persons involved in the Processing of personal data that are not of the nature of public data are obliged to guarantee the reservation of the information, even after the completion of their relationship with any of the tasks included in the Processing, being able to only provide or communicate personal data when this corresponds to the development of the activities authorized in this law and in the terms thereof.


7. RIGHTS AND CONDITIONS OF LEGALITY FOR THE DATA PROCESSING. AUTHORIZATION. Law 1581 of 2012 TITLE IV Articles 8 to 10.

Rights of Holders, the Holder of personal data shall have the following rights:

  • To know, update and rectify your personal data in front of the Data Controller or Data Processor. This right may be exercised, among others, for partial, inaccurate, incomplete, fractioned, misleading data, or those whose Processing is expressly prohibited or has not been authorized;
  • To request proof of the authorization granted to the Data Controller, except when expressly excepted as a requisite for the Processing, in accordance with the provisions of article 10 of this law;
  • To be informed by the Data Controller or Data Processor, upon request, regarding the use that has been given to your personal data;
  • Submit before the Superintendence of Industry and Commerce complaints for infractions to the provisions of this law and the other regulations that modify, add or complement it;
  • Revoke the authorization and/or request the deletion of the data when the processing does not respect the principles, rights and constitutional and legal guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the Processing the Data Controller or Data Processor have incurred in conduct contrary to this law and the Constitution;
  • Free access to your personal data that have been subject to Processing.

AUTHORIZATION of the Holder. Without prejudice to the exceptions provided for in the law, the Processing requires the prior and informed authorization of the Holder, which must be obtained by any means that may be subsequently consulted.

The CORPORACION COLEGIO NUEVA GRANADA may obtain AUTHORIZATION from the Holder of the data by written, electronic, digital means, by biometric, verbal or written acceptance, as well as by unequivocal behaviors. The CONTROLLER must retain the AUTHORIZATION for the purposes required by law.

Likewise, the CONTROLLER may give various processing to the data such as collecting, recording, storing, modifying, sharing, processing, analyzing, encrypting, querying, delivering, transmitting, transferring, deleting, or other actions that may be exercised on personal data according to the AUTHORIZATION and its purposes.

Cases where authorization is NOT required. The authorization of the Holder of the information will not be necessary in the case of:

  • Information required by a public or administrative entity in the exercise of its legal functions or by court order.
  • Data of public nature.
  • Cases of medical or sanitary emergency.
  • Processing of information authorized by law for historical, statistical or scientific purposes.
  • Data related to the Civil Registry of persons.

Anyone who accesses personal data without prior authorization must in any case comply with the provisions contained in this law.
Personal data that are in publicly accessible sources, regardless of the means by which access is available, including data or databases that are available to the public, may be processed by any person provided that, by their nature, they are public data. (Decree 1074 of 2015 Chapter 25 Article 2.2.2.25.2.2.)


8. PURPOSES

The purposes of the Processing will depend on the Type of Data Holder. These are specified in the Authorizations for each group of holders: Parents, legal representatives and guardians; Students, Students of legal age, Administrative employees and teachers, among others.
The purposes have a clear objective according to the type of contract or relationship between the parties, the main ones being labor contracts, enrolment contracts and commercial contracts.

The PURPOSES for which THE SCHOOL will use the data of PARENTS / LEGAL REPRESENTATIVES are identity verification, updating of contact information, communication, payment management, surveys, authorizations for specific activities, monitoring of academic, health, emotional activities, of behavior, among others of the LEARNERS. Also for marketing activities and invitations to participate in cultural, social, sports, entertainment activities, health brigades, billing, tax certifications, social responsibility campaigns and in general to make them participate in all the activities developed by THE SCHOOL that involve the Educational Community. As well as the necessary purposes for the fulfillment of the enrollment contract.

The PURPOSES for which THE SCHOOL will use the LEARNERS data are identity verification, contact information update, enrollment process, face-to-face and virtual academic activities, evaluation based on physical or digital audio-visual evidence, support through the Learning Center, recreational and artistic activities, social responsibility activities, extracurricular activities, academic trips, analysis of their academic performance, analysis of their behavior, development of sports skills and competencies, nutritional care, first aid care and health care, school transportation, security, biometric access control, participation on behalf of THE SCHOOL in local or international activities, communication, publications and audiovisual productions, official reports to the secretariat of education, ICBF, ICFES and other public entities that require regulatory compliance and the contract of enrollment.

In the case of EMPLOYEES, the data will be used to fully comply with the employment contract, which involves aspects of identity verification, updating of contact data, biometric access control, security, communication, surveys, monitoring of work activities, occupational security and health (OSH), physical and mental health care and prevention, food and transportation services, recreational or sports activities, travel scheduling, visa procedures, accommodation, special aid, insurance, performance analysis, for payment of payroll, social benefits and other obligations arising from the employment contract.

It will also use their data for coordination and audiovisual coverage of participation on behalf of the EMPLOYER in local or international activities, communication, publications and audiovisual productions, official reports to public entities for regulatory compliance.

CORPORACIÓN COLEGIO NUEVA GRANADA will use the data of the children of EMPLOYEES to make the affiliations required by law to health services, family compensation fund, visa procedures, among others It could also use them for invitations and audiovisual coverage to entertainment, recreational, artistic, sports activities, among others that it develop for the well-being of its human team.

The PURPOSES of CONTRACTORS and SUPPLIERS are purely for identity verification, biometric access control, security, updating of contact data for communication, payments and tax contributions.

The purposes with the other groups of holders will be those of the nature of the relationship and the minimum data necessary for the fulfillment of the obligations between the parties or to satisfy the communication objective between the parties will be collected.


9. PERSONAL DATA PROCESSOR.

Defined as a natural or legal person, public or private, that by itself or in association with others, carries out the Processing of personal data on behalf of the Data Controller, all DATA PROCESSORS must process data according to Law 1581 of 2012. The CONTROLLER may share personal data with other educational, scientific and sports institutions, with companies or with independent professionals, for educational purposes or with those necessary for the fulfillment of the institutional mission and/or the educational contract.

These entities must comply with Law 1581 of 2012 in Colombia or with the privacy laws of their country. And depending on the purpose of use of the information, these entities will be CONTROLLER or PROCESSOR of the data.

The CONTROLLER will request the PROCESSORS to demonstrate their compliance with Law 1581 of 2012 and will demand the correct processing of the data that share with them.


10. SENSIBLE DATA PROCESSING.

Law 1581 of 2012 (Title III article 5) calls sensitive data those that affect the privacy of the holder or whose misuse can lead to their discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, trade union, social, human rights organizations membership or that promotes interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data concerning the health, sexual life, and biometric data.

The Processing of sensitive data is prohibited (Law 1581 of 2012 Title III article 6), except when:

  • The Holder has given his/her explicit authorization to said Processing, except in cases where by law the granting of said authorization is not required;
  • The Processing is necessary to safeguard the vital interest of the Holder and he/she is physically or legally incapacitated. In these events, the legal representatives must grant their authorization;
  • The Processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or union, provided that they refer exclusively to its members or to people who maintain regular contact by reason of its purpose. In these events, the data may not be provided to third parties without the authorization of the Holder;
  • The Processing refers to data that is necessary for the recognition, exercise or defense of a right in judicial proceedings;
  • Processing for historical, statistical and scientific research purposes. In this event, measures leading to the deletion of the identity of the Holders should be taken.

The CONTROLLER will use SENSITIVE data for health care, video surveillance, for academic activities such as counseling, academic use on digital platforms, virtual classes, video recording, voice or images of academic, artistic and sports activities, among others; use of work and in corporate communications through telework, work from home, videoconferences, virtual assemblies, Occupational Safety and Health -OSH-, digital communication, among other resources and media.

The processing of this sensitive data is indispensable for the purposes established in the labor, enrolment, services, commercial and other contracts required to fulfill the business mission and is done with full respect for the current regulations of Protection of Personal Data.

USE OF DATA FOR HEALTH PREVENTION AND BIOSAFETY STANDARDS. Faced with the Covid-19 Pandemic, the government and its health authorities have established various decrees that oblige the DATA CONTROLLER and their personal data PROCESSORS, to collect health data for purposes such as prevention of contagion, medical care, decision making of assistance to the workplace, authorization of economic reactivation and statistics for the purposes of Occupational Health and Safety campaigns -OHS-, among others. These data will be processed under the required human and technological security measures and were used exclusively for these purposes.

CCTV. The CONTROLLER uses Closed Circuit Television CCTV as a security tool to protect the educational community, its facilities and its assets. It also uses it as a control and verification tool to reveal activities that contravene the CNG Community Handbook, in such a way that it is useful for conflict resolution, coexistence or disciplinary matters. The recordings and images produced by the CCTV may be delivered to third parties outside the EMPLOYER upon presentation of an order from a judicial or administrative authority.


11. DATA OF CHILDREN AND ADOLESCENTS.

The handling of data of minors is inherent to our corporate purpose as an educational entity, therefore we respect their fundamental rights, we treat their personal data with the required security measures and we have the authorization of their parents and/or legal representatives who may exercise on behalf of their children or represented the rights they have over their data.

Special requirements for the personal data processing of children and adolescents. According to Decree 1074 of 2015, ARTICLE 2.2.2.25.2.9, the Processing of personal data of children and adolescents is prohibited, except when it concerns data of a public nature, in accordance with the provisions of Article 7 of the Law. 1581 of 2012 and when said Treatment meets the following parameters and requirements:

  1. That responds to and respects the best interests of children and adolescents.
  2. That respect of their fundamental rights is ensured.

Once the above requirements have been fulfilled, the legal representative of the child or adolescent will grant the authorization prior to the exercise of the minor's right to be heard, an opinion that will be valued taking into account the maturity, autonomy and ability to understand the matter.

Every Data Controller and Data Processor involved in the processing of the personal data of children and adolescents, must ensure their proper use. For this purpose, the principles and obligations established in Law 1581 of 2012 must be applied.


12. USE OF COOKIES.

Our websites may use cookies to collect visitor data. Cookies can be mandatory or functional. The mandatory cookies allow the use of the services of the websites, which is why they can remember the access data. Functional cookies allow the use of complementary tools such as access preferences, chats, preferred settings, most visited pages, information for statistics, among others that allow us to optimize the use of our websites.


13. BEHAVIOR OF TALENT MANAGEMENT.

For the development of their work, EMPLOYEES must handle data of students, parents or legal representatives, student candidates, job candidates, data of other employees or former employees, data of suppliers, of colleagues from other institutions, among other holders of data, therefore they commit to the responsible and confidential use of these data respecting Law 1581 of 2012 and understanding that their faults may lead them to be subject to disciplinary sanctions by the EMPLOYER or even expose themselves to investigations and sanctions by the Superintendence of Industry and Commerce.


14. DURATION OF DATA PROCESSING.

The personal data provided by the Holders will be kept for the fulfillment of the purposes according to different factors, among them: the time foreseen for the fulfillment required by the Law according to the current regulations in labor, educational or commercial matters, by contractual obligation, by requirement accounting and tax, by legal processes, by quality standards, by good business practices or other standards or practices indicated in the Authorization.


15. INFORMATION SECURITY.

The COTROLLER has created its Information Security Policy in which it establishes the human, process and technological measures to be implemented to protect personal data from unauthorized processes such as use, changes, copies or elimination, among others that affect the integrity of the data.

The CONTROLLER may use information encryption tools, access to information according to the position and responsibilities, use of access codes to information systems, backup copies, secure software development and implementation practices.

Likewise, from the Personal Data Protection area, training is carried out for Talent Management and an organizational culture framed in respect and responsibility in the use of personal data is promoted. Prevention and security measures are subject to continuous strengthening.


16. FUNDACION HOGAR NUEVA GRANADA.

Since the Fundación Hogar Nueva Granada is the social responsibility project of the CORPORACIÓN COLEGIO NUEVA GRANADA and is an indispensable means to fulfill its vision regarding the formation of character and the development of leadership and service, as well as the strengthening of The values of the Community, parents, legal representatives, guardians, students, graduates, administrative employees and teachers, among other holders related to the CONTROLLER, authorize the delivery of their personal contact information to the Fundación Hogar Nueva Granada so that it can be report of recreational, academic, sports, artistic activities, social works, among others; Share invitations to events, marketing and informational materials, and invitations to link with donations. When attending these activities, the holder may be photographed for the purposes of registration and disclosure of the Foundation.


17. ASSOCIATION OF PARENTS OF COLEGIO NUEVA GRANADA.

The CORPORACION COLEGIO NUEVA GRANADA may deliver basic data of Holders to the ASSOCIATION OF PARENTS OF COLEGIO NUEVA GRANADA - ASOPADRES - CNG, for the pertinent purposes established in the Statutes that govern the Association for educational, cultural, scientific purposes and recreational activities that strengthen integral education, the well-being of the students and in general that support the fulfillment of the vision, mission and philosophy of the College.


18. DELIVERY OF DATA TO AUTHORITIES.

If a public or administrative authority in the exercise of its legal functions or with a court order requests that the data CONTROLLER provide personal data of its holders, it must deliver them, since Law 1581 of 2012 in Article 10 indicates that these authorities do not require authorization. That is why the CONTROLLER must deliver data to the Ministry of Education, ICBF, ICFES, among other competent authorities.

Previously, it will be verified that the request from the authority is in accordance with the purpose indicated. In certain cases, a data delivery certificate will be made where the details of the request and the commitment of the receiving entity with the protection of the data provided will be established, in the terms required by Law 1581 of 2012.


19. DATA TRANSFER TO THIRD COUNTRIES.

According to Law 1581 of 2012, TITLE VIII Article 26. The transfer of personal data of any kind to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendence of Industry and Commerce on the matter, which in no case may be lower than those that this law requires of its recipients.

This prohibition will not apply when it comes to:

  • Information for which the Holder has granted his express and unequivocal authorization for the transfer;
  • Exchange of medical data, when required by the Holder's Treatment for health or public hygiene reasons;
  • Bank or stock transfers, in accordance with the applicable legislation;
  • Transfers agreed in the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity;
  • Transfers necessary for the execution of a contract between the Holder and the Data Controller, or for the execution of pre-contractual measures as long as the Holder's authorization is obtained;
  • Transfers legally required to safeguard the public interest, or for the recognition, exercise or defense of a right in a judicial process.

These provisions will be applicable to all personal data, including those contemplated in Law 1266 of 2008.


20. EXERCISE OF THE RIGHT OF PERSONAL DATA HOLDERS.

Holders of personal data can exercise their rights to know, update or rectify their Personal Data, as well as to make a claim if they consider that their data has not been processed according to Law 1581 of 2012.

The Holder can make inquiries or claims for Personal Data Protection by sending an email to PROTECCIONDEDATOS@CNG.EDU addressed to Eliana Salgado, Personal Data Protection Officer of CORPORACIÓN COLEGIO NUEVA GRANADA.

In the subject of the email you must indicate the right you wish to exercise, for example: "Personal data correction." Be sure to detail your query or claim and attach the documents that support your request.

Requirements to submit inquiries or claims:

  • If you are a student or employee, we ask that you make your inquiry or complaint using your corporate email account (…@cng.edu)
  • Identification of the Personal Data Holder or of the person who is submitting the query or claim: names, surnames, type and number of identity document, link between the applicant and the Holder if the person consulting or claiming is not the Data Holder (For example, Parents or legal representative).
  • Indicate clearly in the subject and in the message the reason for the inquiry or complaint.
  • Detail the request and, if applicable, attach supporting and validation documents.
  • Register contact information where you expect the answer: e-mail or physical address.
  • Register at least one contact phone number.

If you have an urgent case and need to contact the School's Data Protection Officer, you can do so via WhatsApp at (+57) 317 635 2552. It should be noted that the formal query or claim and the response must be registered via email.

You can also make your inquiry or claim by physical mail addressed to: "CNG Data Protection Officer" to the address: CR 2ª ESTE # 70-20 Bogota, D.C., Colombia

INQUIRIES:

The query will be answered within a maximum term of ten (10) business days from the date of receipt. In the event that it is not possible for us to attend the query in this term, we will inform the Holder who made the request, stating the reasons for the delay and indicating the date on which the query will be attended, which in no case may exceed five (5) business days following the expiration of the first term in accordance with the provisions of article 14 of Law 1581 of 2012.

CLAIMS:

As established by Law 1581 of 2012 in its Article 15, the Holder or his/her successors in title who consider that the information contained in a database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in this law, they may file a claim with the Treatment Manager or the Treatment Manager which will be processed under the following rules:

  1. The claim will be formulated by request addressed to the Data Controller or Data Processor, with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents that you want to assert.
    If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the request, without the holder submitting the required information, it shall be understood that the claim has been abandoned.
    In the event that whoever receives the claim is not competent to resolve it, he/she will send transfer to the corresponding person within a maximum term of two (2) business days and will inform the interested party of the situation.
  2. Once the complete claim is received, a legend will be included in the database that says "claim in process" and the reason for it, in a term no longer than two (2) business days. This legend must be maintained until the claim is decided.
  3. The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be attended, which in no case may exceed eight (8) business days following the expiration of the first term.

PROCEDUAL REQUIREMENT.

According to Article 16 of Law 1581 of 2012, the Holder or successor may only file a complaint with the Superintendence of Industry and Commerce once the query or claim process has been exhausted before the Data Controller or Data Processor.


21. VALIDITY AND MODIFICATIONS.

This Policy is effective as of June 2020 and replaces the previous one. The Personal Data Protection Team may make modifications in order to optimize its content or to adjust to regulatory developments.

CORPORACIÓN COLEGIO NUEVA GRANADA reserves the right to modify this Policy at any time without prior notice. The Data Holders will be informed when changes are made to the data of the CONTROLLER, in the purposes of using the data, or in other points that constitute substantial changes to the Policy.

The current version will be available on the CORPORACIÓN COLEGIO NUEVA GRANADA website www.cng.edu